Submit a link Features Reviews Podcasts Video Forums More ▾

FBI tells net cafe owners that TOR users might be terrorists

Icecube sez, "Are you concerned about your online privacy? Do you shield your laptop from view of others? Do you use various means of hiding your IP address? Do you use any encryption at all like PGP? That means you are probably a terrorist according to the FBI. These are just some of the activities that are suggested indicators of terrorism according to a flyer being distributed entitled 'Communities Against Terrorism' You can find a PDF version here entitled 'Internet Cafes'" Cory

Judge: to ask for anonymity in porno copyright troll case, you must enter your name into the public record

Hard Drive Productions is a pornographer that has switched business models, shifting its focus from making dirty movies to making sleazy lawsuits. It collected IP addresses of people who were supposedly downloading its movies over BitTorrent, then sent their ISPS legal demands to reveal their names. The next step would be demanding cash settlements from the named persons, threatening to name them in embarrassing lawsuits if they didn't pay up. Many of the victims of the sloppy data-gathering methodology have protested their innocence, but would like to remain anonymous in the court record, rather than having their names associated in a public document about pornography consumption.

Unfortunately the federal court judge in the case has ruled that in order to request anonymity, the 1495 defendants will have to have their names entered into the public record. The Electronic Frontier Foundation has asked the judge to reconsider.

The case is one of a growing number of mass copyright lawsuits that do not appear to be filed with any intention of litigating them. Instead, once identities of suspected infringers are obtained from ISPs, the plaintiffs send settlement letters offering to make the lawsuit go away for a few thousand dollars. A ruling on whether a film company may obtain identities of anonymous Internet users may be the last chance for defendants to be heard by the court.

EFF's brief explains both the speech implications of the ruling and the importance of the court rules that protect defendants, given the numerous ways these mass lawsuits violate due process.

"All that the plaintiffs need here to pursue their settlement shake-down scheme is the identity of the anonymous defendants," said EFF Intellectual Property Director Corynne McSherry. "These defendants have a First Amendment right to argue for their anonymity without the court forcing them to moot that argument from the start. We're asking for these motions to quash to go forward without requiring them to be unsealed, and we're also asking the court to throw this case out given the basic due process flaws."

EFF Asks Judge to Prevent ‘Catch-22’ in Porn-Downloading Lawsuit

State of Adversarial Stylometry: can you change your prose-style?

Today at the Chaos Computer Congress in Berlin (28C3), Sadia Afroz and Michael Brennan presented a talk called "Deceiving Authorship Detection," about research from Drexel College on "Adversarial Stylometry," the practice of identifying the authors of texts who don't want to be identified, and the process of evading detection. Stylometry has made great and well-publicized advances in recent years (and it made the news with scandals like "Gay Girl in Damascus"), but typically this has been against authors who have not taken active, computer-assisted countermeasures at disguising their distinctive "voice" in prose.

As part of the presentation, the Drexel Team released Anonymouth, a free/open tool that partially automates the process of evading authorship detection. The tool is still a rough alpha, and it requires human intervention to oversee the texts it produces, but it is still an exciting move in adversarial stylometry tools. Accompanying the release are large corpuses of test data of deceptive and non-deceptive texts.

Stylometry has been cited by knowledgeable critics as proof of the pointlessness of the Nym Wars: why argue for the right to be anonymous or pseudonymous on Google Plus or Facebook when stylometry will de-anonymize you anyway? I've been suspect of these critiques because they assume that only de-anonymizers will have access to computer-assisted tools, but as Anonymouth shows, there are many opportunities to use automation tools to improve anonymity.

Stylometry matters in many ways: its state of the art changes the balance of power between trolls and moderators, between dissidents and dictators, between employers and whistleblowers, between astroturfers and commenters, and between spammers and filters.

During the Q&A, a questioner asked whether Anonymouth's methods could be used by, say, fanfic authors to make their writing style match the author whose universe they're dabbling in; the researchers thought this would be so. I instantly wondered if avid fans might make a JK-Rowlingifier that could be used by dissidents to anonymize their speech, homogenizing it to pitch-perfect Potterian English so that stylometry fails. And of course, this makes me wonder whether stylometry could be used to falsely identify a block of prose with a third party (making a terrorist rant stylometrically match an innocent's prose-style) -- the researchers doubt this, and suggest that when deception is a possibility, prose-style shouldn't be considered as identifying evidence.

As an aside, the Anonymouth team is part of a lab at Drexel seeking grad-students and postdocs.

Privacy, Security and Automation Lab

HOWTO be more anonymous in your anonymous blog

Andy Baio explains how he tracked down a trolling "anonymous" blogger who revealed his identity by using a Google Analytics ID that was incremented one up from his public blog. He uses this as a springboard for offering practical advice to people who want to blog "anonymously" (or, at least, as anonymously as possible):

1. Don’t use Google Analytics or any other third-party embed system. If you have to, create a new account with an anonymous email. At the very least, create a separate Analytics account to track the new domain. (From the “My Analytics Accounts” dropdown, select “Create New Account.”)

