"onion router"

What happened when we got subpoenaed over our Tor exit node

We've run a Tor exit-node for years. In June, we got the nightmare Tor operator scenario: a federal subpoena (don't worry, it ended surprisingly well!)

The Tor Project is hiring a new executive director

So, an EFF activist gig isn't for you and neither is deputy director of the Free Software Foundation: how about executive director of the Tor Project, which maintains The Onion Router, a crucial piece of anonymity and privacy technology? Read the rest

Which crowdfunded privacy routers are worthy of your trust?

After the spectacular rise and fall of Anonabox, a kickstarted $45 router that was supposed to protect your privacy but had its campaign yanked for not being entirely forthright with backers, a spate of shady, silly, and even serious projects have sprung up to fill the demand that Anonabox's $615,000 Kickstarter near-win demonstrated. Read the rest

Honorable spies anonymously leak NSA/GHCQ-discovered flaws in Tor

Andrew Lewman, head of operations for The Onion Router (TOR), an anonymity and privacy tool that is particularly loathed by the spy agencies' capos, credits Tor's anonymous bug-reporting system for giving spies a safe way to report bugs in Tor that would otherwise be weaponized to attack Tor's users. Read the rest

If you read Boing Boing, the NSA considers you a target for deep surveillance

The NSA says it only banks the communications of "targeted" individuals. Guess what? If you follow a search-engine link to Boing Boing's articles about Tor and Tails, you've been targeted. Cory Doctorow digs into Xkeyscore and the NSA's deep packet inspection rules.

Seven things you should know about Tor

Tor (The Onion Router) is a military-grade, secure tool for increasing the privacy and anonymity of your communications; but it's been the subject of plenty of fear, uncertainty and doubt.

The Electronic Frontier Foundation's 7 Things You Should Know About Tor debunks some of the most common myths about the service (which even the NSA can't break) and raises some important points about Tor's limitations.

7 Things You Should Know About Tor [Cooper Quintin/EFF] Read the rest

Against the instrumental argument for surveillance

In my latest Guardian column, 'Cybersecurity' begins with integrity, not surveillance, I try to make sense of the argument against surveillance. Is mass surveillance bad because it doesn't catch "bad guys" or because it is immoral? There's a parallel to torture -- even if you can find places where torture would work to get you some useful information, it would still be immoral. Likewise, I've come to realize that the "it doesn't work" argument isn't one that I want to support anymore, because even if mass surveillance did work, it would still be bad.

One thing that parenting has taught me is that surveillance and experimentation are hard to reconcile. My daughter is learning, and learning often consists of making mistakes constructively. There are times when she is working right at the limits of her abilities – drawing or dancing or writing or singing or building – and she catches me watching her and gets this look of mingled embarrassment and exasperation, and then she changes back to some task where she has more mastery. No one – not even a small child – likes to look foolish in front of other people.

Putting whole populations – the whole human species – under continuous, total surveillance is a profoundly immoral act, no matter whether it works or not. There no longer is a meaningful distinction between the digital world and the physical world. Your public transit rides, your love notes, your working notes and your letters home from your journeys are now part of the global mesh of electronic communications.

Read the rest

NSA and UK intel agency GCHQ target online anonymity tool Tor, according to leaked Snowden documents

Despite the fact that online anonymity tool Tor was developed with US government funds, the NSA really does not like Tor.

Top-secret documents leaked to the Guardian by former US intelligence contractor Edward Snowden reveal details of repeated attempts by the US and UK governments to crack Tor, the "onion router" that was originally funded in by the US government, and used widely by dissidents and activists around the world. Tor's core network security remains intact, but the NSA has had some success attacking users' computers, according to the report.

Who uses Tor? According to one of the slides in the leaked presentations, "Terrorists!" The NSA is fond of the generous use of exclamation points in these things. Read the rest

Great Firewall of China nukes VPNs on sight

A new rev of the Great Firewall of China seeks out VPN connections (including, I assume, connections over The Onion Router) and terminates them. Only companies who register official VPNs with the Chinese government will be able to run them without interference. Registration is only available to Chinese companies, and I'll bet it involves escrowing your keys with the Chinese net-cops so they can spy on it.

Users in China suspected in May 2011 that the government there was trying to disrupt VPN use, and now VPN providers have begun to notice the effects.

Astrill, a VPN provider for users inside and outside China, has emailed its users to warn them that the "Great Firewall" system is blocking at least four of the common protocols used by VPNs, which means that they don't function. "This GFW update makes a lot of harm to business in China," the email says. "We believe [the] China censorship minister is a smart man … and this blockage will be removed and things will go back to normal."

