Tor Browser goes 4.0

The 4.0 version of the secure, anonymized, private browser disables SSL3 (in deference to the POODLE attack) and uses new transports that are intended to defeat the Great Firewall of China and other extremely restrictive firewalls.

Read the rest

Comcast blocks Tor (updated)

"Users who try to use anonymity, or cover themselves up on the internet, are usually doing things that aren’t so-to-speak legal; we have the right to terminate, fine, or suspend your account at anytime due to you violating the rules -- Do you have any other questions? Thank you for contacting Comcast."

Read the rest

Honorable spies anonymously leak NSA/GHCQ-discovered flaws in Tor

Andrew Lewman, head of operations for The Onion Router (TOR), an anonymity and privacy tool that is particularly loathed by the spy agencies' capos, credits Tor's anonymous bug-reporting system for giving spies a safe way to report bugs in Tor that would otherwise be weaponized to attack Tor's users.

Read the rest

EFF unveils secure, sharing-friendly, privacy-minded router OS

As promised, the Open Wireless Movement's new sharing-friendly, privacy-minded router operating system was unveiled at HOPE X in New York last weekend.

Read the rest

Own your crypto-extremism with the Torrorist tee


Celebrate yesterday's news that the NSA classes all Tor users as "extremists" and targets them for indefinite, deep surveillance...with fashion!

Read the rest

"Personal Internet security" is a team sport


My latest column in Locus magazine, Security in Numbers, looks at the impossibility of being secure on your own -- if you use the Internet to talk to other people, they have to care about security, too.

Read the rest

If you read Boing Boing, the NSA considers you a target for deep surveillance

The NSA says it only banks the communications of “targeted” individuals. Guess what? If you follow a search-engine link to Boing Boing’s articles about Tor and Tails, you’ve been targeted. Cory Doctorow digs into Xkeyscore and the NSA’s deep packet inspection rules.

Read the rest

Seven things you should know about Tor

Tor (The Onion Router) is a military-grade, secure tool for increasing the privacy and anonymity of your communications; but it's been the subject of plenty of fear, uncertainty and doubt.

The Electronic Frontier Foundation's 7 Things You Should Know About Tor debunks some of the most common myths about the service (which even the NSA can't break) and raises some important points about Tor's limitations.

7 Things You Should Know About Tor [Cooper Quintin/EFF]

The Tor challenge: run a Tor node for great justice

EFF, Freedom of the Press Foundation, Free Software Foundation and The Tor Project have launched The Tor Challenge, a campaign to encourage people to run Tor nodes. "Tor is a powerful tool that helps you stay anonymous online. It can protect your privacy as you browse the Internet and circumvent government censorship of the webpages you visit. We need your help to keep Tor strong. Run a Tor relay today." Here's how to get started.

Edward Snowden hosted a cryptoparty and ran a Tor exit node

Before Edward Snowden went on the run and effected the first-ever leak of documents from the NSA, he threw a cryptoparty in Hawai'i, coordinating with Runa Sandvik from the Tor Project and Asher Wolf from the Cryptoparty movement to plan an event where everyday people were taught to use crypto. He gave a lecture for his neighbors on Truecrypt, and told people that he ran at least two Tor exist nodes to help people keep their anonymous traffic moving (Boing Boing also runs a Tor exit node). Apparently, his girlfriend videoed the event -- I'd love to see it!

Snowden used the Cincinnatus name to organize the event, which he announced on the Crypto Party wiki, and through the Hi Capacity hacker collective, which hosted the gathering. Hi Capacity is a small hacker club that holds workshops on everything from the basics of soldering to using a 3D printer.

“I’ll start with a casual agenda, but slot in additional speakers as desired,” write Cincinnatus in the announcement. “If you’ve got something important to add to someone’s talk, please share it (politely). When we’re out of speakers, we’ll do ad-hoc tutorials on anything we can.”

When the day came, Sandvik found her own way to the venue: an art space on Oahu in the back of a furniture store called Fishcake. It was filled to its tiny capacity with a mostly male audience of about 20 attendees. Snowden spotted her when she walked in and introduced himself and his then-girlfriend, Lindsay Mills, who was filming the event. “He was just very nice, and he came to the door and introduced himself and talked about how the event was going to run,” Sandvik says.

They chatted for a bit. Sandvik asked Snowden where he worked, and after hemming and hawing, he finally said he worked for Dell. He didn’t let on that his work for Dell was under an NSA contract, but Sandvik could tell he was hiding something. “I got the sense that he didn’t like me prying too much, and he was happy to say Dell and move on,” she says.

