Forgot your password?
typodupeerror

Anonym.OS a Boon for Privacy Geeks? 403

Posted by ScuttleMonkey
from the what-happens-online-stays-online dept.
The Hosting Guy writes "Wired is running an article about a live CD that makes anonymous browsing easy enough for everyone. 'So easy to use you can hand it to your grandmother and send her off on her own to the local Starbucks.' Anonym.OS makes extensive use of Tor, the onion routing network that relies on an array of servers passing encrypted traffic to permit untraceable surfing."
This discussion has been archived. No new comments can be posted.

Anonym.OS a Boon for Privacy Geeks?

Comments Filter:
  • Privacy Geek (Score:5, Interesting)

    by (1+-sqrt(5))*(2**-1) (868173) <1.61803phi@gmail.com> on Monday January 16, 2006 @07:30PM (#14486534) Homepage
    I'm decidedly uncomfortable with the neologism "privacy geek [google.com]": it implies that wanting to be left the hell alone is now fringe.

    Has the will to un-molestation finally passed out of mainstream?

    • Re:Privacy Geek (Score:5, Insightful)

      by DogDude (805747) on Monday January 16, 2006 @07:51PM (#14486697) Homepage
      Has the will to un-molestation finally passed out of mainstream?

      There's a big difference between not wanting the government to tap your phone and not wanting web sites to put a cookie on your PC. The latter is a "privacy geek" thing, and yes, that level of privacy is fringe.
    • Re:Privacy Geek (Score:4, Insightful)

      by poot_rootbeer (188613) on Monday January 16, 2006 @08:16PM (#14486891)
      Has the will to un-molestation finally passed out of mainstream?

      Funny you should mention "molestation", because guess what behavior Big Brother is going to cite when they crack down on anonymous Internet proxying?

      I value my privacy and will fight tooth and nail to preserve it. However, "privacy" and "anonymity" are not the same thing.

      My home is private. My computer is private.
      Anything I do outside of my home, whether I travel via foot or via wire, is public and there's a possibility that I may be seen or even recognized.
      • Re:Privacy Geek (Score:3, Insightful)

        by whoever57 (658626)
        Anything I do outside of my home, whether I travel via foot or via wire, is public and there's a possibility that I may be seen or even recognized.
        So you don't think warrants are required for any phone taps?
      • Re:Privacy Geek (Score:4, Interesting)

        by Anonymous Coward on Tuesday January 17, 2006 @01:38AM (#14488356)
        "Anything I do outside of my home, whether I travel via foot or via wire, is public and there's a possibility that I may be seen or even recognized."

        Being "seen" or "recognized" as in the pre-computer-age sense isn't the issue. The issue is having the minutiae of your online and offline behavior recorded, wherever you go and whatever you do.

        How do you think the police would react if you, a private citizen, set up cameras recording all of their officers as they left and returned to their station. You would deploy robotic cameras to follow them on the public roadways. You'd correlate this video with officer names and pictures and store it in a database, which you'd sell to anyone who would pay your price. I don't think they would permit you to do it for long.

        This is essentially what they want to do to us. Why should we permit it, when they won't permit us the same privilege? Are police some sort of superbeings who won't use this imbalance to their own advantage? Are they the world's most perfect database administrators and programmers, who will never leave any flaws or bugs that would let someone steal this information? Are they free of bureaucracy and able to establish truly secure protocols for the management of this information?

        It's a power grab, plain and simple, happening online and offline. Technology isn't the problem; the problem is that the current authorities are seizing the initiative to establish every new technological application in their own favor, further empowering the powerful and weakening everyone else.
      • Re:Privacy Geek (Score:5, Insightful)

        by adolf (21054) <flodadolf@gmail.com> on Tuesday January 17, 2006 @02:19AM (#14488474) Journal
        ...there is also the possibility that, while outside of your home, you might elect to wear a mask or makeup, in a deliberate attempt to disguise your identity. You might also speak softly, or with a characteristically different voice, or in a different language. You could carry cash, instead of credit cards or checks.

