Security of offshore servers becoming even more illusory.

EU flag on keyboard

If this amendment passes, it will significantly reduce the perceived advantages of using servers outside the US. No only would the server still be subject to whatever legal process exists in the hosting country, but they would also be open to legal hacking by the USG.

Newly Proposed Amendment Will Allow FBI to Hack TOR and VPN Users | Hack Read

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.

Brazil enforcing ban on Anonymity

Sauron-BrazilA Brazilian court is enforcing a constitutional ban on anonymity by requiring Apple and Google to remove Secret, an anonymous social network chatting app from their app stores. Microsoft is being required to remove Cryptic, a similar windows phone app. In addition to that, they have been ordered to remove the app from the phones of all users who have installed it. These kinds of retroactive orders to have companies intrusively modify the contents of all of their customer’s devices are concerning. At least these apps are free, if users had paid for them, that would introduce another complication.

One wonders how this will apply to tourists or business travelers visiting Brazil. Will their phones be impacted as well?

The law exists to allow victims of libel or slander to identify and confront their those speakers.

While this ruling only applies to Apple, Google, and Microsoft, and only with respect to the Secret and Cryptic apps, the underlying principle extends much further. There are still final rulings to come, so this is not the last word on this situation.

Anonymizer has had a great many Brazilian customers for many years. Anonymizer provides those users important protections which are well established in international human rights law. We certainly hope that they will continue to be allowed to use our services.

Brazil Court Issues Injunction Against Secret And Calls For App To Be Remotely Wiped | TechCrunch

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.

How genealogy data can lead to identity theft

HiRes

Irish Data Protection Commissioner Billy Hawkes has stepped in to have a database of civil registration records removed from the website IrishGenealogy.ie. The problem is that the database contains information on living persons which is often used for identity verification.

That would include things like mother’s maiden name and birth date. While these are public records, previously they had required payment of a fee, and it was not easily searchable on-line.

Of course, in the era of social media, these kinds of authenticators should have been disposed of long ago. Too many of them can be easily discovered by looking through Facebook accounts and the like.

This case also highlights the troubling nature of public records. In the past records were public in the sense that anyone could go to a government building and access the paper records. They could not be easily be searched as a whole, and the entirety of the records pulled into a private database. This is a kind of security by obscurity, but a useful one. With Internet records, many people are not comfortable with just how public much of this information is. The old inconvenience placed a low but real barrier to data access, effectively insuring that it was only done for specific people and for specific purposes. It is not at all clear how to get that without loosing all the advantages of Internet accessibility.

Personal details removed from site over ‘identity theft’ concerns

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.

Vodafone shows global scope of surveillance

Vodafone logo

Vodafone Lays Bare Scale of Phone Tapping - WSJ

Vodafone recently released a "Law Enforcement Disclosure Report”. Because Vodafone provides services in so many countries, this provides a unique  insight into the range of surveillance capabilities and requirements across a spectrum of nations. In six countries they are required to provide direct connections to their network for the local government. This allows those governments to capture content and meta-data without making individual requests to Vodafone. They are not saying which 6 countries those are out of fear of penalties or retaliation.

In Albania, Egypt, Hungary, India, Malta, Qatar, Romania, South Africa and Turkey it is illegal to reveal information about various kinds of intercepts, so the report does not provide information on those countries.

The report also provides good information on the frequency of requests for information from various countries.

One lesson from this is, despite the impression one might have gotten from the Snowden leaks, the US is far from the only country doing this kind of surveillance. 

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.

Do sanctions prevent dissidents from accessing secure communications tools?

Stomp by boot US Tech Sanctions In Sudan Are Empowering The Regime, Tamping Down Opposition | Techdirt

This article makes an interesting argument that sanctions against repressive regimes, particularly sanctions that block providing communications and security technologies to end users, harm dissidents more than they do the repressive regimes they are designed to target.

In particular, companies are unable to provide cryptography and anonymity tools to the people who really need them.

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook and Google+.

Turkey passes new laws to enable rapid Internet censorship.

