Anonym.OS a Boon for Privacy Geeks? 403
The Hosting Guy writes "Wired is running an article about a live CD that makes anonymous browsing easy enough for everyone. 'So easy to use you can hand it to your grandmother and send her off on her own to the local Starbucks.' Anonym.OS makes extensive use of Tor, the onion routing network that relies on an array of servers passing encrypted traffic to permit untraceable surfing."
Privacy Geek (Score:5, Interesting)
Has the will to un-molestation finally passed out of mainstream?
Anonymous developments? (Score:4, Interesting)
1. What are the theories behind simple anonymous sharing of data? (I know there are newer versions of P2P beyond Torrent that allow for a third party mediator between two anonymous parties. This seems like a start to making a truly free-speech undernet.)
2. Is it possible to completely diversify the Internet away from IP-based hosting to a new swarm-network of anonymous users all hosting little pieces of various forms of information? 2b. Is anyone working on this swarm idea?
3. As information becomes more accessible, will the need for information privacy be important? 3b. Is it more important to create a totally anonymous information sharing network than it is to work on harder to break encryption schemes?
Re:Too bad no one using it can comment (Score:5, Interesting)
The whole privacy movement seems to have fizzled. (Score:5, Interesting)
I'd check on these projects every few years, until finally, I sorta gave up on following them. They seemed to stagnate, never getting beyond the fringe.
A year or so ago, I wanted to the utilize mixmaster remailers, and I *still* wasn't able to find an up-to-date, lucid HOWTO or a client that didn't require a *lot* of work to use.
I haven't actively sought these tools in a while, so maybe they've caught up. But I keep my ear to the wall, and I have yet to hear any murmers of good anonymizing technologies, nor do I ever see any passing references to people using them.
I have assumed that the movement is either dead (nobody cares anymore) or ubiquitous (it's common knowledge and no big deal). Somehow, I kinda doubt it's the latter.
I've been toying with an idea for a site/system in the spirit of the Mixmaster remailers, but I want to be able to evaluate the current technologies before I totally re-invent the proverbial wheel. (Plus, I wish to be as anonymous in the registration and publication of the site as possible). I'd *love* some pointers.
Re:Too bad no one using it can comment (Score:2, Interesting)
Re:Maybe it's a newbie question (Score:5, Interesting)
If it doesn't validate, it means that someone could have setup a web server pretending to be the one asking for your credit card. It's a common man-in-the-middle attack, and is very easy to do with automated tools (like ettercap). You are protected, though, since the certificate (shouldn't be) valid in this case... the trusted CAs are trusted because they won't give a valid certificate to someone that's doing MITM attacks in Starbucks. (However, the CAs have been known to lapse. A certificate was granted a while back to something like paypa1.com and was used to phish paypal details. Users thought it was OK because the cert was valid, but it was valid for the wrong site.)
Either way, be careful.
Re:The whole privacy movement seems to have fizzle (Score:5, Interesting)
At one point in Internet history, we (the libertarian/anarchists/cypherpunks) thought it might bring a new era of freedom. BBSs had given us a taste, and many people expected the Internet to be like a huge BBS, with everything you could imagine on it.
And it was, for a while.
Then some copyright lawyers started jumping on board, and harassing lyrics sites.
The Scientologists started suing people left and right.
Spam started snowballing.
MP3s cause the record companies to start wishing people were only trading lyrics.
Late 1998 though 1999 was the high point I think. Geeks were Gods. Stories of geek millionaires were all over the place. The US finally watered down the stupid crypto regulations. Things were looking up.
Then the Columbine shootings happened.
The 2000 elections brough all kinds of leftists out of the woodwork. Remember Nader? He sure got enough astroturfing here on Slashdot.
The so called "anarchists" get all over the news acting like total fuckwads at WTO "protests".
The WTC attack caused all the people with comfortable lives that liked to think they were cypherpunks to turn. Pull up some stories from Slashdot on 9/11 and 9/12 and see how many people were so willing to offer up the liberty for a slice of security. PATRIOT act flies through with little hassle.
News media reduced to saying things like "Some civil libertarians have concerns" instead of "What the fuck are they thinking?"
Scam artists hiding behind patent law started really milking it.
So you have left what you have today. An environment where you can't really do anything without the risk of lawsuit or arrest. I see things slowly shifting back toward the side of freedom, but it's been a slow recovery.
If Steve Jackson Games Raid happened today, would people be outraged enough to form something like the EFF? I doubt it.
Re:The whole privacy movement seems to have fizzle (Score:2, Interesting)
Re:un-molestation (Score:3, Interesting)
People have an inherent concept of public vs. private space, just like they have an inherent concept of property. Neither of these things were magically created by feudalism, still less by industrialization. Even animals like dogs understand the concept of territory, and they will fight when another animal intrudes on that territory.
It's true that in the course of history, some people got a lot of private space, and some people got the shaft. And yes, there was always the concept of owning someone else's territory, or even owning another person. None of that is new.
What is new, is the pervasive way that surveillance is being integrated into our lives. The same person who would hate the thought of some busybody leaning over their monitor, and watching their web browsing, can bring himself to accept the much more invasive forms of surveillance practiced by cookies, "phone home" web widget like doubleclick's, and email snooping. That is what we are trying to change-- hopefully not in vain.
Re:Anonymous and suspicious (Score:3, Interesting)
Contrary to popular belief you run in to quite a few sympathetic coppers in that line of protest. Especially after they'ved been ordered about by a few Audrey Hamilton's.
