This summer, DoJ Cybercrime Lab director Ovie Carroll presented at a Federal Judicial Seminar in San Diego, attended by over 100 US federal judges, where he recommended that the judges should use Tor -- The Onion Router, subject of much handwringing and serious technological assaults from the US government, but which is also primarily funded by the USG -- to protect their personal information while using their home and work computers.
Read the rest
This summer, DoJ Cybercrime Lab director Ovie Carroll presented at a Federal Judicial Seminar in San Diego, attended by over 100 US federal judges, where he recommended that the judges should use Tor -- The Onion Router, subject of much handwringing and serious technological assaults from the US government, but which is also primarily funded by the USG -- to protect their personal information while using their home and work computers. Read the rest
After the spectacular rise and fall of Anonabox, a kickstarted $45 router that was supposed to protect your privacy but had its campaign yanked for not being entirely forthright with backers, a spate of shady, silly, and even serious projects have sprung up to fill the demand that Anonabox's $615,000 Kickstarter near-win demonstrated. Read the rest
Andrew Lewman, head of operations for The Onion Router (TOR), an anonymity and privacy tool that is particularly loathed by the spy agencies' capos, credits Tor's anonymous bug-reporting system for giving spies a safe way to report bugs in Tor that would otherwise be weaponized to attack Tor's users. Read the rest
Tor (The Onion Router) is a military-grade, secure tool for increasing the privacy and anonymity of your communications; but it's been the subject of plenty of fear, uncertainty and doubt.
The Electronic Frontier Foundation's 7 Things You Should Know About Tor debunks some of the most common myths about the service (which even the NSA can't break) and raises some important points about Tor's limitations.
In my latest Guardian column, 'Cybersecurity' begins with integrity, not surveillance, I try to make sense of the argument against surveillance. Is mass surveillance bad because it doesn't catch "bad guys" or because it is immoral? There's a parallel to torture -- even if you can find places where torture would work to get you some useful information, it would still be immoral. Likewise, I've come to realize that the "it doesn't work" argument isn't one that I want to support anymore, because even if mass surveillance did work, it would still be bad.
Read the rest
One thing that parenting has taught me is that surveillance and experimentation are hard to reconcile. My daughter is learning, and learning often consists of making mistakes constructively. There are times when she is working right at the limits of her abilities – drawing or dancing or writing or singing or building – and she catches me watching her and gets this look of mingled embarrassment and exasperation, and then she changes back to some task where she has more mastery. No one – not even a small child – likes to look foolish in front of other people.
Putting whole populations – the whole human species – under continuous, total surveillance is a profoundly immoral act, no matter whether it works or not. There no longer is a meaningful distinction between the digital world and the physical world. Your public transit rides, your love notes, your working notes and your letters home from your journeys are now part of the global mesh of electronic communications.
Top-secret documents leaked to the Guardian by former US intelligence contractor Edward Snowden reveal details of repeated attempts by the US and UK governments to crack Tor, the "onion router" that was originally funded in by the US government, and used widely by dissidents and activists around the world. Tor's core network security remains intact, but the NSA has had some success attacking users' computers, according to the report.
On September 13th, the Iranian government began blocking The Onion Router (TOR), a system for evading network censorship. On September 14th, the TOR project changed its code so that it wasn't blocked anymore.
Yesterday morning (in our timezones — that evening, in Iran), Iran added a filter rule to their border routers that recognized Tor traffic and blocked it. Thanks to help from a variety of friends around the world, we quickly discovered how they were blocking it and released a new version of Tor that isn't blocked. Fortunately, the fix is on the relay side: that means once enough relays and bridges upgrade, the many tens of thousands of Tor users in Iran will resume being able to reach the Tor network, without needing to change their software.
How did the filter work technically? Tor tries to make its traffic look like a web browser talking to an https web server, but if you look carefully enough you can tell some differences. In this case, the characteristic of Tor's SSL handshake they looked at was the expiry time for our SSL session certificates: we rotate the session certificates every two hours, whereas normal SSL certificates you get from a certificate authority typically last a year or more. The fix was to simply write a larger expiration time on the certificates, so our certs have more plausible expiry times.
