After the spectacular rise and fall of Anonabox, a kickstarted $45 router that was supposed to protect your privacy but had its campaign yanked for not being entirely forthright with backers, a spate of shady, silly, and even serious projects have sprung up to fill the demand that Anonabox's $615,000 Kickstarter near-win demonstrated. Read the rest
Andrew Lewman, head of operations for The Onion Router (TOR), an anonymity and privacy tool that is particularly loathed by the spy agencies' capos, credits Tor's anonymous bug-reporting system for giving spies a safe way to report bugs in Tor that would otherwise be weaponized to attack Tor's users. Read the rest
Tor (The Onion Router) is a military-grade, secure tool for increasing the privacy and anonymity of your communications; but it's been the subject of plenty of fear, uncertainty and doubt.
The Electronic Frontier Foundation's 7 Things You Should Know About Tor debunks some of the most common myths about the service (which even the NSA can't break) and raises some important points about Tor's limitations.
In my latest Guardian column, 'Cybersecurity' begins with integrity, not surveillance, I try to make sense of the argument against surveillance. Is mass surveillance bad because it doesn't catch "bad guys" or because it is immoral? There's a parallel to torture -- even if you can find places where torture would work to get you some useful information, it would still be immoral. Likewise, I've come to realize that the "it doesn't work" argument isn't one that I want to support anymore, because even if mass surveillance did work, it would still be bad.
Read the rest
One thing that parenting has taught me is that surveillance and experimentation are hard to reconcile. My daughter is learning, and learning often consists of making mistakes constructively. There are times when she is working right at the limits of her abilities – drawing or dancing or writing or singing or building – and she catches me watching her and gets this look of mingled embarrassment and exasperation, and then she changes back to some task where she has more mastery. No one – not even a small child – likes to look foolish in front of other people.
Putting whole populations – the whole human species – under continuous, total surveillance is a profoundly immoral act, no matter whether it works or not. There no longer is a meaningful distinction between the digital world and the physical world. Your public transit rides, your love notes, your working notes and your letters home from your journeys are now part of the global mesh of electronic communications.
Top-secret documents leaked to the Guardian by former US intelligence contractor Edward Snowden reveal details of repeated attempts by the US and UK governments to crack Tor, the "onion router" that was originally funded in by the US government, and used widely by dissidents and activists around the world. Tor's core network security remains intact, but the NSA has had some success attacking users' computers, according to the report.
A new rev of the Great Firewall of China seeks out VPN connections (including, I assume, connections over The Onion Router) and terminates them. Only companies who register official VPNs with the Chinese government will be able to run them without interference. Registration is only available to Chinese companies, and I'll bet it involves escrowing your keys with the Chinese net-cops so they can spy on it.
Users in China suspected in May 2011 that the government there was trying to disrupt VPN use, and now VPN providers have begun to notice the effects.
Astrill, a VPN provider for users inside and outside China, has emailed its users to warn them that the "Great Firewall" system is blocking at least four of the common protocols used by VPNs, which means that they don't function. "This GFW update makes a lot of harm to business in China," the email says. "We believe [the] China censorship minister is a smart man … and this blockage will be removed and things will go back to normal."
But the company added that trying to stay ahead of the censors is a "cat-and-mouse game" – although it is working on a new system that it hopes will let it stay ahead of the detection system.
My latest Publishers Weekly column is "Copyrights vs. Human Rights." In honor of Human Rights Day on Dec 10, I've written a piece on publishing's shameful support of SOPA, a law that will punish the online services that are so key to coordinating and publicizing human rights struggles around the world.
Read the rest
The U.N. characterizes access to the Internet as a human right, and government research in the U.K. and in the U.S. shows the enormous humanitarian benefits of network access for poor and vulnerable families: better nutrition, education, and jobs; more social mobility and opportunity; and civic and political engagement. Yet the services that provide the bulk of these benefits—search engines, Web hosts, and online service providers like Blogger, Tumblr, Twitter, Wikipedia, and YouTube—could never satisfy the requirements set out in SOPA. The only way for these platforms to satisfy SOPA would be to all but shut off the public’s ability to contribute and to throttle free expression for all but those entities that can afford to pay a lawyer to certify that their uploaded material will not attract a copyright complaint.