OT : I know a lot of Americans like their hunting and those of you who don't care one way or the other about hunting, I just want to make the point that in England hunting is not just a sport, it's a heritage. A heritage of murder, execution, force land clearance and other negative behaviour that resonates through our society and legal structure to this day. Reformation of society should be a constant and land ownership is central to this.
http://www.guardian.co.uk/freedom/Story/0,2763,14
Re:The whole privacy movement seems to have fizzle (Score:3, Interesting)
Re:Privacy Geek (Score:2, Interesting)
Beware of Geeks Bearing Grifts (Score:3, Interesting)
(One reason I stopped contributing to Wikipedia: members of that community love to use the word "neologism" but obviously have no idea what it actually means.)
Anyway, geekhood is hardly fringe. A geek is just somebody who has an unusual interest in technology. Geeks constitute a special community with their own interests, priorities and jargon, but the same can be said for Freemasons, Realtors, and NASCAR enthusiasts — none of whom count as "fringe".
Besides, a "privacy geek" isn't just somebody who cares about privacy, any more than anybody who uses a computer is a "computer geek".
sniffing outbound connections from a tor node (Score:5, Interesting)
Just by running a tor node, you get the oppertunity to collect login+password information for any non-ssl site tor users log into. You also get to see cookie information to boot. Hey, at some point, the traffic has to exit the tor obfuscation network, and if you run a node, you're going to get a bunch of that traffic. It's only a matter of time.
That's why I refuse to use "anonymizer" networks like tor. You can't even login to your damn webmail, without giving away your account information.
Re:Anonymous developments? (Score:3, Interesting)
For starters, turn as many people as possible into open proxies. Then encrypt traffic between those proxies. Get brave volunteers to allow their machines to be end-nodes (places where traffic is allowed to exit and enter the network) instead of just routing nodes. Ideally, the end-nodes should be located in countries with a) negligible computer-crime budgets, or b) negligible computer crime laws. This has a detrimental effect on network latency (and possibly throughput), but it's hard for a country to prosecute someone for something that isn't illegal where the someone lives.
2. Is it possible to completely diversify the Internet away from IP-based hosting to a new swarm-network of anonymous users all hosting little pieces of various forms of information? 2b. Is anyone working on this swarm idea?
The concept of a swarm is incompatible with anonymity. See, in a Bittorrent situation, there must be some entity that handles the "who gets connected to whom". Also, it's always possible to see the IP address of anyone who sends you data. So if you're in a swarm, you can tell (by sniffing your own traffic) who is sending and receiving data. If you're only receiving illegal files, you can logically assume that anyone sending you bits is providing said illegal data.
One notable exception to this would be if an entire area (say, a neighborhood, town, or nation) were to have a free-access mesh network that offers dynamic addressing. Then someone could, in theory, write software that would periodically establish a new IP address within the mesh (disconnect, change MAC address, reconnect). Add bonus points if all traffic between the clients and the access point is encrypted.
3. As information becomes more accessible, will the need for information privacy be important? 3b. Is it more important to create a totally anonymous information sharing network than it is to work on harder to break encryption schemes?
The need for information privacy is as important now as it has ever been, or will ever be. It's all based on the user's perception. If you maintain good security practices and don't wind up with trojans on your system, *and* you don't do anything illegal, you only have to worry about commercial exploitation. If you get hacked, the acts of another could be pinned on you.
More important than the need for information privacy is the need for a consensus that the mere encryption of data does not constitute a reason for the authorities to break it and/or question you. Ideally, they'd require real-world probable cause before even being able to capture your traffic. All too often, that is not the case.
Re:Privacy Geek (Score:4, Interesting)
Being "seen" or "recognized" as in the pre-computer-age sense isn't the issue. The issue is having the minutiae of your online and offline behavior recorded, wherever you go and whatever you do.
How do you think the police would react if you, a private citizen, set up cameras recording all of their officers as they left and returned to their station. You would deploy robotic cameras to follow them on the public roadways. You'd correlate this video with officer names and pictures and store it in a database, which you'd sell to anyone who would pay your price. I don't think they would permit you to do it for long.
This is essentially what they want to do to us. Why should we permit it, when they won't permit us the same privilege? Are police some sort of superbeings who won't use this imbalance to their own advantage? Are they the world's most perfect database administrators and programmers, who will never leave any flaws or bugs that would let someone steal this information? Are they free of bureaucracy and able to establish truly secure protocols for the management of this information?
It's a power grab, plain and simple, happening online and offline. Technology isn't the problem; the problem is that the current authorities are seizing the initiative to establish every new technological application in their own favor, further empowering the powerful and weakening everyone else.
Re:Privacy Geek (Score:2, Interesting)
This one company knows everything they do online. And if they have any other G services, with names and emails.
Thinking about that, here's something (Anonym.OS) I want to see.
Virtual Machine available? (Score:2, Interesting)
Re:un-molestation (Score:3, Interesting)
Really, in an insula there was no privacy at all.
(Sources: 1 [cuny.edu], 2 [hadrians.com])
Now, who was it that put their foot in their mouth, again?
Re:Too bad no one using it can comment (Score:3, Interesting)
People need to anonymize their browsing when they are not surfing casually, but rather doing surfing that they don't want anyone to know they've done (duh). So most people don't bother or care to surf, say, slashdot anonymously.
When you are doing things that a government doesn't approve of (and COINTELPRO has taught us that the US government spends lots of time and resources going after people who exercise their rights) then using tor is a good idea.
To put it another way, people who need to anonymize their traffic are probably only visiting a very small subset of websites: sites where they can post information but fear law enforcement seizing server logs, sites where they want to obtain information but they don't want law enforcement to know that they have it, so on and so forth.
Therefore, it is fundamentally flawed to think "not many people who visit my site need to do so anonymously, therefore not many people need to visit any site anonymously."