        Nothing wrong with any of that, even if it does look a bit out of place to those around you.

        Now then, I might elect to use Tor, PGP, S/MIME, OpenVPN in a deliberate attempt to disguise my identity.

        And there's nothing wrong with that, either.

        The notion that I might be conducting myself "in public" does not require me to wear my secrets on my shirtsleaves.

    • un-molestation (Score:5, Insightful)

      by rodentia (102779) on Monday January 16, 2006 @08:17PM (#14486896)

      The idea that one might live one's life in private and without fear of molestation is a *very* recent phenomenon. It's not passing out of the mainstream, it never quite arrived there.

      The right to privacy is a post-war interpolation from the set of Constitutional rights. It was hardly a consideration before single-family households became common beyond the elite classes consequent to industrialisation. The very idea of private life took meaning from the distinction to be drawn between the public and private duties of the landed gentry, whether he was acting as public judge or administrator of his chattel. The idea that citizens required more privacy than that demanded by Christian modesty simply did not occur. It is only in the last generation that anyone became actually interested in the details of your private life. Before the information age, such trivia had no value beyond the prurient, of interest only to busibodies and the beat cop; again, unless you were a name.

      • Re:un-molestation (Score:3, Interesting)

        by Anonymous Coward
        You make some valid points, but on the whole, I disagree.

        People have an inherent concept of public vs. private space, just like they have an inherent concept of property. Neither of these things were magically created by feudalism, still less by industrialization. Even animals like dogs understand the concept of territory, and they will fight when another animal intrudes on that territory.

        It's true that in the course of history, some people got a lot of private space, and some people got the shaft. And yes,
      • Re:un-molestation (Score:3, Insightful)

        by ClamIAm (926466)
        The right to privacy is a post-war interpolation (sic) from the set of Constitutional rights.

        I don't see how "unresonable search and seizure" and "no troops shall be quartered in private homes" can really be interpreted in any way other than "leave me alone, unless there's a legitimate reason". Some links to research backing up your assertions would be nice.

        • Re:un-molestation (Score:3, Insightful)

          by Elemenope (905108)

          Actually, grandparent is basically correct; what you are forgetting is that the primary concern of citizens during most of our history is insulation against state power, and the Third and Fourth Amendments are restrictions specifically upon the power of the state to intrude substantially into the personal private sphere.

          It would not have occurred to anyone for any time except basically our own (with our historically unique communications and information extraction and analysis tools) that the private info

      • Re:un-molestation (Score:5, Informative)

        by techno-vampire (666512) on Monday January 16, 2006 @10:20PM (#14487546) Homepage
        The right to privacy is a post-war interpolation from the set of Constitutional rights. It was hardly a consideration before single-family households became common beyond the elite classes consequent to industrialisation.

        Both the concept of privacy and the right to it go back much farther than you believe. As a simple example, do you think the inhabitants of a Roman insula (Equivalent to a modern apartment house.) had a communal lifestyle? No, of course they didn't, any more than renters in a modern apartment complex do today, and for the same reason. Each family has their own private space, and what they do there is nobody else's business. I suggest you study at least a little history before you start sounding off about it again, lest you put your other foot into your mouth.

        • Re:un-molestation (Score:3, Interesting)

          by mrchaotica (681592)
          I hate to break it to you, but Roman insulae are a pretty bad example to use in this case, since they were more similar to college dorm rooms than modern apartments. For example, they tended to consist of only one or two small rooms -- a bedroom and (maybe) a sitting room. Residents used communal toilets and baths, and bought food from vendors rather than cooking for themselves (especially since cooking in their room was likely to burn down the whole building!). Also, since windows were just opened or cu
    • Another thing wrong with the story is that they didn't post a link to the CD: Anonym.OS LiveCD [sourceforge.net].

