Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - astor

Pages: 1 ... 72 73 [74] 75 76 ... 208
1096
I'm totally shocked that more Americans don't know about, or take action on this.

Their argument tends to go something like this: "I'm not doing anything wrong, so why should I worry about it."

Here's Snowden's argument why they should care:

"Because even if you're not doing anything wrong you're being watched and recorded. The storage capability of the systems increases every year consistently by orders of magnitude where it's getting to the point you don't have to have done anything wrong. You simply have to eventually fall under suspicion by somebody - even by a wrong call. Then they can use the system to go back in time and scrutinise every decision you've ever made, every friend you've ever discussed something with and attack you on that basis to sort of derive suspision from an innocent life and paint anyone into context of a wrongdoer."


Quote
How could this be stopped? I think people need to know how this will effect their daily lives and the lives of future generations. The fact that the NSA has given these projects the green light will make them harder to shut down, because of their secret budgets and lack of oversight. When average Americans start getting prosecuted for minor issues via emails or what have you, then you will see them come out in full force against it. Until this issue hits critical mass, we will need counter measures like Tor, and the things that evolve beyond Tor.

Rand Paul wants to file a class action law suit against the government. Don't know if that will accomplish anything, since they could scuttle it on the grounds of national security (ie, state secrets). The most effective thing may be for people to vote with their wallets and not use American companies. Make "Not subject to US law" your new marketing strategy and build alternatives outside the US.

Quote
Does anyone know where to go to actually see the documents? I would just assume they would be on wiki-leaks.

The Guardian has a portal dedicated to this issue:

http://www.guardian.co.uk/world/the-nsa-files

There's a section called "Read the Documents".

1097
The internet needs to diversity. Too much of the infrastructure is hosted in the United States and subject to American government overreach. *This* is a market ripe for disruption. We need a useful Google alternative in Germany, Sweden or Iceland. We need email and file storage services there. Build it and we will come, because the world is tired of your shit, American government.

1098
Newbie discussion / Re: whats stopping LEA from shutting down Sr
« on: June 09, 2013, 08:57 pm »
I don't even know where to start with this thread.

Everyone should spend a few weeks reading the Security forum.

Browse through and read the threads with "hidden service" in the title.

1099
http://www.guardian.co.uk/world/2013/jun/09/edward-snowden-nsa-whistleblower-surveillance

Edward Snowden: the whistleblower behind revelations of NSA surveillance

The individual responsible for one of the most significant leaks in US political history is Edward Snowden, a 29-year-old former technical assistant for the CIA and current employee of the defence contractor Booz Allen Hamilton. Snowden has been working at the National Security Agency for the last four years as an employee of various outside contractors, including Booz Allen and Dell.

The Guardian, after several days of interviews, is revealing his identity at his request. From the moment he decided to disclose numerous top-secret documents to the public, he was determined not to opt for the protection of anonymity. "I have no intention of hiding who I am because I know I have done nothing wrong," he said.

Snowden will go down in history as one of America's most consequential whistleblowers, alongside Daniel Ellsberg and Bradley Manning. He is responsible for handing over material from one of the world's most secretive organisations – the NSA.

In a note accompanying the first set of documents he provided, he wrote: "I understand that I will be made to suffer for my actions," but "I will be satisfied if the federation of secret law, unequal pardon and irresistible executive powers that rule the world that I love are revealed even for an instant."

Despite his determination to be publicly unveiled, he repeatedly insisted that he wants to avoid the media spotlight. "I don't want public attention because I don't want the story to be about me. I want it to be about what the US government is doing."

He does not fear the consequences of going public, he said, only that doing so will distract attention from the issues raised by his disclosures. "I know the media likes to personalise political debates, and I know the government will demonise me."

Despite these fears, he remained hopeful his outing will not divert attention from the substance of his disclosures. "I really want the focus to be on these documents and the debate which I hope this will trigger among citizens around the globe about what kind of world we want to live in." He added: "My sole motive is to inform the public as to that which is done in their name and that which is done against them."

He has had "a very comfortable life" that included a salary of roughly $200,000, a girlfriend with whom he shared a home in Hawaii, a stable career, and a family he loves. "I'm willing to sacrifice all of that because I can't in good conscience allow the US government to destroy privacy, internet freedom and basic liberties for people around the world with this massive surveillance machine they're secretly building."