But the company added that trying to stay ahead of the censors is a "cat-and-mouse game" – although it is working on a new system that it hopes will let it stay ahead of the detection system.

China tightens 'Great Firewall' internet control with new technology [Charles Arthur/The Guardian] Read the rest

TOR is hiring

Runa from The Onion Router -- a privacy and anti-censorship tool used around the world -- writes, "We are looking for another dedicated core developer to join our team. Your job would be to work on all aspects of the main Tor network daemon and other open-source software. This would be a contractor position for 2012 (starting as soon as you're ready and with plenty of work to keep you busy), with the possibility of 2013 and beyond. Please see the website for details and information on how to apply." Read the rest

Copyrights vs Human Rights: big publishing and SOPA

My latest Publishers Weekly column is "Copyrights vs. Human Rights." In honor of Human Rights Day on Dec 10, I've written a piece on publishing's shameful support of SOPA, a law that will punish the online services that are so key to coordinating and publicizing human rights struggles around the world.

The U.N. characterizes access to the Internet as a human right, and government research in the U.K. and in the U.S. shows the enormous humanitarian benefits of network access for poor and vulnerable families: better nutrition, education, and jobs; more social mobility and opportunity; and civic and political engagement. Yet the services that provide the bulk of these benefits—search engines, Web hosts, and online service providers like Blogger, Tumblr, Twitter, Wikipedia, and YouTube—could never satisfy the requirements set out in SOPA. The only way for these platforms to satisfy SOPA would be to all but shut off the public’s ability to contribute and to throttle free expression for all but those entities that can afford to pay a lawyer to certify that their uploaded material will not attract a copyright complaint.

Another group of important entities that could never satisfy SOPA are the civic-minded hackers and security researchers scrambling to improve the Internet’s Domain Name System (DNS). In 2011, the DNS was attacked several times, including a breach attributed to the Iranian secret police, which used forged certificates to allow them to impersonate governments, banks, and online e-mail providers like Gmail and Hotmail. If passed, SOPA would ban the production or dissemination of tools that could subvert its blocks, and that would include tools the world’s technologists are creating specifically to help defeat government censorship and surveillance.

Read the rest

Iran blocks TOR, TOR unblocks itself later that day

On September 13th, the Iranian government began blocking The Onion Router (TOR), a system for evading network censorship. On September 14th, the TOR project changed its code so that it wasn't blocked anymore.

Yesterday morning (in our timezones — that evening, in Iran), Iran added a filter rule to their border routers that recognized Tor traffic and blocked it. Thanks to help from a variety of friends around the world, we quickly discovered how they were blocking it and released a new version of Tor that isn't blocked. Fortunately, the fix is on the relay side: that means once enough relays and bridges upgrade, the many tens of thousands of Tor users in Iran will resume being able to reach the Tor network, without needing to change their software.

How did the filter work technically? Tor tries to make its traffic look like a web browser talking to an https web server, but if you look carefully enough you can tell some differences. In this case, the characteristic of Tor's SSL handshake they looked at was the expiry time for our SSL session certificates: we rotate the session certificates every two hours, whereas normal SSL certificates you get from a certificate authority typically last a year or more. The fix was to simply write a larger expiration time on the certificates, so our certs have more plausible expiry times.

(via Schneier) Read the rest

RIP, Len Sassaman: cypherpunk and anonymity hacker

GuidoDavid sez, "Len Sassaman, a cryptographer, activist and biopunk died yesterday, he lost the battle against depression in Leuven, Belgium. He is survived by his widow, Meredith L. Patterson, also a hacker and biopunk. His work and actions inspired me and shaped the world we live in, as he was active during the Crypto Wars and designed and wrote anonymizing tools. He will be missed, but I hope that his legacy will go on and I am certain he will continue inspiring our efforts."
An obituary posted on Facebook by Sassaman's friend and fellow hacker Pablos Holman recounted the pair's early work on crypto-systems after they met in 1999.

"We were reimagining our world, riddled with cryptosystems that would mathematically enforce the freedoms that we treasured. Anonymous remailers to preserve speech without fear of retribution; onion routers to ensure nobody could censor the internet; digital cash to enable a radically free economy."

While much of their work was an academic "geek utopia exercise", Sassaman liked to "get his hands dirty", which led to numerous visits from Federal agencies over remailer abuse, according to Holman: "Len, you are, in fact, an inspiration to those of us who inspired you. You made something great of your life. You left a lot behind for us. Thanks for letting me be a part of it all."

Young cryptographer ends own life (Thanks, GuidoDavid.)