Sandvik began by giving her usual Tor presentation, then Snowden stood in front of the white board and gave a 30- to 40-minute introduction to TrueCrypt, an open-source full disk encryption tool. He walked through the steps to encrypt a hard drive or a USB stick. “Then we did an impromptu joint presentation on how to set up and run a Tor relay,” Sandvik says. “He was definitely a really, really smart guy. There was nothing about Tor that he didn’t already know.”

Snowden’s First Move Against the NSA Was a Party in Hawaii [Kevin Poulsen/Wired]

(Image: a downsized thumbnail of a photo by Bart Gellman/Getty)

Tor: network security for domestic abuse survivors


Michael from Beta Boston writes, "The privacy protections offered by tools like Tor aren't just for journalists and spies; they're important for everyone. Almost every modern abusive relationship has a digital component, from cyberstalking to hacking phones, emails, and social media accounts, but women's shelters increasingly have found themselves on the defensive, ill-equipped to manage and protect their clients from increasingly sophisticated threats. Recently the Tor Project stepped in to help change that, and we took a long look at the work cut out for them."

This is an important point: when you make it so that no one can keep secrets from the state and its enforcement arm, you also make it so that no one can keep secrets from crooks, thugs, stalkers, and every other kind of bad guy.

Read the rest

TAILS: Snowden's favorite anonymous, secure OS goes 1.0


TAILS -- The Amnesiac Incognito Live System -- is a highly secure operating system intended to be booted from an external USB stick without leaving behind any trace of your activity on either your computer or the drive. It comes with a full suite multimedia creation, communications, and utility software, all configured to be as secure as possible out of the box.

It was Edward Snowden's tradecraft tool of choice for harvesting and exfiltrating NSA documents. Yesterday, it went 1.0. If you need to turn a computer whose operating system you don't trust into one that you can use with confidence, download the free disk image. (Note: TAILS won't help you defend against hardware keyloggers, hidden CCTVs inside the computer, or some deep malware hidden in the BIOS). It's free as in speech and free as in beer, and anyone can (and should) audit it.

Effectively, this is the ParanoidLinux I fictionalized in my novel Little Brother.

Read the rest

Jake Appelbaum reads his Homeland afterword, with bonus Atari Teenage Riot vocoder mix

Two of my friends contributed afterwords to my novel Homeland: Aaron Swartz and Jacob Appelbaum. In this outtake from the independently produced Homeland audiobook (which you can get for the next week exclusively through the Humble Ebook Bundle), Jake reads his afterword at The Hellish Vortex Studio in Berlin, where he is in exile after several harrowing adventures at the US border. Hellish Vortex is run by Alec Empire, founding member of Atari Teenage Riot. Alec recorded this clip (MP3), and also mixed an alternate version.

Originally Jake had intended for his afterword to be anonymous (I didn't understand this at the time, and there was no harm done!). In keeping with this, Alec mixed this vocoder edition (MP3), that is pretty awesome.

Humble Ebook Bundle

Detailed analysis of Syria's network censorship with logs from Blue Coat's surveillance boxes


In Censorship in the Wild: Analyzing Web Filtering in Syria [PDF], researchers from INRIA, NICTA and University College London parse through 600GB worth of leaked logfiles from seven Blue Coat SG-9000 proxies used by the Syrian government to censor and surveil its national Internet connections. They find that the Assad regime's censorship is more subtle and targeted than that of China and Iran, with heavy censorship of instant messaging, but lighter blocking of social media. They also report on Syrians' use of proxies, Tor, and Bittorrent to evade national censorship. It's the first comprehensive public look at the network censorship practiced in Syria.

Censorship in the Wild: Analyzing Web Filtering in Syria [PDF] (Thanks, Gary!)

The downfall of Silk Road, and with it, the so-called Dark Net

From Adrian Chen's Gawker long-read about that recent bust of the web's biggest online illegal drug marketplace:
The lesson of the Silk Road takedown isn't that Ulbricht was sloppy about security. It's that the idea of a world famous, anonymous illegal market is fatally contradictory. Ullbricht made some technical mistakes, but his biggest one was conceptual: buying his own hype that high-tech tricks would let him implement a radical free market fundamentalism that could never work politically.
Read the whole piece. Related: Chen's profile of Ross William Ulbricht.