2. Turn on domain privacy with your registrar. Better, use a hosted service to avoid domain payments entirely.

3. If you’re hosting your own blog, don’t share IP addresses with any of your existing websites. Ideally, use a completely different host; it’s easy to discover sites on neighboring IPs.

4. Watch your history. Sites like Whois Source track your history of domain and nameserver changes permanently, and Archive.org may archive old versions of your site. Being the first person to follow your anonymous Twitter account or promote the link could also be a giveaway.

5. Is your anonymity a life-or-death situation? Be aware that any service you use, including your own ISP, could be forced to reveal your IP address and account details under a court order. Use shared computers and an anonymous proxy or Tor when blogging to mask your IP address.

Andy Baio: Think You Can Hide, Anonymous Blogger? Two Words: Google Analytics

Google rejects JWZ's 2-step plan to end the nym wars

JWZ proposed a two-step plan to help Google realize its stated goal of allowing pseudonyms on Google+:

1. Stop deleting peoples' accounts when you suspect that the name they are using is not their legal name.
2. There is no step 2.

Googlers voted up the question "can we do this?" for a response at this week's company meeting. According to JWZ's source, "To nobody's great surprise, [Larry Page's] answer was a very long-winded 'no'."

Google Nymwars, redux

Hacker Prom tonight at San Francisco's Noisebridge hackerspace

NoiseBridge, the celebrated hackerspace in San Francisco's Mission district, is celebrating its third anniversary tonight with a Hacker Prom. There's a makeout room (featuring Makerbots), pre-spiked punch, and awkward prom photos. You're encouraged to bring a robot date. Oh, this does look fun!

The whole event is a fundraiser for NoiseTor, a part of the TOR anonymizing proxy system, which creates and manages Tor nodes for those without the time to set one up themselves.

(Thanks, Danny!)

Understanding the Nym Wars

Here's a pair of great (JWZ) posts (Kevin Marks) on the Nym Wars, in which Googlers, net users, and sensible people try to convince the G+ team that it's insane to tell people that they must socialize using their "real names," and to then try to adjudicate what a "real name" is. Both link out to the canonical essays produced to date on the subject, such as EFF and boyd, and add a lot of good context.

Google Plus's "Real Name" policy is abusive; Facebook is not a "Real Name" success story

Here's danah boyd in very good form, explaining why "Real Name" policies like the one Google has rammed down Google Plus users' throats (and like the insanely naive one that Randi Zuckerberg would like to foist on the entire Internet) are an abuse of power:
Over and over again, people keep pointing to Facebook as an example where “real names” policies work. This makes me laugh hysterically. One of the things that became patently clear to me in my fieldwork is that countless teens who signed up to Facebook late into the game chose to use pseudonyms or nicknames. What’s even more noticeable in my data is that an extremely high percentage of people of color used pseudonyms as compared to the white teens that I interviewed. Of course, this would make sense…

The people who most heavily rely on pseudonyms in online spaces are those who are most marginalized by systems of power. “Real names” policies aren’t empowering; they’re an authoritarian assertion of power over vulnerable people. These ideas and issues aren’t new (and I’ve even talked about this before), but what is new is that marginalized people are banding together and speaking out loudly. And thank goodness.

What’s funny to me is that people also don’t seem to understand the history of Facebook’s “real names” culture. When early adopters (first the elite college students…) embraced Facebook, it was a trusted community. They gave the name that they used in the context of college or high school or the corporation that they were a part of. They used the name that fit into the network that they joined Facebook with. The names they used weren’t necessarily their legal names; plenty of people chose Bill instead of William. But they were, for all intents and purposes, “real.” As the site grew larger, people had to grapple with new crowds being present and discomfort emerged over the norms. But the norms were set and people kept signing up and giving the name that they were most commonly known by. By the time celebrities kicked in, Facebook wasn’t demanding that Lady Gaga call herself Stefani Germanotta, but of course, she had a “fan page” and was separate in the eyes of the crowd. Meanwhile, what many folks failed to notice is that countless black and Latino youth signed up to Facebook using handles. Most people don’t notice what black and Latino youth do online. Likewise, people from outside of the US started signing up to Facebook and using alternate names. Again, no one noticed because names transliterated from Arabic or Malaysian or containing phrases in Portuguese weren’t particularly visible to the real name enforcers. Real names are by no means universal on Facebook, but it’s the importance of real names is a myth that Facebook likes to shill out. And, for the most part, privileged white Americans use their real name on Facebook. So it “looks” right.

“Real Names” Policies Are an Abuse of Power