Facebook Session Hijack Video

We discovered a major security hole in Facebook almost by accident. The exploit is so trivial I can't justify calling it hacking. Any time you are on an open WiFi and accessing Facebook, anyone else on the same network can easily grab your credential and access Facebook as you with full access to your account.

We have posted a video demonstrating this to YouTube as well as putting it in the Anonymizer Labs section of our website.

New Anonymizer Knowledge Center

We are working hard to improve our website and would welcome your suggestions and feedback on how to improve it.

One new addition is our Knowledge Center where we are trying to share information about privacy and security issues. Within the Knowledge Center we have a section we call "The Lab" (click the tab in the Knowledge Center).

Anonymizer's R&D team is always discovering new and interesting things so we decided we should set up some place where we can share them. To kick off the new section we have posted two videos. The first is a frightening video about Facebook security, and the second is a video of me which introduces the issue of on-line privacy. We plan to post more articles, white papers, and videos going forward.

Privacy and Corporations at CFP Conference

I am very excited to be organizing a couple of panels at this year's "Computers Freedom and Privacy" (CFP) Conference in San Jose June 15-18.

Historically the conference has focused on personal privacy / freedom issues, technologies, and policies. That was certainly my focus as well when I started Anonymizer. Over time I have become aware of some other aspects to the privacy issue that I have not seen discussed. In addition to corporations impacting privacy of their customers, users, employees, etc. they also have issues and needs for privacy themselves.

Companies activities are monitored, analyzed, blocked, misinformed, and censored. While these have analogs in the personal privacy world, the details, impacts and scale, and solutions to the problems are often very different.

I am organizing a panel to discuss these issues at the conference and would love to hear from others who may have experienced these kinds of issues and would be willing and able to share them at this conference.

Cypherpunk retrospective at 20th anniversary CFP conference

This year the "Computers Freedom and Privacy" (CFP) conference is taking place in San Jose from June 15-18. This year is the 20th anniversary of the conference which helped shape my thinking about Internet Privacy and introduced me to many of the key players in this space.

Around the same time in 1992 an email mailing list started called "Cypherpunks". Members were devoted discussions of Internet freedom and to creating and distributing privacy and security tools. Best known of these are the various flavors of Anonymous Remailers following the original anon.penen.fi.

This seems like a good time to stop and take stock of what has been achieved, lost, and abandoned in the evolution of privacy and anonymity on the Internet. I have organized a panel at CFP of some of the key Cypherpunks from the early days to talk about those early days, and share their vision and insight about where we are and where we should / are likely to end up.

I hope I will see many of you there.

Anonymous iPad anyone?

Having just finished initial testing with the actual iPad device, I am pleased to announce that Anonymizer Universal (AU) provides the same level of support on the iPad that we have been providing for the iPhone and iPod Touch! Considering how these devices are going to be used, the combination of privacy along with the security when using insecure WiFi is really critical.

"Anonymizer Universal" product suite launched!

I am really excited to announce our new product “Anonymizer Universal” (AU), available starting today. AU represents a totally new architecture for our services. Not only is it more powerful, faster, and much more capable, but it now also supports Mac and iPhone platforms! With one subscription you can use it across any of the supported devices.

Our new solution is VPN based, and bypasses any specific software support issues. AU works with any browser. Any program that connects to the Internet will automatically take advantage of AU. All connections between your computer and Anonymizer are cryptographically protected.

AU continues to leverage our massively scaleable backend infrastructure that provides the anonymity and daily rotating IP addresses.

AU will replace both our “Anonymous Surfing” and “Total Net Shield products”. “Nyms” is becoming all web based and will soon be upgraded with new interface options and better integration.

Expect to see more new capabilities and expanded solutions going forward as the renewed and expanded resources we are devoting to these products bear fruit.

