The Anonymity Experiment | Popular Science

February 13, 2008 by lance in Online Privacy, Personal Privacy, Surveillance

The Anonymity Experiment | Popular ScienceThis is an interesting article on trying to live in the modern world without leaving any digital footprints. It is nice to see they suggested Anonymizer, unfortunately they got the facts completely wrong. They suggest that anyone could run an Anonymizer proxy, and that those people could be monitoring traffic. That is true of the TOR network, but not of Anonymizer. We own and operate all of our own servers and networks, for exactly that reason.

Script attack for capturing your browser history

February 10, 2008 by lance in Online Privacy, Personal Privacy, Surveillance

This page < Bookmark button test page > contains a nice demonstration of the ability to retrieve your surfing history from your browser. In this case, it looks for any social bookmarking sites you many have visited in the past. Obviously this could be extended to look for any other sites you might have visited. For example, this would enable an attacker to target phishing attacks at you based on the bank websites you actually visit. This shows once more the doubled edged sword of browser functionality. The scripting capabilities make possible such things as Google Docs but also enables this kind of attack. They go hand in hand. The more power you give to the scripting language the more opportunity there is to abuse that power.

Ireland to start broad data retention

February 02, 2008 by lance in Free Speech, Internet, Online Privacy, Personal Privacy, Surveillance

It looks like the trend towards wide spread retention of traffic analysis data is spreading to Ireland, one of the last holdouts in Europe. If you want to be protected from this kind of data gathering, you need to take proactive precautions. From the SANS institute:To satisfy the requirements of a European Union (EU) directive,Ireland will begin retaining records of its citizens' emails and Internet chats. While the content of the communications will not be retained, records of the IP addresses of the participants, the time and date of the communication, and the physical size of the message would be stored. The plan would take effect within one month through a statutory instrument in lieu of introducing legislation in Parliament because the country has received notice from the EU that it is three months overdue in implementing a data retention plan. A civil liberties organization has voiced its opposition to the plan as well as the way in which it is being implemented.The group maintains that law enforcement officials will be permitted to access the retained data without court orders or warrants.

US drafting plan to allow government access to any email or Web search

January 15, 2008 by lance in Internet, Online Privacy, Personal Privacy, Surveillance

The Raw Story | US drafting plan to allow government access to any email or Web searchNational Intelligence Director Mike McConnell is developing new policies for Internet intelligence gathering. It looks like the changes may be very broad and deep. I worry that this kind of change often has significant impacts on civil liberties while providing minimal improvements to our security.Bad guys have any number of ways of protecting their communications and activities. It is the innocent Internet user that will be caught in this bigger and tighter net.

From The Magazine : Radar Online : Cory Doctorow imagines a world in which Google is evil

September 21, 2007 by lance in Fiction, Online Privacy, Surveillance

From The Magazine : Radar Online : Cory Doctorow imagines a world in which Google is evil This is a wonderful short piece of fiction about the logical conclusion of our current path towards universal on-line data collection. The ultimate in paranoia fiction

Rogue Nodes Turn Tor Anonymizer Into Eavesdropper's Paradise

September 10, 2007 by lance in Internet, National Security, Online Privacy, Personal Privacy, Proxy, Security Breaches, Surveillance

Rogue Nodes Turn Tor Anonymizer Into Eavesdropper's Paradise In a follow up to this post I wrote a few weeks ago, we now understand how the 1000 government email accounts were compromised. It turns out that he did it using TOR.

I have said for a long time that I am amazed that any one operates TOR servers other than government people and criminal/terrorist people. As the operator of a TOR server, you have access to the clear text of the data flowing through your server when you are the exit node (about 1/3 of the traffic typically). While the TOR documentation is clear about this vulnerability, it really understates it, and does not address what you should do about communicating with public services that do not provide an option to do end to end encryption of the information.

As a user of TOR, you are trusting the operators of the servers not to monitor your information. Dan Egerstad's attack was simply to violate that trust. He actively monitored all of the traffic through his 5 TOR servers. He ran multiple servers to increase the amount of data he could collect. He identified the government accounts by searching the captured data for simple strings that would indicate the message was an email being sent or received in the clear, then further searching for key words that would indicate is was government or military related.

Many other TOR servers could currently be searching for financial, medical, trade secret, or other information.

With any privacy service, you need to trust the operators of that service. The theory was that you would not need to trust the operators of the TOR network. The reality is that, in real world use, you do have to trust them, but you typically know very little about them. There is almost no hurdle to establishing a new TOR server. Just about anyone with access to a server can set it up as a TOR server. You must assume that many of those people will not have your best interests at heart.