      That's the first time I've ever known a Slashdot editor to be sloppy.
    • First off, "privacy geek" isn't a neologism. To get one of those, you have to invent a completely new word or at least use an old word or phrase in a completely new way. There's nothing new about "privacy" or "geek" and there's nothing particular special about using the two words together.

      (One reason I stopped contributing to Wikipedia: members of that community love to use the word "neologism" but obviously have no idea what it actually means.)

      Anyway, geekhood is hardly fringe. A geek is just somebody

  • by Anonymous Coward on Monday January 16, 2006 @07:30PM (#14486538)
    Since Slashdot bans most Tor proxies from making comments. Perfect for geeks, eh?
  • anonymous? (Score:5, Informative)

    by Lord Ender (156273) on Monday January 16, 2006 @07:31PM (#14486543) Homepage
    With enough confederate nodes, tor can certainly be tracked. It isn't likely to happen, but it is possible.
    • by Anonymous Coward on Monday January 16, 2006 @07:39PM (#14486614)
      Confederate nodes?

      Can't you just declare war and have them rejoin the union?
    • by SuperBanana (662181) on Monday January 16, 2006 @10:25PM (#14487563)
      With enough confederate nodes, tor can certainly be tracked. It isn't likely to happen, but it is possible.

      Just by running a tor node, you get the oppertunity to collect login+password information for any non-ssl site tor users log into. You also get to see cookie information to boot. Hey, at some point, the traffic has to exit the tor obfuscation network, and if you run a node, you're going to get a bunch of that traffic. It's only a matter of time.

      That's why I refuse to use "anonymizer" networks like tor. You can't even login to your damn webmail, without giving away your account information.

      • I think that either you or the users you have in mind are missing the point of an anonymous Internet proxy. The idea is that when you go through a proxy network, the website you're viewing/posting can't (easily) identify you by your IP. Sure, the site admins can see what you posted, but they can't be sure where it originated.

        If you're worried about man-in-the-middle attacks, then the website you're visiting is probably the party you trust most in the transaction, and every step that your info takes along the way is another set of eyes that might be snooping on it. In this situation, you are correct that an anonymizing proxy will probably result in subjectively poorer security.

        Then again, any website that has private data that you'd like to keep that way most likely has SSL enabled anyway. If you're using an end-to-end SSL-enabled webmail service like Gmail (httpS://gmail.com), and you trust 128-bit SSL, then you've probably got nothing to fear*. If you don't trust SSL, then you're probably worried about Big Brother and No Such Agency and the like. In this case, you're probably better off just hiding under your bed.

        *Note that Yahoo! mail SSL-enables only their login page. Anybody in the middle running a packet sniffer or checking their web proxy logs can see your mail when you read it. They just can't see your Yahoo! password.
  • by Amoeba (55277) * on Monday January 16, 2006 @07:31PM (#14486544)
    From the article: "If Granny's into trannies, and doesn't want her grandkids to know, she should be able to download without fear," says Taylor Banks, project leader.

    This is why co-workers and I have been working on Fappix - The Pornnoisseur Distro. Not only can you browse anonymously but you have several thousand pre-bookmarked pages to choose from in categories ranging from Amateur Nudes to Bukkake Hentai to Puke porn. You have a hankering for some DP? We got it. Maybe a little fisting for those slow lonely nights at home. Nothing but the best for our users!

    Never worry about having the correct video codec or player again as they will all be pre-installed! No more waiting another 20 minutes to download and install some obscure viewer just so you can rub on off to Kismet the Albino Sheep Goes to the Circus!

    With our patented "Live (Hand) CD" technology you simply boot from the disk and off you go into fantastic realms of spanktacular fun without the worry of spyware, malware, trojans, or incriminating cache files again. You'll never have to blame that spandex scat video on "some spam or something" ever again!

    Fappix. The sound of one hand clapping.

  • by Amoeba (55277) * on Monday January 16, 2006 @07:34PM (#14486567)
    "If Granny's into trannies, and doesn't want her grandkids to know, she should be able to download without fear," says Taylor Banks, project leader.