An obituary posted on Facebook by Sassaman's friend and fellow hacker Pablos Holman recounted the pair's early work on crypto-systems after they met in 1999.Young cryptographer ends own life (Thanks, GuidoDavid.)
"We were reimagining our world, riddled with cryptosystems that would mathematically enforce the freedoms that we treasured. Anonymous remailers to preserve speech without fear of retribution; onion routers to ensure nobody could censor the internet; digital cash to enable a radically free economy."
While much of their work was an academic "geek utopia exercise", Sassaman liked to "get his hands dirty", which led to numerous visits from Federal agencies over remailer abuse, according to Holman: "Len, you are, in fact, an inspiration to those of us who inspired you. You made something great of your life. You left a lot behind for us. Thanks for letting me be a part of it all."
Tor on Android (via O'Reilly Radar) Previously:HOWTO use TOR to enhance your privacy HOWTO Use TOR to protect yourself from censorship and snooping ... Intro to TOR: how you can be an anti-censorship activist in your ... EFF and TOR in Google's Summer of Code! Read the rest
Previous Summer of Code workers have had wonderful experiences working with EFF (as a former employee, I can testify to what a great workplace it is). Not only do you get to do paid, meaningful work, but you get to do it surrounded by some of the most astute, passionate and clever people in the technology world. For the right student, this is the chance of a lifetime.
Work With EFF and TOR for Google's Summer of Code Previously:EFF helping produce anonymizing software Intro to TOR: how you can be an anti-censorship activist in your ... Run a TOR node, help Iranians and others keep their privacy ... TOR: German police are *not* cracking down on Tor. EFF public meeting on anonymizing software in San Fran next Tues ... EFF releases Net Neutrality detector software TOSBack: EFF's real-time tracker for changes in terms of service ... EFF sets sights on abusive EULAs Tracking e-voting dangers: I VOTED? Read the rest
TOR works by passing your traffic through several (theoretically) unrelated computers all over the Internet, using cryptography to keep the origin, destination, and intermediary steps secret from each computer it passes through.
You can run TOR on your own computers and they'll become part of this array of intermediary hosts all over the net, making your network connection into a tool for privacy and free access to information.
Bill McGonigle, of Lebanon, New Hampshire, decided to become a Tor volunteer when he learned that people in Iran were protesting the results of their June Presidential election. They were using the Internet to organize their meetings. The Iranian government was trying to censor their messages to one another. "I have a soft-spot for people trying to gain liberty for themselves," he wrote in an email, "especially against tyrannical regimes. It became known that they were using Tor to get around the censorship, so at that point I put up a relay....The people I'd like to help are those living under violence-based oppression, most commonly orchestrated by dangerous and corrupt individuals posing as legitimate governments. I'd like to see an end to oppression wherever it exists."Volunteer Your Computer for Global Privacy (Thanks, Rhona! Read the rest
More sophisticated users can skip this paragraph, but for the rest, here's the basic outline. Tor (an acronym of "The Onion Router") is free and open source software that helps users remain anonymous on the Internet. Normally, when accessing websites, your computer asks for and receives a webpage out in the open, a process that exposes your IP address, the URL of the website, and the contents of the site, among other information to third parties. When accessing websites while using Tor, your computer essentially whispers its requests for a website, to another computer, which passes the request on to another computer, which passes it on to another computer, which passes it onto the computer where the website is hosted; the reply returns in the same, chain-message manner. The whispers are encrypted, so that neither outside authorities, nor the computers in the middle of the chain, can tell what is being said, and to whom. And the website itself does not have your IP address either.Read the rest
Internet users in Iran are using Tor to both (a) circumvent censorship systems and (b) remain anonymous while reading and writing on the Internet. Both are critically important to the safety of protesters, many of whom fear retaliation from the government. Preliminary reports indicate that use of the Tor client in Iran has increased in the days after the contested election.