Another group of important entities that could never satisfy SOPA are the civic-minded hackers and security researchers scrambling to improve the Internet’s Domain Name System (DNS). In 2011, the DNS was attacked several times, including a breach attributed to the Iranian secret police, which used forged certificates to allow them to impersonate governments, banks, and online e-mail providers like Gmail and Hotmail. If passed, SOPA would ban the production or dissemination of tools that could subvert its blocks, and that would include tools the world’s technologists are creating specifically to help defeat government censorship and surveillance.
On September 13th, the Iranian government began blocking The Onion Router (TOR), a system for evading network censorship. On September 14th, the TOR project changed its code so that it wasn't blocked anymore.
Yesterday morning (in our timezones — that evening, in Iran), Iran added a filter rule to their border routers that recognized Tor traffic and blocked it. Thanks to help from a variety of friends around the world, we quickly discovered how they were blocking it and released a new version of Tor that isn't blocked. Fortunately, the fix is on the relay side: that means once enough relays and bridges upgrade, the many tens of thousands of Tor users in Iran will resume being able to reach the Tor network, without needing to change their software.(via Schneier) Read the rest
How did the filter work technically? Tor tries to make its traffic look like a web browser talking to an https web server, but if you look carefully enough you can tell some differences. In this case, the characteristic of Tor's SSL handshake they looked at was the expiry time for our SSL session certificates: we rotate the session certificates every two hours, whereas normal SSL certificates you get from a certificate authority typically last a year or more. The fix was to simply write a larger expiration time on the certificates, so our certs have more plausible expiry times.
An obituary posted on Facebook by Sassaman's friend and fellow hacker Pablos Holman recounted the pair's early work on crypto-systems after they met in 1999.Young cryptographer ends own life (Thanks, GuidoDavid.)
"We were reimagining our world, riddled with cryptosystems that would mathematically enforce the freedoms that we treasured. Anonymous remailers to preserve speech without fear of retribution; onion routers to ensure nobody could censor the internet; digital cash to enable a radically free economy."
While much of their work was an academic "geek utopia exercise", Sassaman liked to "get his hands dirty", which led to numerous visits from Federal agencies over remailer abuse, according to Holman: "Len, you are, in fact, an inspiration to those of us who inspired you. You made something great of your life. You left a lot behind for us. Thanks for letting me be a part of it all."
Encrypt the Web with the HTTPS Everywhere Firefox Extension (Thanks, Hugh!) Psiphon: critique from a crypto community member EFF, AT&T and Google all on the same side of this privacy fight ... What will happen to your crypto-keys when you die? Pirate Bay offering crypto tools to fight Swedish spying laws ... Scalia Scoffs at Calls for More Data Privacy Protection, Students ... Talking About AT&T's Internet Filtering on AT&T's The Hugh ... HOWTO protect your online privacy now that the Senate repealed the ... HOWTO use TOR to enhance your privacy Ada Lovelace Day hero: Cindy Cohn Read the rest
Tor on Android (via O'Reilly Radar) Previously:HOWTO use TOR to enhance your privacy HOWTO Use TOR to protect yourself from censorship and snooping ... Intro to TOR: how you can be an anti-censorship activist in your ... EFF and TOR in Google's Summer of Code! Read the rest
Previous Summer of Code workers have had wonderful experiences working with EFF (as a former employee, I can testify to what a great workplace it is). Not only do you get to do paid, meaningful work, but you get to do it surrounded by some of the most astute, passionate and clever people in the technology world. For the right student, this is the chance of a lifetime.
Work With EFF and TOR for Google's Summer of Code Previously:EFF helping produce anonymizing software Intro to TOR: how you can be an anti-censorship activist in your ... Run a TOR node, help Iranians and others keep their privacy ... TOR: German police are *not* cracking down on Tor. EFF public meeting on anonymizing software in San Fran next Tues ... EFF releases Net Neutrality detector software TOSBack: EFF's real-time tracker for changes in terms of service ... EFF sets sights on abusive EULAs Tracking e-voting dangers: I VOTED? Read the rest