    'So easy to use you can hand it to your grandmother and send her off on her own to the local Starbucks.'

    Am I the only one who finds the juxtaposition of these two quotes alarming? I don't want gamgams to end up in the pokey (pun intended) for inappropriate behavior at Starbucks. That would be weird.

  • by dada21 (163177) * <adam.dada@gmail.com> on Monday January 16, 2006 @07:39PM (#14486605) Homepage Journal
    I've been very interested in the world of anonymous information sharing -- possibly as a replacement for the normal IP-based Internet. Maybe someone out there can answer a few questions:

    1. What are the theories behind simple anonymous sharing of data? (I know there are newer versions of P2P beyond Torrent that allow for a third party mediator between two anonymous parties. This seems like a start to making a truly free-speech undernet.)

    2. Is it possible to completely diversify the Internet away from IP-based hosting to a new swarm-network of anonymous users all hosting little pieces of various forms of information? 2b. Is anyone working on this swarm idea?

    3. As information becomes more accessible, will the need for information privacy be important? 3b. Is it more important to create a totally anonymous information sharing network than it is to work on harder to break encryption schemes?
    • I'm not an expert in anonymizing, but: to receive any information (really *any* - network packets, postal packages, etc.) efficiently, you have to have a unique address, and the party that sends the information must know it. Therefore, the path of that information can be tracked.

      The only way I see to guarantee anonymous receiving is some kind of broadcast - for example as exists with satellite downloading systems: the information is always broadcast by the satellite to a really wide area, in which any part

      • by drix (4602)
        Yes, to track a tor session from server to end-user is theoretically possible. Guess what? So is time travel. The confluence of circumstance and technology needed to make either one actually happen make them practically impossible. I don't know tor all that well, but I'd be damn surprised if they did any sort of connection logging whatsoever. So, your quest ends at hop one unless you've managed to root that box. I don't know tor all that well, but I'd be damn surprised if they were bouncing each conn off
    • by Jim McCoy (3961) on Monday January 16, 2006 @08:12PM (#14486845) Homepage
      1. What are the theories behind simple anonymous sharing of data?

      It depends on what you mean by the terms "simple", "anonymous", and "sharing." Seriously. There is a lot of crypto research out there that touches upon the various possibilities, but it all boils down to this: the more anonymity you have in the network the higher the cost of using that network for everyone involved (where cost == increased bandwidth & CPU consumption and increased message passing latency.) In terms of what is possible there is basically a big dial, labelled "apply various crypto protocols and message-hiding techniques", that you can turn to decide how much inconvenience you are willing to put up with in return for better privacy.

      2. Is it possible to completely diversify the Internet away from IP-based hosting to a new swarm-network of anonymous users all hosting little pieces of various forms of information? 2b. Is anyone working on this swarm idea?

      Possible, but difficult. The difficulty increases significantly if you want to ensure reliability & availability of the data provided by the swarm or provide the nifty "web 2.0" trappings that most people have come to expect from web sites. Various projects are working on components of this mythical system, ranging from the Tor networking system mentioned in the original post to the Invisible Internet Project and GNUNet. Nailing the whole package in a single effort is a non-starter for anyone who has even casually glanced at the relevant research necessary to begin such a project, so each effort focuses on one specific aspect and eventually it might be possible to combine these efforts into a single coherent sytem.

      In other words, don't hold your breath waiting for this one to actually come about.

      3. As information becomes more accessible, will the need for information privacy be important? 3b. Is it more important to create a totally anonymous information sharing network than it is to work on harder to break encryption schemes?

      I won't bother trying to answer the first part of the question because it is a matter of personal preference. As far as the second half of the question goes, having good end-to-end security does not help you if either of the endpoints is compromised; a malicious server can reveal that you are surfing for child porn while a malicious user can reveal that your site is distributing bomb-making recipes with no need for the points in between the two ends to break the communications encryption.
    • 1. What are the theories behind simple anonymous sharing of data?