'I am not afraid, because this is the choice I've made'

Three weeks ago, Snowden made final preparations that resulted in last week's series of blockbuster news stories. At the NSA office in Hawaii where he was working, he copied the last set of documents he intended to disclose.

He then advised his NSA supervisor that he needed to be away from work for "a couple of weeks" in order to receive treatment for epilepsy, a condition he learned he suffers from after a series of seizures last year.

As he packed his bags, he told his girlfriend that he had to be away for a few weeks, though he said he was vague about the reason. "That is not an uncommon occurrence for someone who has spent the last decade working in the intelligence world."

On May 20, he boarded a flight to Hong Kong, where he has remained ever since. He chose the city because "they have a spirited commitment to free speech and the right of political dissent", and because he believed that it was one of the few places in the world that both could and would resist the dictates of the US government.

In the three weeks since he arrived, he has been ensconced in a hotel room. "I've left the room maybe a total of three times during my entire stay," he said. It is a plush hotel and, what with eating meals in his room too, he has run up big bills.

He is deeply worried about being spied on. He lines the door of his hotel room with pillows to prevent eavesdropping. He puts a large red hood over his head and laptop when entering his passwords to prevent any hidden cameras from detecting them.

Though that may sound like paranoia to some, Snowden has good reason for such fears. He worked in the US intelligence world for almost a decade. He knows that the biggest and most secretive surveillance organisation in America, the NSA, along with the most powerful government on the planet, is looking for him.

Since the disclosures began to emerge, he has watched television and monitored the internet, hearing all the threats and vows of prosecution emanating from Washington.

And he knows only too well the sophisticated technology available to them and how easy it will be for them to find him. The NSA police and other law enforcement officers have twice visited his home in Hawaii and already contacted his girlfriend, though he believes that may have been prompted by his absence from work, and not because of suspicions of any connection to the leaks.

"All my options are bad," he said. The US could begin extradition proceedings against him, a potentially problematic, lengthy and unpredictable course for Washington. Or the Chinese government might whisk him away for questioning, viewing him as a useful source of information. Or he might end up being grabbed and bundled into a plane bound for US territory.

"Yes, I could be rendered by the CIA. I could have people come after me. Or any of the third-party partners. They work closely with a number of other nations. Or they could pay off the Triads. Any of their agents or assets," he said.

"We have got a CIA station just up the road – the consulate here in Hong Kong – and I am sure they are going to be busy for the next week. And that is a concern I will live with for the rest of my life, however long that happens to be."

Having watched the Obama administration prosecute whistleblowers at a historically unprecedented rate, he fully expects the US government to attempt to use all its weight to punish him. "I am not afraid," he said calmly, "because this is the choice I've made."

He predicts the government will launch an investigation and "say I have broken the Espionage Act and helped our enemies, but that can be used against anyone who points out how massive and invasive the system has become".

The only time he became emotional during the many hours of interviews was when he pondered the impact his choices would have on his family, many of whom work for the US government. "The only thing I fear is the harmful effects on my family, who I won't be able to help any more. That's what keeps me up at night," he said, his eyes welling up with tears.

'You can't wait around for someone else to act'

Snowden did not always believe the US government posed a threat to his political values. He was brought up originally in Elizabeth City, North Carolina. His family moved later to Maryland, near the NSA headquarters in Fort Meade.

By his own admission, he was not a stellar student. In order to get the credits necessary to obtain a high school diploma, he attended a community college in Maryland, studying computing, but never completed the coursework.

In 2003, he enlisted in the US army and began a training program to join the Special Forces. Invoking the same principles that he now cites to justify his leaks, he said: "I wanted to fight in the Iraq war because I felt like I had an obligation as a human being to help free people from oppression".

He recounted how his beliefs about the war's purpose were quickly dispelled. "Most of the people training us seemed pumped up about killing Arabs, not helping anyone," he said. After he broke both his legs in a training accident, he was discharged.

After that, he got his first job in an NSA facility, working as a security guard for one of the agency's covert facilities at the University of Maryland. From there, he went to the CIA, where he worked on IT security. His understanding of the internet and his talent for computer programming enabled him to rise fairly quickly for someone who lacked even a high school diploma.

By 2007, the CIA stationed him with diplomatic cover in Geneva, Switzerland. His responsibility for maintaining computer network security meant he had clearance to access a wide array of classified documents.