(Image: Codecon 2006, a Creative Commons Attribution Share-Alike (2.0) image from ioerror's photostream) Read the rest

HTTPS Everywhere: Firefox plugin that switches on crypto whenever it's available

The Electronic Frontier Foundation and The Onion Router (TOR) project have teamed up to release a new privacy-enhancing Firefox plugin called HTTPS Everywhere. It was inspired by Google's new encrypted search engine, and it ensures that whenever you visit a site that accepts encrypted connections, your browser switches into encrypted mode, hiding your traffic from snoops on your local network and at your ISP. HTTPS Everywhere covers Google search, Wikipedia, Twitter, Identi.ca, Facebook, EFF, Tor, Scroogle, DuckDuckGo, Ixquick and other smaller search engines. It's still in beta (what isn't?) but I've been running it all morning with no negative side effects.

Encrypt the Web with the HTTPS Everywhere Firefox Extension (Thanks, Hugh!) Psiphon: critique from a crypto community member EFF, AT&T and Google all on the same side of this privacy fight ... What will happen to your crypto-keys when you die? Pirate Bay offering crypto tools to fight Swedish spying laws ... Scalia Scoffs at Calls for More Data Privacy Protection, Students ... Talking About AT&T's Internet Filtering on AT&T's The Hugh ... HOWTO protect your online privacy now that the Senate repealed the ... HOWTO use TOR to enhance your privacy Ada Lovelace Day hero: Cindy Cohn Read the rest

TOR for Android: anonymize your phone's data-connection

TOR (The Onion Router, a technology for bouncing your traffic all over the net so that your ISP can't spy on you) is now available for Android phones. Just take a picture of the QR code on the right with your Barcode Scanner or Goggles app to install it.

Tor on Android (via O'Reilly Radar) Previously:HOWTO use TOR to enhance your privacy HOWTO Use TOR to protect yourself from censorship and snooping ... Intro to TOR: how you can be an anti-censorship activist in your ... EFF and TOR in Google's Summer of Code! Read the rest

Student programmers: Get paid to hack liberty-enhancing code with EFF this summer!

The Electronic Frontier Foundation is looking for student programmers to do paid work on various liberty-enhancing technologies this summer, paid for by Google, through its excellent Summer of Code project. This summer, there's funding for programmers to work on TOR (The Onion Router -- a system for evading censorwalls and enhancing online privacy by bouncing your traffic through several volunteers' computers), TOSBack (tracking changes to the terms of service of the Internet's most popular websites), OurVoteLive (tracking problems in elections with US polling places and voting machines) and Switzerland (a passive IP-layer network neutrality testing system).

Previous Summer of Code workers have had wonderful experiences working with EFF (as a former employee, I can testify to what a great workplace it is). Not only do you get to do paid, meaningful work, but you get to do it surrounded by some of the most astute, passionate and clever people in the technology world. For the right student, this is the chance of a lifetime.

Work With EFF and TOR for Google's Summer of Code Previously:EFF helping produce anonymizing software Intro to TOR: how you can be an anti-censorship activist in your ... Run a TOR node, help Iranians and others keep their privacy ... TOR: German police are *not* cracking down on Tor. EFF public meeting on anonymizing software in San Fran next Tues ... EFF releases Net Neutrality detector software TOSBack: EFF's real-time tracker for changes in terms of service ... EFF sets sights on abusive EULAs Tracking e-voting dangers: I VOTED? Read the rest

Intro to TOR: how you can be an anti-censorship activist in your sleep

Here's a nice little introductory article on TOR, The Onion Router, a privacy-enhancing technology that helps you to circumvent national, corporate and school firewalls and enhance your anonymity. Originally developed by the US military to help communications get in and out of countries that heavily filter their networks, TOR is free/open software and is maintained by many volunteers around the world, including the Electronic Frontier Foundation.

TOR works by passing your traffic through several (theoretically) unrelated computers all over the Internet, using cryptography to keep the origin, destination, and intermediary steps secret from each computer it passes through.

You can run TOR on your own computers and they'll become part of this array of intermediary hosts all over the net, making your network connection into a tool for privacy and free access to information.

Bill McGonigle, of Lebanon, New Hampshire, decided to become a Tor volunteer when he learned that people in Iran were protesting the results of their June Presidential election. They were using the Internet to organize their meetings. The Iranian government was trying to censor their messages to one another. "I have a soft-spot for people trying to gain liberty for themselves," he wrote in an email, "especially against tyrannical regimes. It became known that they were using Tor to get around the censorship, so at that point I put up a relay....The people I'd like to help are those living under violence-based oppression, most commonly orchestrated by dangerous and corrupt individuals posing as legitimate governments. I'd like to see an end to oppression wherever it exists."
Volunteer Your Computer for Global Privacy (Thanks, Rhona! Read the rest

Next page