      For starters, turn as many people as possible into open proxies. Then encrypt traffic between those proxies. Get brave volunteers to allow their machines to be end-nodes (places where traffic is allowed to exit and enter the network) instead of just routing nodes. Ideally, the end-nodes should be located in countries with a) negligible computer-crime budgets, or b) negligible computer crime laws. This has a detrimental effect on network laten

  • Fantastic! (Score:5, Funny)

    by wmajik (688431) <(wmajik) (at) (yahoo.com)> on Monday January 16, 2006 @07:40PM (#14486620) Homepage Journal
    So easy to use you can hand it to your grandmother and send her off on her own to the local Starbucks.

    Fantastic! I've always thought copious amounts of caffeine and an anonymous method of browsing for porn were meant for ubergeeks like myself, but now that my *grandma* can do it as well, that's just fantastic!

    ... (pause)...

    OH GOD, MY EYES!!!
  • My understanding is that Starbucks and other places use unsecured, unenrypted wireless networks - so that anyone can get on without much hassle. Is there really any way to have reasonable security over one of these networks? Is there really a way to ensure (or at least be pretty sure) the guy with the laptop on the other end of the shop isn't picking up my passwords and info when I connect to such a network?
    • Yes. Use encryption. Encryption in your email client, encryption in your browser. Tor does this, but so does https and ssl.
      • Ok, more newbieish questions ...

        So if I'm at Starbucks (or anywhere else on a network that's not using WPA or WEP or whatever), and I type in my credit card info to an online store that's using HTTPS, I'm reasonably safe?
        • yes.

          Think about it this way:
          HTTPS etc encrypt your data before it is sent to the wireless card
          WPA/WEP encrypts the data as its recieved on the wireless card, then transmits it

          not quite right but basicly, HTTPS encrypts data before it would be encrypted for WPA wireless.
        • by jrockway (229604) * <jon-nospam@jrock.us> on Monday January 16, 2006 @08:12PM (#14486856) Homepage Journal
          If the certificate validates, then probably yes.

          If it doesn't validate, it means that someone could have setup a web server pretending to be the one asking for your credit card. It's a common man-in-the-middle attack, and is very easy to do with automated tools (like ettercap). You are protected, though, since the certificate (shouldn't be) valid in this case... the trusted CAs are trusted because they won't give a valid certificate to someone that's doing MITM attacks in Starbucks. (However, the CAs have been known to lapse. A certificate was granted a while back to something like paypa1.com and was used to phish paypal details. Users thought it was OK because the cert was valid, but it was valid for the wrong site.)

          Either way, be careful.
  • by putko (753330) on Monday January 16, 2006 @07:53PM (#14486712) Homepage Journal
    You might think from the daemon logo that it is a FreeBSD-based thing.

    It isn't -- it is OpenBSD-based. So you'd figure the encryption would be top-notch. Also the OS is already very secure. That's what they focus on, to the exclusion of other things.

    OpenBSD is quite reliable. If it includes drivers for hardware, they work.

    Also, they only use code that they can look at. No blogs of code (like Linux or FreeBSD) are allowed. That's because if you can't inspect them, the NSA or an attacker might have put some bad code in there. It is because of things like this that Theo De Raadt won a prize from Stallman for his contributions to free software.
  • by Deagol (323173) on Monday January 16, 2006 @07:56PM (#14486737) Homepage
    Back in the early 90's, when I was new to the 'net, I remember uncovering all these programs and concepts that gave me hope that people would be able to wander the internet truly anonymously. I discovered PGP, anon.penet.fi, the whole cypherpunk movement (crypto, remailers, etc.), anonymoizer.com, Chaum's eCash. Things were rough around the edges, and tough to use for a internet newbie, but progressing along fast enough that I thought we'd actually see Joe Sixpack able to easily utilize these tools. Someday.