That access, along with the almost three years he spent around CIA officers, led him to begin seriously questioning the rightness of what he saw.

He described as formative an incident in which he claimed CIA operatives were attempting to recruit a Swiss banker to obtain secret banking information. Snowden said they achieved this by purposely getting the banker drunk and encouraging him to drive home in his car. When the banker was arrested for drunk driving, the undercover agent seeking to befriend him offered to help, and a bond was formed that led to successful recruitment.

"Much of what I saw in Geneva really disillusioned me about how my government functions and what its impact is in the world," he says. "I realised that I was part of something that was doing far more harm than good."

He said it was during his CIA stint in Geneva that he thought for the first time about exposing government secrets. But, at the time, he chose not to for two reasons.

First, he said: "Most of the secrets the CIA has are about people, not machines and systems, so I didn't feel comfortable with disclosures that I thought could endanger anyone". Secondly, the election of Barack Obama in 2008 gave him hope that there would be real reforms, rendering disclosures unnecessary.

He left the CIA in 2009 in order to take his first job working for a private contractor that assigned him to a functioning NSA facility, stationed on a military base in Japan. It was then, he said, that he "watched as Obama advanced the very policies that I thought would be reined in", and as a result, "I got hardened."

The primary lesson from this experience was that "you can't wait around for someone else to act. I had been looking for leaders, but I realised that leadership is about being the first to act."

Over the next three years, he learned just how all-consuming the NSA's surveillance activities were, claiming "they are intent on making every conversation and every form of behaviour in the world known to them".

He described how he once viewed the internet as "the most important invention in all of human history". As an adolescent, he spent days at a time "speaking to people with all sorts of views that I would never have encountered on my own".

But he believed that the value of the internet, along with basic privacy, is being rapidly destroyed by ubiquitous surveillance. "I don't see myself as a hero," he said, "because what I'm doing is self-interested: I don't want to live in a world where there's no privacy and therefore no room for intellectual exploration and creativity."

Once he reached the conclusion that the NSA's surveillance net would soon be irrevocable, he said it was just a matter of time before he chose to act. "What they're doing" poses "an existential threat to democracy", he said.

A matter of principle

As strong as those beliefs are, there still remains the question: why did he do it? Giving up his freedom and a privileged lifestyle? "There are more important things than money. If I were motivated by money, I could have sold these documents to any number of countries and gotten very rich."

For him, it is a matter of principle. "The government has granted itself power it is not entitled to. There is no public oversight. The result is people like myself have the latitude to go further than they are allowed to," he said.

His allegiance to internet freedom is reflected in the stickers on his laptop: "I support Online Rights: Electronic Frontier Foundation," reads one. Another hails the online organisation offering anonymity, the Tor Project.

Asked by reporters to establish his authenticity to ensure he is not some fantasist, he laid bare, without hesitation, his personal details, from his social security number to his CIA ID and his expired diplomatic passport. There is no shiftiness. Ask him about anything in his personal life and he will answer.

He is quiet, smart, easy-going and self-effacing. A master on computers, he seemed happiest when talking about the technical side of surveillance, at a level of detail comprehensible probably only to fellow communication specialists. But he showed intense passion when talking about the value of privacy and how he felt it was being steadily eroded by the behaviour of the intelligence services.

His manner was calm and relaxed but he has been understandably twitchy since he went into hiding, waiting for the knock on the hotel door. A fire alarm goes off. "That has not happened before," he said, betraying anxiety wondering if was real, a test or a CIA ploy to get him out onto the street.

Strewn about the side of his bed are his suitcase, a plate with the remains of room-service breakfast, and a copy of Angler, the biography of former vice-president Dick Cheney.

Ever since last week's news stories began to appear in the Guardian, Snowden has vigilantly watched TV and read the internet to see the effects of his choices. He seemed satisfied that the debate he longed to provoke was finally taking place.

He lay, propped up against pillows, watching CNN's Wolf Blitzer ask a discussion panel about government intrusion if they had any idea who the leaker was. From 8,000 miles away, the leaker looked on impassively, not even indulging in a wry smile.

Snowden said that he admires both Ellsberg and Manning, but argues that there is one important distinction between himself and the army private, whose trial coincidentally began the week Snowden's leaks began to make news.