My personal approach is to work with people with a long track-record of trustworthy behavior. Anonymizer has been providing services for almost 12 years. I personally have been operating privacy services since 1992. In that time I have protected millions of people and billions of web pages and emails. Our track record for integrity is long and unblemished. I think that is the kind of basis one should use for deciding who to trust.

Germany wants to spy on suspects via Web

August 31, 2007 by lance in National Security, Online Privacy, Phishing/Pharming, Spyware and Malware, Surveillance, Virus and Trojans

Germany wants to spy on suspects via Web Germany is proposing to use trojan horse software to enable surveillance of target computers. I have to wonder how effective this will actually be. They are talking about distributing it in an apparently official email from a government email address.

Now that the bad guys know this, it seems likely that they will take more care with the attachments from the government.
Anti-virus / anti-malware programs should be able to identify and block this software
If the anti-virus software makers are convinced to leave a hole for this software, it will be a huge back door for other hackers to use to deploy their trojan horse software.

In general this seems like a high risk operation for the Germans. I suspect that it will be used rarely and very selectively.

Google Wants Shareholders to Permit Censorship

May 04, 2007 by lance in Free Speech, International, Internet, Surveillance

CIO.com - Business Technology Leadership - Google Wants Shareholders to Permit Censorship Following up on my earlier post, it is hardly surprising that Google is not in favor of this shareholder initiative. In all fairness, it would put them in a very difficult and competitively disadvantageous position.

I will be at a conference on censorship circumvention in the UK in late May, so I should have more information and insight about this issue soon. It will be good to get outside the box and talk with others who are fighting this good fight along side Anonymizer.

Google-DoubleClick Merger Concerns

April 19, 2007 by lance in Internet, Online Privacy, Surveillance

Google's acquisition of DoubleClick raises many major privacy concerns. Throughout the late 90's DoubleClick was the boogyman of the privacy community. More recently Google has taken on that mantle. The combination creates an information harvesting juggernaut. Google is in a position to see the search terms, and thus focus of interest, of the vast majority of Internet users. Most users start most searches or web expeditions with a Google search. Their logs contain a fairly complete history of the interests of their users going back for years.

DoubleClick has a view of user activity after the search across thousands of websites. Banner and other website ads are not actually hosted on the websites on which they appear. DoubleClick serves the content from their servers, and handles any clicks on the ads. Importantly, DoubleClick can gather your information even if you don't click on the link. Simply viewing the ad is enough for them to cookie you, to gather your IP address, and store that along with the URL you are viewing.

Combined, this enables the creation of a database most searches along with most subsequent web surfing activities. Nearly ubiquitous Internet monitoring by a single entity will be a reality after this merger. Having both the search information and the surfing activity give the answer to both the what and why of a users actions. The merged data is much more powerful than the individual components, and serve to fill in the gaps in each other's coverage.

Ironically, even Microsoft is talking about the privacy risks of this merger. Redmond | News: Microsoft Warns of Google-DoubleClick Danger

The Electronic Privacy Information Center (EPIC) has gone so far as to file a complaint with the FCC.

Mixed feelings about Whitehouse use of outside email accounts.

April 19, 2007 by lance in Free Speech, Internet, Legislation, Online Privacy, Surveillance

I have been following a number of stories like this,Congress Follows Email Trail - WSJ.com, about the Whitehouse use of RNC controlled email accounts to discuss the firings of federal prosecutors. The law appears quite clear. Official Whitehouse email is a document that must be retained. Discussions of firing federal prosecutors sounds official to me. Therefore the Whitehouse was wrong to use outside email addresses to keep the discussions secret. I am not comfortable with the law in the first place. Email and other electronic communication media like chat and IM are often used more like casual conversation than formal memos. Few would argue that the President's every word should be recorded at all times. It would make discussion and debate next to impossible. In the process of thinking through an issue one may consider many potentially unpopular ideas, if only for the purpose of argument. Free and unconstrained give and take generally leads to be best understanding and decisions. Free and unconstrained debate can not take place with the world looking over your shoulder and scrutinizing every word.

If we accept that email and chat are used like conversation to hash out ideas, then it is very damaging to the process to place heavy recording and monitoring requirements on it. At the same time, having no oversight substantially reduces accountability. It might even facilitate corruption.

This really shows in a microcosm the greater question of general communications privacy vs. law enforcement access. It is a hard balancing act because there is very little middle ground. Basically you are either monitored or not. Having monitoring of a random half of the messages is going to make everyone unhappy.

Twitter Privacy Risks

April 05, 2007 by lance in Internet, Personal Privacy, Surveillance

In talking to David Utter of SecurityProNews I happened to mention a risk of Twitter that I think has been overlooked. Twitter can put you at physical risk because it can let a stalker or robber know when you are at home or away, and if you are alone or vulnerable. You can read his article on our conversation here