    I'd check on these projects every few years, until finally, I sorta gave up on following them. They seemed to stagnate, never getting beyond the fringe.

    A year or so ago, I wanted to the utilize mixmaster remailers, and I *still* wasn't able to find an up-to-date, lucid HOWTO or a client that didn't require a *lot* of work to use.

    I haven't actively sought these tools in a while, so maybe they've caught up. But I keep my ear to the wall, and I have yet to hear any murmers of good anonymizing technologies, nor do I ever see any passing references to people using them.

    I have assumed that the movement is either dead (nobody cares anymore) or ubiquitous (it's common knowledge and no big deal). Somehow, I kinda doubt it's the latter.

    I've been toying with an idea for a site/system in the spirit of the Mixmaster remailers, but I want to be able to evaluate the current technologies before I totally re-invent the proverbial wheel. (Plus, I wish to be as anonymous in the registration and publication of the site as possible). I'd *love* some pointers.

    • by GigsVT (208848) * on Monday January 16, 2006 @08:24PM (#14486938) Journal
      The cypherpunk movement is dead. Just scanning the slashdot comments and reading all the "If you don't have anything to hide, why are you concerned?" posts makes that obvious.

      At one point in Internet history, we (the libertarian/anarchists/cypherpunks) thought it might bring a new era of freedom. BBSs had given us a taste, and many people expected the Internet to be like a huge BBS, with everything you could imagine on it.

      And it was, for a while.

      Then some copyright lawyers started jumping on board, and harassing lyrics sites.

      The Scientologists started suing people left and right.

      Spam started snowballing.

      MP3s cause the record companies to start wishing people were only trading lyrics.

      Late 1998 though 1999 was the high point I think. Geeks were Gods. Stories of geek millionaires were all over the place. The US finally watered down the stupid crypto regulations. Things were looking up.

      Then the Columbine shootings happened.

      The 2000 elections brough all kinds of leftists out of the woodwork. Remember Nader? He sure got enough astroturfing here on Slashdot.

      The so called "anarchists" get all over the news acting like total fuckwads at WTO "protests".

      The WTC attack caused all the people with comfortable lives that liked to think they were cypherpunks to turn. Pull up some stories from Slashdot on 9/11 and 9/12 and see how many people were so willing to offer up the liberty for a slice of security. PATRIOT act flies through with little hassle.

      News media reduced to saying things like "Some civil libertarians have concerns" instead of "What the fuck are they thinking?"

      Scam artists hiding behind patent law started really milking it.

      So you have left what you have today. An environment where you can't really do anything without the risk of lawsuit or arrest. I see things slowly shifting back toward the side of freedom, but it's been a slow recovery.

      If Steve Jackson Games Raid happened today, would people be outraged enough to form something like the EFF? I doubt it.
    • Try my FireFox extension [mozilla.org]. It has DES encryption that can be used for email clients, forums, etc. Any text or binary actually. It is true that the other party has to know what password you used for encryption, but that can be agreed upon.
    • I haven't actively sought these tools in a while, so maybe they've caught up. But I keep my ear to the wall, and I have yet to hear any murmers of good anonymizing technologies, nor do I ever see any passing references to people using them.

      There's your problem. You are supposed to put the glass to the wall and your ear to the glass.
  • by argoff (142580) on Monday January 16, 2006 @08:18PM (#14486906)
    I'll believe it wen I see it.

    Like, have they downloaded/posted credit card numbers, kiddy porn, terrost plots, maybe post a promise to kill the president, and customized ones for several western and radical countries? Maybe send death threats to the head of the CIA, FBI, and NSA? Maybe the russian mafia? Maybe the israli secret police?

    If people start getting away with those kind of things, then I'll conisider it.
    • > have they downloaded/posted credit card numbers, kiddy porn, terrost plots, maybe post a promise to kill the president, and customized ones for several western and radical countries?