Update on new products

Our major new product release is now in Beta. We were hoping to release it in late 2009, but the testing has revealed some issues we want to fix first. I am not willing to compromise on the quality or security of our products. The unsatisfactory result of trying to stretch our old framework to work with new operating systems and browsers drove us to this total re-architecture of the solutions. A nice side effect is that the new products will work cross platform (we should launch with Mac, Windows and iPhone), and support many more programs and protocols than the old solutions. It supports all the latest browsers on all supported platforms.

We don't have a firm ship date yet, but we are getting close.

Question from a long time customer

A long time customer recently sent in the following question. Since it should be of broad interest, I asked his permission to anonymous post and answer it here.

How do you know that subscribing to an anonymizer does not simply mark you for observation? We all know the NSA is capable of intercepting any electronic communication, and with gajillions of electronic communications happening every second, how would the NSA (or the FBI or the CIA or whoever it is who watches us) know which of those communications to watch? Seems like the people wanting anonymity would be the first on the list. Surely they COULD, couldn't they? That is, get the subscriber lists, which would enable them to intercept communications this side of the proxy - i.e., intercept on the way out, on the way TO the proxy, BEFORE it gets securely tunneled? And no, that would not be possible with the web, but it would with email. Supposedly. This is what has been proposed to me. What do you think? Does it have any validity?

It is certainly the case that the government could, in principle, monitor your access to privacy services. As long as that access is over a strongly encrypted connection, the contents of your communication, what sites you are visiting or who you are communicating with would be protected. The strength of your anonymity is then largely determined by the number of other users of the same service with which your traffic is being mixed.

In the United States, the use of privacy tools is not restricted. Strict separation of intelligence from law enforcement functions should prevent drift net monitoring of your use of Anonymizer from leading to any kind of legal investigation. The huge number of Anonymizer subscribers would also make this difficult and highly visible.

Outside of the US it is another story. Many countries exercise much greater control over the Internet. Even if it were not blocked by the Iranian government, accessing the Anonymizer website from within Iran would be a risky activity. Once again, the key here is safety in numbers. We have run anti-censorship tools in Iran that supported over 100,000 users. With those numbers, it is awkward for the government to go after people simply for using the service. This is not to say that if you are already under observation for some other reason that it would not give them added ammunition. Privacy tools are generally very effective at keeping you below the radar, but can be much less effective once you are on the radar for whatever reason.

The reality is that there is no evidence of widespread Internet surveillance being used in the US to track users of privacy services. As long as the connection to the service is well encrypted, you should be fine.

Sarah Palin email hacker

There have been a lot of articles lately talking about the fact that the person who hacked in to Sarah Palin's Yahoo! account used "an anonymizer". The articles also say that the privacy provided was compromised. The unfortunate misuse of Anonymizer's registered trademark has created some confusion. The person who hacked the account used a privacy service, but not one connected in any way to Anonymizer Inc.

Changes at Anonymizer

It has been a while since the last major change to the product suite at Anonymizer. We have been thinking long and hard about how best to continue to improve the services we offer. Anyone who has been an Anonymizer customer or has ever read my blog knows of my staunch commitment to listening to our users and providing the highest quality offerings available.

Some of our products provide important capabilities, but are not unique or distinctive to Anonymizer. Lately our development team has been spread thin updating and improving a wide range of software services. I want to make sure we are focusing on our core Anonymizer tools and making them the best they can be. As part of this continuing effort, I wanted to let you know that we’ve decided to discontinue offering our Dial-Up, Digital Shredder Lite and Anti-Spyware features, effective September 15, 2008. Doing so will ensure that we can remain focused on our Anonymous Surfing, Total Net Shield, and Nyms services.

You can find the official word on this at our Anonymizer Support Center  https://www.anonymizer.com/support_center/. Subscribers can also call our dedicated customer support team at 888-270-0141 between the hours of 7:30 a.m. and 5 p.m. PST Monday-Friday.

Please leave your suggestions for how we can improve our core products either here, or better yet as feedback to our customer support center. The Internet makes for a rapidly changing landscape. Only with your suggestions can we continue to shape Anonymizer to meet your needs.