"I carefully evaluated every single document I disclosed to ensure that each was legitimately in the public interest," he said. "There are all sorts of documents that would have made a big impact that I didn't turn over, because harming people isn't my goal. Transparency is."

He purposely chose, he said, to give the documents to journalists whose judgment he trusted about what should be public and what should remain concealed.

As for his future, he is vague. He hoped the publicity the leaks have generated will offer him some protection, making it "harder for them to get dirty".

He views his best hope as the possibility of asylum, with Iceland – with its reputation of a champion of internet freedom – at the top of his list. He knows that may prove a wish unfulfilled.

But after the intense political controversy he has already created with just the first week's haul of stories, "I feel satisfied that this was all worth it. I have no regrets."

1100
Off topic / Re: made it to 100 now what
« on: June 09, 2013, 07:19 pm »
All the new forum features are amazing! :)

We're not really allowed to talk about it though. You'll just have to get 2000 posts to see.

1101
Security / Re: Brainstorming the ideal anonymity network
« on: June 09, 2013, 06:54 pm »
Doesn't Tor need like a lot of help with planned improvements?

They need a lot of help with a lot of stuff. It would be great if improving the hidden service protocol was a top priority. Tor started out as an anonymity network, but their focus has turned into censorship circumvention, because it happens to be a side effect of using an anonymity network -- although the same thing can be accomplished with one-hop proxies. That's why bridges and obfsproxy protocols were added to the network. The Tor Project works on specific projects that sponsors pay them to work on, and for the most part those sponsors are western government agencies and NGOs that want to help activists in repressed countries. So unless someone with deep pockets comes along and asks for specific deliverables related to hidden services, I don't expect to see much improvement there.

Speaking of rarely used Tor features, it also supports authenticated access to hidden services such that clients without a specific cookie can not even determine if the hidden service is up or not. 

I use that for all of my hidden services. :)

Quote
Yes definitely allowing exiting to the clearnet is required to gain a substantial user base (and all of the delicious cover traffic they bring with them). I am really torn between having all users route by default or not.

Advantages of all users routing:

A. The network can scale much more easily (Tor is constantly running into resource problems, I2P has an abundance of resources)
B. It makes it much easier to add plausible deniability
C. It opens up the possibility of having a distributed data store like Freenet, which I find very attractive
D. The abundance of resources allows for heavier use of dummy traffic and other anonymity increasing, bandwidth intensive techniques
E. The network is likely to grow much larger (20,000 routing nodes versus 3,000 routing nodes) which makes it harder for an attacker to monitor a large % of it

Disadvantages of all users routing:

A. Not as many people want to make resources available as want to consume resources. Having users route by default could lead to a much smaller overall user base, even if the number of routing nodes is larger.

More importantly, not all users are able to route. Some are behind unconfigurable NAT. Some have crappy connections. Some can only connect for short periods of time. I2P encourages you to stay connected, because it can take 15 minutes to establish a useful number of connections to the rest of the network. If you can only connect for an hour a day, you waste a lot of time just integrating yourself into the network. Apparently, Freenet is even worse on that point.

Relaying from home is free, whereas the Tor network relies on volunteers spending a lot of money to run high bandwidth relays to handle all of the users. Still, there seems to be sufficient interest that this hasn't harmed Tor yet.

Also, if you want to allow access to clearnet sites, you should not allow arbitrary newbs to be exit nodes. Some people will unwittingly get in a lot of trouble and that will drive everyone away from the network.

I think it's a combination of the network requirements and the lack of clearnet access that makes I2P users a very selective group. No offense to them, I think they are great people, but they are very homogenous. Almost all of them know how to code. Almost all of them are professional technologists or very tech savvy hobbyists. That works well for them now, because there isn't a lot of controversial content on the network. There are no major drug or CP sites. But if I2P was invaded by those groups, that situation would change. Not only might technical weaknesses be revealed by serious adversaries, but it would become obvious that they lack the cover you get from mixing with very diverse crowds. If there was a major CP invasion, then everyone using I2P would be a suspect, whereas I'm quite comfortable using Tor even if someone sees me using it, because of the plausible deniability of the very diverse crowd.

So for these many reasons, I don't think people should be required to relay, and the size and diversity of the user base should be maximized.