      Holy shit, where did you get a copy of my to-do list at? Apparently I need to encrypt my information a bit better myself.
  • TOR (Score:4, Informative)

    by Jesus 2.0 (701858) on Monday January 16, 2006 @09:41PM (#14487374)
    I stopped using TOR when I discovered the name of one of the common exit nodes. I forget exactly what it was, but I kid you not, it was something like "datapirates.org".
    • Re:TOR (Score:3, Insightful)

      by TCM (130219)
      An important thing to note is that Tor provides IP-based anonymity, not privacy. It _only_ helps to hide your IP address. If you send the password for your anonymous e-mail account in cleartext, the last node can intercept it. Actually, when I was running a Tor node, I sniffed people's traffic to see what they were doing. That didn't help me know _who_ the person was, unless he posted his name in cleartext somewhere. This is something you should expect. Tor nodes are random people with unknown interests. Th
  • Torrent Download (Score:5, Informative)

    by HazE_nMe (793041) on Monday January 16, 2006 @09:54PM (#14487431) Homepage
    I couldn't find a torrent link in the comments, so here is one:
    http://linuxtracker.org/download.php?id=1249&name= anonymos-shmoo.iso.torrent [linuxtracker.org]
    175seeds to 700peers as of 6:53PM MST
  • by davidwr (791652) on Monday January 16, 2006 @10:54PM (#14487684) Homepage Journal
    [Grandma] Where's the blue E?
    [me] There's no blue E grandma, click on the orange and blue ball.
    [Grandma] What does "Server not found" mean?
    [me, muttering...] fsck'ing TOR timeouts
    [Grandma] What was that again, I couldn't hear you.
  • by TheRon6 (929989) on Tuesday January 17, 2006 @01:35AM (#14488350)
    What are you saying? Is this like... better than the "Post Anonymously" check box and stuff?
  • by gavinmead (112093) on Tuesday January 17, 2006 @01:54AM (#14488406)

    I've just updated the kaos.theory blog with some further information about Anonym.OS and some responses to blog, article, and comment criticism:

    http://theory.kaos.to/blog/archives/2006/01/17/kao stheory-responds/ [theory.kaos.to]

    First of all, I'd like to take a moment to express, on behalf of kaos.theory, how excited and flattered we are by all of the attention that we and Anonym.OS have received. We always thought we were working on a cool project, but we really underestimated the overwhelming response that we've had. Scores of terabyte upon terrabytes of data have flowed and the hit counters keep on ticking. It appears that privacy is as big of a concern for a large segment of the population as it is for us.

    That being said, there have been a few comments made and viewpoints published that we would like to address while we have the bully pulpit provided by the good folks at digg, Slashdot, Reddit, Wired News, and Ars Technica, among others.

    USB
    In the article written and posted at Wired News, Ethan Zuckerman makes the excellent point that rebooting really isn't an option for many living in oppressive, hostile regimes. Additionally, Mr. Zuckerman suggests the use of a bootable / emulated Anonym.OS environment available from a removable, USB key chain device. This is a feature that we have already incorporated into our road map and that we hope to release very soon.

    For now, we need as many people as can reboot or run a session in VMWare / Virtual PC / QEMU to please please please test our release. We're not at 1.0 yet, contrary to some postings and articles. Our hope with this release is to solicit feedback from the community concerning features, bugs, and suggestions for everything from desktop wallpaper to file system optimization. Immediately after the Shmoocon talk, all of the members of the group happily fielded questions and comments from audience members that included many suggestions that we intend to incorporate quickly. This type of candid environment is one of the many traits that make Open Source a success and it's what we need in order to keep Anonym.OS growing and on a positive track.

    The "China Problem"
    Some have asked how we intend to deal with the "China Problem," which could be rephrased as, "What can Anonym.OS do to protect a user against a monitoring party who owns the entire network that the user is using?" Ultimately, this comes down to the ability of the user to utilize covert channels for escaping the network and reaching tor servers. If the party controlling the network is serious enough about its desires and goals in censoring its users, nothing can stop them from implementing a white-list only policy, effectively blocking all tor traffic as well as access to proxies and other tools used for evading filtering.

