Attacks that unmask anonymous blockchain transactions can be used against everyone who ever relied on the defective technique

In An Empirical Analysis of Traceability in the Monero Blockchain, a group of eminent computer scientists analyze a longstanding privacy defect in the Monero cryptocurrency, and reveal a new, subtle flaw, both of which can be used to potentially reveal the details of transactions and identify their parties. Read the rest

Happy Data Privacy Day! A turning point for anonymity, privacy, and the tools that deliver them

Last week, we celebrated Data Privacy day. Everything we do online—whether on a computer or on a mobile device—is being tracked, traced, compiled, crunched, bought and sold by familiar tech-titans like Google, Facebook, Verizon and hundreds of lesser known data brokers who help advertisers build frighteningly detailed digital profiles of users by harvesting data from a variety of sources, including customer databases and online platforms. After I lecture to my students on this topic, rattling off a dozen mechanisms by which corporations and governments can spy and pry on us, threating both anonymity and privacy, their reaction is usually either indifference (because, you know, they think they have nothing to hide) or for those that I’ve convinced they should care, some measure of despair.

The New York Times is now a Tor onion service

The New York Times is now available as an "Onion Service" on the Tor network, at the address https://www.nytimes3xbfgragh.onion/ -- meaning that anyone with Tor access can securely and privately access the Times without giving away any information about what they're looking at, even to state-level actors who control the ISPs. Read the rest

Cyber-arms dealer offers $1m for zero-day Tor hacks

Zerodium is a cyber-arms dealer that produces hacking tools for governments by buying up newly discovered defects in widely used systems, weaponizing them and then selling them to be used against criminals, activists, journalists and other targets of state surveillance. Read the rest

Securing the IoT: a tele-dildo controlled through the Tor network

Security researcher Sarah Jamie Lewis wanted to demonstrate that the horrific stories of insecure networked sex-toys (and other Internet of Things devices) was the result of manufacturers' negligence, not the intrinsic limitations of information security. Read the rest

Reidentification attack reveals German judge's porn-browsing habits

In their Defcon 25 presentation, "Dark Data", journalist Svea Eckert and data scientist Andreas Dewes described how easy it was to get a massive trove of "anonymized" browsing habits (collected by browser plugins) and then re-identify the people in the data-set, discovering (among other things), the porn-browsing habits of a German judge and the medication regime of a German MP. Read the rest

What not to do when you're anonymous, if you want to stay that way

If you're using an anonymity tool -- Tor or something like it -- to be anonymous on the internet, it's really easy to screw it up and do something that would allow an adversary of varying degrees of power (up to and including powerful governments) to unmask you. Read the rest

The basic opsec failures that unmasked James Comey's Twitter show how hard this stuff is

Gizmodo's Ashley Feinberg (almost certainly) figured out that James Comey's secret Twitter handle was @projectexile7, because America's top G-man failed at some of the most basic elements of operational security. Read the rest

It's very hard to maintain an anonymous Twitter account that can withstand government-level attempts to de-anonymize it

It's one thing to set up an "anonymous" Twitter Hulk account whose anonymity your friends and colleagues can't pierce, because the combination of your care not to tweet identifying details, the stilted Hulk syntax, and your friends' inability to surveil the global internet and compel phone companies to give up their caller records suffice for that purpose. Read the rest

How to keep your secret activist Twitter account a secret

Despite his widely read criticism of Tor, The Gruqq -- a legendary, pseudonymous security expert -- uses it as first and last line of defense in keeping your secret, activist Twitter account a secret. Read the rest

It's awesome to see all these "rogue" government agency Twitter accounts, but what about hoaxes?

In the immediate aftermath of the Trump administration's gag orders on government employees disclosing taxpayer-funded research results, a series of high-profile "rogue" government agency accounts popped up on Twitter, purporting to be managed by civil servants who are unwilling to abide by the gag order. Read the rest

Barcelona government officially endorses Tor-based whistleblower platform

Xnet, a wonderful Spanish activist group, has created the Anti-Corruption Complaint Box, a whistleblowing platform for the city of Barcelona that allows people to file anonymous claims in a Globalleaks repository, with their anonymity protected by Tor. Read the rest

Using real names online doesn't improve behavior

J.Nathan Matias takes a clear-eyed look at The Real Name Fallacy, the belief that forcing users to communicate using real names will improve online conduct. In my experience, the biggest problems come on platforms like Twitter where it's a mix of real and pseudonymous users. Read the rest

Ten principles for user-protection in hostile states

The Tor Project's "Ten Principles for User Protection in Hostile States" is both thoughtful and thought-provoking -- it's a list that excites my interest as someone who cares about the use of technology in improving lives and organizing political movements (principle 1 is "Do not rely on the law to protect systems or users" -- a call to technologists -- while number 7 is aimed at companies, "Invest in cryptographic R&D to replace non-cryptographic systems" and principle 2 says "Prepare policy commentary for quick response to crisis," which suggests that the law, while not reliable, can't be ignored); and also as a science fiction writer (check out those tags! "Acausal trade," "Pluralistic singularity" and "Golden path"! Yowza!) Read the rest

Freedom of the Press releases an automated, self-updating report card grading news-sites on HTTPS

Secure the News periodically checks in with news-sites to see how many of them implement HTTPS -- the secure protocol that stops your ISP and people snooping on it from knowing which pages you're looking at and from tampering with them -- and what proportion of them default to HTTPS. Read the rest

The Tor Project's social contract: we will not backdoor Tor

I first encountered the idea of "social contracts" for software projects in Neal Stephenson's seminal essay In the Beginning Was the Command Line, which endorsed the Debian project on the strength of its social contract: "As far as I know, Debian is the only Linux distribution that has its own constitution." Read the rest

Researchers find over 100 spying Tor nodes that attempt to compromise darknet sites

When it comes to accessing public websites, Tor has an intrinsic security problem: though the nodes between your computer and the public internet are unable to see where the traffic is coming from or going to, the final hop in the network (known as an exit node) gets to know what webserver you are connecting to. Read the rest

More posts