Quote
Well my interest in anonymity networks predated SR and the massive SR user base by many years, so I am not really concerned with SR being the primary destination of people who use the darknet.

I was using that as an example of a monopoly and the pressures that come with it. The same logic applies to Facebook, for example. Everyone hates it but no one seems to be able to quit, even though open source, federate social networks exist (which you can run as hidden services or eepsites, even).

Quote
Tor is definitely by far the most popular network though, and any new comer will have trouble even growing to the same size as Freenet or I2P. So I would say that I am brainstorming a theoretical network, but a theoretical network that would be worth building. I really do love Tor but I am entirely convinced that it is not capable of continuing to provide anonymity as the scrutiny against it increases. Simple analysis of Tor reveals that a fairly modest attacker can cause enormous damage to those who use it. We have not seen this carried out in practice yet, and we never will until we do. But looking at the theoretical strengths and weaknesses of Tor, the only conclusion I can come to is that Tor is just not something I want to continue trusting with my life. After the first wave of Tor arrests comes, and in my opinion this will be sometime in the fairly near future, perhaps in a year or two, people will look for alternatives because they will realize that Tor is actually no longer good enough. But I am interested in anonymity networks theoretically and practically, and even if nobody ever uses a superior network it is interesting enough in itself to make one.

Well, if you believe the network is going to be crippled by mass arrests, that's a good reason to start designing a robust alternative.

I still wonder if adding features like layered, permanent entry guards is not worth doing in the short term.

Quote
I can see merit to layering some things on top of Tor (for example a remailer network), but I think that something that is fundamentally an alternative to Tor would not make much sense to layer through Tor. I also doubt that the Tor developers have much interest in fundamentally changing their network. Right now we have low latency anonymity networks a la I2P and Tor, deniable file sharing networks a la Freenet, and high latency mix networks a la Mixminion and Mixmaster. I think that the remailer networks are so slow and unreliable and E-mail specific that hardly anybody will ever use them, that I2P and Tor are so fundamentally insecure that they will not withstand attack for much longer, and that Freenet is so unique that it files sort of a niche market (it can't be used for surfing the internet, it can't be used for E-mail to people on the clearnet, it can't be used for hosting a traditional website, etc).

One thing I've thought about, especially since I've been hanging out with the I2P folks lately, is a trans-proxy. Similar to the onion.to and i2p.us in-proxies, or exit nodes and I2P out-proxies, but trans-proxies would proxy connections between anonymity networks. For example, to access eepsite whatever.i2p from Tor, you would go to whatever.i2p.transproxy.onion, and to access hidden service whatever.onion, you would go to whatever.onion.transproxy.i2p. You could chain these things together, so if you want to use an exit node from I2P, a modified dot exit URL like  www.google.com.RelayName.exit.transproxy.i2p would get you there. Ok, that's a bit confusing for newbs, but you could access and enjoy the properties of different networks at the same time. Somehow, Freenet could be integrated into this too, so you can the plausible deniability of accessing files from Freenet, but through a hidden service, and thus a Tor connection that doesn't expose you as a Freenet user.

This might even be an easier way to get the mixed properties of your theoretical network.

1102
Security / Re: Sites to AVOID while using TOR
« on: June 09, 2013, 03:35 pm »
That would be a long list. It's better to enumerate the reasons why you should avoid certain clearnet web sites over Tor, and you can apply that logic to any web site you come across.

1. Don't log into any web site that you have previously logged into over clearnet.

You will link your anonymous identity to your real identity.

2. Don't log into any web site that doesn't use SSL.

The exit node can sniff your account credentials. It can also link you to other sites that you are browsing at the same time, because all those TCP streams are probably using the same circuit, which terminates at that exit node.

3. Don't log into or try to create an account on any financial web site over Tor.

They are extremely paranoid and will probably flag your account.

4. You shouldn't write a lot of text on any web site where you have written a lot over clearnet.

This forum has shown that stylometry is surprisingly easy for even amateurs to perform, as several people have been trivially identified through quirks in their writing style (see for example mtljohn and chaosforpeace). You run the risk of linking your anonymous and real identities.

5. Be extremely careful about posting photos.

Metadata and identifying info photos have fucked a lot of people.

6. Don't enable Flash or Java on untrusted sites. If they require these plugins, that is extremely suspicious.

YouTube is probably ok, but I wouldn't run Flash on any other site. I wouldn't run Java on any site, period.