    With those concerns in mind, kaos.theory will be working towards and automated egress filtering evasion script for use in conjunction with Anonym.OS. In terms of the "China Problem," this may not offer much as it will most likely require a "trusted friend" on the outside of the hostile network. In terms of a restrictive corporate network, this could be a viable solution. Again, however, these "covert channels" will likely lead to a ridiculous number of anomalous packets coming from a system (who really makes 25,000 DNS requests in an hour, anyway?) and thus are not a bullet-proof solution.

    This is a staggering issue, and it's not one that's answerable entirely by technology. If a country or company chooses to restrict access for its users, and the entity is really serious in terms of throwing resources at the problem, there's not a lot we can do from the client-side.

    The Naysayers
    There have been two strains of objection to the project, one classical and the other uninformed. The former line of argument goes that we're simply enabling criminals to hide their illegal activities and, as suc

  • Problems with Tor. (Score:3, Insightful)

    by crhylove (205956) <rhy@leperkhanz.com> on Tuesday January 17, 2006 @06:59AM (#14489261) Homepage Journal
    I love the IDEA of Tor. I also love the idea of FreeNet. Neither one seems to work at all well (or quickly) in their current iterations however. Until these things are solved, for most people the trade-offs are just not worth it. Especially when so much is achievable under the mere guise of the millions of people involved. Until the RIAA hires MILLIONS of lawyers to sue MILLIONS of customers per year, people won't mind thumbing their nose at them and playing the numbers game. The same is CERTAINLY true for surfing and IM.

    rhY
  • Trusted binaries ? (Score:3, Insightful)

    by pan_sapiens (647704) on Tuesday January 17, 2006 @08:49AM (#14489560) Homepage
    While the intent of this project is very good, and I hate to pick holes ....here's one for the ultra-paranoid:

    Do you trust the precompiled binaries on the livecd ?

    Sure, the OpenBSD source is available for you to comb over for backdoors & sniffers etc, but how do you know that Anonym.OS was compiled using that exact same source code ?

    Maybe comparing hashes of the binaries to the offical OpenBSD versions would be a good start, but there are various reasons why this will only get you half way to validating that the build is kosher

    I'm not even beginning to suggest this work is trojaned or anything - the last thing I want to do is spread FUD about something this cool and useful ..[whoops, maybe too late], but this is a significant problem that I've come across personally when considering a "privacy" geared livecd. You place a lot of trust in the person(s) packaging the distro unless you pretty much compile the whole thing yourself.

    One solution (which is very time consuming, and already dated), is the Trusted Build Live CD [sourceforge.net] (TB) by the Hacktivismo group. It is basically a cookbook for rolling your own Gentoo livecd, with some tailoring for anonymity related applications like Tor (AFAIK, it doesn't do the nice packet filtering that Anonym.OS does, however).

  • by XMilkProject (935232) on Tuesday January 17, 2006 @03:18PM (#14492676) Homepage
    Taking it to Starbucks, (at least where I live) means using Wifi. It really isn't possible they've implemented usable Wifi support in their LiveCD is it? Usually getting wireless to work on linux means finding windows drivers, utilizing NDISWrapper, etc.

    That being said, what would be required for the linux community to make Wifi drivers more accessible? Is this something that is reliant entirely on the manufacturers providing drivers or is there some other solution? It would surely aid linux adoption if it was easier to get your Laptop Wifi working.

    For the linux-savvy, NDISWrapper is of course very slick, and I was able to get my HP Notebook Wifi card working in about 20 minutes, but the less techy people such as the Grandmother mentioned in the posting are not going to be able to sort their way through ndiswrapper and iwconfig, much less figure out newer encryption methods.

Bus error -- please leave by the rear door.

Working...