The Privacy BlogPrivacy, Security, Cryptography, and Anonymity

TAG | anonymity

Play

Hola logo unhappy

The Hola peer to peer VPN service suffered a number of very damaging security revelations today. Hola claims that there are (or were) about 45 million active users of the service. (more…)

· · · · ·

Asian woman headsmack

FBI Director James Cormey says that the North Korean’s who hacked Sony were tracked because of bad operational security in their use of proxies.

We saw the same thing with the take down of the Silk Road website. Few people have the skills, tools, and discipline to be 100% consistent with their anonymity. Any slip at any time can blow your cover. Of course, this could have been an intentional false flag, the rabbit hole can get very deep. Jeff Carr makes the case that this is actually quite likely.

(more…)

· · · ·

Play

Rotten onion

Right after the Lizard Squad finished with a DDOS attack on the PSN and XBOX networks, they launched an attack against the Tor anonymity system. The attack was simple, set up enough Tor relays to be able to identify a significant fraction of Tor users and connect them with their activity. They got caught because they were bozos (perhaps intentionally). They did the attack hard and fast, which made it easy to identify the rogue relays, and they bragged about it (which told people to look for the attack). (more…)

· · · · · ·

HiRes

It looks like people who care about Internet anonymity need to look outside Canada for their providers. It is not just a concern that the Canadian government would be able to subpoena the information, but it is also vulnerable to insider and external attack. If the data exists, it will eventually leak.

Starting today Canadian Internet providers are required to forward copyright infringement notices to their subscribers. This notification scheme provides a safe harbor for ISPs but is also expected to result in a surge in piracy settlement schemes. The new law further causes trouble for VPN providers, who are now required to log customers for at least six months.

Canadian ISPs and VPNs Now Have to Alert Pirating Customers | TorrentFreak

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.

· · · ·

Looking in Dark Box

I have long said that privacy services are all about trust. I this article demonstrating how to use a simple web proxy to compromise the users of that proxy. Of course, the operator of the proxy is being untrustworthy, but that is the whole point. If you don’t have a reason to specifically trust the operator of your privacy service, you need to assume that they are attempting to do you harm. Of course, the same argument applies to Tor. Literally anyone could be running that proxy for any purpose. (more…)

· · · ·

Play

Tor webpage

Two new attacks on Tor were recently announced.

The first involves using an exit node to automatically modify software patches to include malware. This one is being seen in the wild already. (more…)

· · · · ·

Woman hiding at corner

Recently a colleague was reading a blog post by a Russian based VPN provider which talked about their privacy stance. He was incredulous. “Why would anyone trust a Russian VPN company?!?!”

It is a reasonable question about many locations. Russia, China, Iran, and many other companies are justifiably known for Internet monitoring and censorship. Of course, in the post Snowden era, a lot of attention has been focused on US surveillance as well.

I think that many people have the feeling that they should trust anyone but their own governments. After all, foreign intelligence services are unlikely to do anything about any intercepts unless they see some kind of global doomsday scenario. You might worry that your local intelligence agency could pass along information to local law enforcement, but that too seems generally unlikely. Exposing such intercepts would also expose sources and methods, which are some of the most highly protected secrets out there.

To me the question is what the VPN / Privacy provider is ALLOWED to keep private. It is clear that many governments put a huge amount of pressure, or actually pass laws, on companies to keep all kinds of user activity records. Interestingly that is not the case in the United States.

Anonymizer has no requirement to keep any records about what our users do through our service, or any way to identify associate any activity with a given user. Our systems are architected so that we don’t need to refuse to provide any of that information, we are simply incapable of doing so.

Play

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on FacebookTwitter, and Google+.

· · · ·

Play

Standard Profile PictureIn episode 23 of our podcast for August 2014, I talk about:

  • The absurd alarmism over the new Facebook Messenger App’s privacy settings
  • Brazil’s move to ban anonymity
  • How the secrecy of the secret app has been compromised
  • and finally how Tor users were put at risk by a fake website

· ·

Sep/14

2

Cosplay for Privacy!

Secret Identity

From https://projectsecretidentity.org/

All The Best Dragon Con Cosplayers Fighting For Online Privacy

In a brilliant campaign, IO9 and the EFF is having cosplayers pose with pro-anonymity, pro-privacy, and pro-pseudonymity signs. See the whole set here. The most popular seems to be “I have a right to a Secret Identity!”.

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.

·

Troll and laptop

Attacks On Anonymity Conflate Anonymous Speech With Trollish Behavior | Techdirt

It turns out that people say nasty things under their real names, and people also say valuable things anonymously.

Shocking!

It is amazing how often I see respected academics and other thinkers get incredibly sloppy in their reasoning when it comes to anonymity. They frequently assume correlations for which they have no evidence, and propose solutions with no consideration of the consequences.

I appreciate the rational perspective in articles like this.

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.

·

Older posts >>