TOR may actually reduce your privacy

in , , , ,

WikiLeaks seeded its database of documents by intercepting traffic through a TOR node they were operating.

This article at Wired highlights an almost buried section of this New Yorker interview with one of the founders of WikiLeaks.

Before the WikiLeaks site went live, the founders noticed that hackers were transferring stolen government documents over the TOR network. They captured over a million of these documents to form the initial core of the WikiLeaks archive.

This shows once again what I have been saying for a long time. Any privacy system that allows any untrusted and unknown person to become part of the infrastructure and have access to cleartext information is fundamentally flawed.

Any person with malicious intent can easily set up a TOR node and begin exactly the same kind of data collection that the WikiLeaks folks practiced.

Reputation is everything in this business. It is not practical for typical individuals to properly vet their providers. Track record, reputation, and respected third party endorsements are your best bet when choosing a privacy or security provider. Look for those for everyone who has access to your information.

Copy & Paste intercept / snoop

in , , ,

John Gruber at Daring Fireball posted this interesting article on the growing practice of websites intercepting your attempts to copy text from their pages. They are actually modifying the contents of your clipboard and tracking the fact that you have clipped the information.

The referenced cases seem to be doing it for marketing and informational purposes, but there are many ways this could be used in more aggressive ways.

Imagine a site with sample code which (when copied) inserted some damaging code in to the middle of a large block.

I am worried that this capability exists at all within browsers. It seems like a major security vulnerability to me.