Turkey Rubber StampTurkey passed legislation to allow the government to censor access to websites within four hours of receiving an allegation of privacy violations. WSJ Article behind paywall.  CNET Article The law also requires web hosts to store all traffic information for two years. While the putative purpose of the legislation is privacy protection, it is widely assumed that this is an attempt to grab more control of the Internet, which has been repeatedly blasted by the Turkish government reporting on government corruption and graft.

As usual with these attempts at censorship, interested citizens can generally get around them. VPNs like Anonymizer Universal allow anyone to punch a hole through the national censorship firewalls to access any content.

I would be very interested to hear about efforts to block tools like Anonymizer in countries enforcing Internet censorship, like Turkey and the UK. Blocking of circumvention tools is already well documented in both China and Iran, and has been seen sporadically in many other countries.

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook and Google+.

Shanghai getting more relaxed great firewall

The South China Morning Post reports that the ban on Facebook, Twitter, the New York Times, and many other sites, will be lifted, but only in the Shanghai free-trade zone.

The information came from anonymous government sources within China. The purpose is to make the zone more attractive to foreign companies and workers who expect open Internet access. The sources say that the more open access may be expanded into the surrounding territory if the experiment is successful.

It will be interesting to see if this actually comes to pass.

Two questions occur to me. First, will the free-trade zone be considered to be outside the firewall, and hard to access from within the rest of China? Second, is this as much about surveillance of activity on those websites as it is about providing free access?

The Privacy Blog Podcast – Ep.11: Lavabit & Silent Circle Shutdown, Hoarding Bitcoins, and “Spy” Trash Cans in London

Welcome to Episode 11 of The Privacy Blog Podcast, brought to you by Anonymizer. In this episode, I’ll discuss the shutdown of secure email services by Lavabit and Silent Circle. In addition, we’ll dive into the problem with hoarding Bitcoins and how you can protect yourself while using the increasingly popular online currency. Lastly, I’ll chat about whether teens actually care about online privacy and an ad agency’s shocking decision to use high-tech trash cans to measure Wi-Fi signals in London.

Please leave any questions or feedback in the comments section. Thanks for listening.

Japanese ask sites to block "abusive" TOR users.

Wired reports on a move by the Japanese government to ask websites to block users who "abuse" TOR. 

I assume that TOR is being used as an example, and it would apply to any secure privacy tool.

The interesting question is whether this is simply a foot in the door on the way to banning anonymity, or at least making its use evidence of evil intent.

Currently, public privacy services make little effort to hide themselves. Traffic from them is easily detected as being from an anonymity system. If blocking becomes common, many systems may start implementing more effective stealth systems, which would make filtering anonymity for security reasons even harder.

Syria switches tactics and kills their Internet

Fast Company has a good article laying out the state of events regarding the Internet in Syria.

Here is the short version. Syria has changed tactics from keeping the Internet available but highly monitored and surveilled, to turning off apparently absolutely all Internet connectivity within the country. 

Syria was unique in its cyber response to their Arab Spring uprisings. Rather than lock down the Internet, they actually un-blocked some popular social media sites. They did this because of the incredible surveillance capabilities this makes possible. Business Week has a nice story on this aspect.

The change of face would seem to have a few possible reasons.

1) Dissident tactics like encryption are making the surveillance less effective.

2) The damage from dissident publishing is greater than the value of the intelligence.

3) The Syrian government is about to do something really nasty and they want to make it very hard to report about it.

We shall see. The fact that the Syrian government appears to have turned off even its own Internet access suggests that they are worried about any leaks through the wall, which makes reason 3 seem more probable.

Interesting study of message deletion censorship

This article from Threatpost discusses a study out of CMU of Chinese censorship of their home grown social networking websites.

Now that they are blocking most of the western social media sites entirely, the focus of censorship is internal. Obviously blocking the internal sites as well would defeat the purpose, so they are selectively deleting posts instead. This study looks at the rate at which posts with sensitive key words are removed from the services.

It clearly shows how censorship can be taken to the next level when the censor controls the websites as well as the network.