It is relatively safe to access the vast majority of sites as long as you don't log in or run Flash or Java. You can also disable JavaScript if you feel the need, although I think the threat from that is pretty low.

1103
Security / Re: Is it safe to use facebook
« on: June 09, 2013, 09:20 am »
The person who used FB from Tor did it to replace Tormail (very unreliable) as a way to communicate with specific persons she did not know in real life. Had no friends.

So they were using it as a bloated messaging service where all parties are anonymous and use fake info. If they PGP encrypted their messages, then Facebook (and potentially LE) only gets some metadata. That's no worse other clearnet services over Tor, although a little less safe than Tormail, assuming Tormail isn't an LE honeypot, because LE gets no metadata from Tormail.

1104
Latest blog post: https://blog.torproject.org/blog/prism-vs-tor


By now, just about everybody has heard about the PRISM surveillance program, and many are beginning to speculate on its impact on Tor.

Unfortunately, there still are a lot of gaps to fill in terms of understanding what is really going on, especially in the face of conflicting information between the primary source material and Google, Facebook, and Apple's claims of non-involvement.

This apparent conflict means that it is still hard to pin down exactly how the program impacts Tor, and is leading many to assume worst-case scenarios.

For example, some of the worst-case scenarios include the NSA using weaponized exploits to compromise datacenter equipment at these firms. Less severe, but still extremely worrying possibilities include issuing gag orders to mid or low-level datacenter staff to install backdoors or monitoring equipment without any interaction what-so-ever with the legal and executive staff of the firms themselves.

We're going to save analysis of those speculative and invasive scenarios for when more information becomes available (though we may independently write a future blog post on the dangers of the government use of weaponized exploits).

For now, let's review what Tor can do, what tools go well with Tor to give you defense-in-depth for your communications, and what work needs to be done so we can make it easier to protect communications from instances where the existing centralized communications infrastructure is compromised by the NSA, China, Iran, or by anyone else who manages to get ahold of the keys to the kingdom.

The core Tor software's job is to conceal your identity from your recipient, and to conceal your recipient and your content from observers on your end. By itself, Tor does not protect the actual communications content once it leaves the Tor network. This can make it useful against some forms of metadata analysis, but this also means Tor is best used in combination with other tools.

Through the use of HTTPS-Everywhere in Tor Browser, in many cases we can protect your communications content where parts of the Tor network and/or your recipients' infrastructure are compromised or under surveillance. The EFF has created an excellent interactive graphic to help illustrate and clarify these combined properties.

Through the use of combinations of additional software like TorBirdy and Enigmail, OTR, and Diaspora, Tor can also protect your communications content in cases where the communications infrastructure (Google/Facebook) is compromised.

However, the real interesting use cases for Tor in the face of dragnet surveillance like this is not that Tor can protect your gmail/facebook accounts from analysis (in fact, Tor could never really protect account usage metadata), but that Tor and hidden services are actually a key building block to build systems where it is no longer possible to go to a single party and obtain the full metadata, communications frequency, *or* contents.

Tor hidden services are arbitrary communications endpoints that are resistant to both metadata analysis and surveillance.

A simple (to deploy) example of a hidden service based mechanism to significantly hinder exactly this type of surveillance is an XMPP client that also ships with an XMPP server and a Tor hidden service. Such a P2P communication system (where the clients are themselves the servers) is both end-to-end secure, and does *not* have a single central server where metadata is available. This communication is private, pseudonymous, and does not have involve any single central party or intermediary.

More complex examples would include the use of Diaspora and other decentralized social network protocols with hidden service endpoints.

Despite these compelling use cases and powerful tool combination possibilities, the Tor Project is under no illusion that these more sophisticated configurations are easy, usable, or accessible by the general public.

We recognize that a lot of work needs to be done even for the basic tools like Tor Browser, TorBirdy, EnigMail, and OTR to work seamlessly and securely for most users, let alone complex combinations like XMPP or Diaspora with Hidden Services.

Additionally, hidden services themselves are in need of quite a bit of development assistance just to maintain their originally designed level of security, let alone scaling to support large numbers of endpoints.

Being an Open Source project with limited resources, we welcome contributions from the community to make any of this software work better with Tor, or to help improve the Tor software itself.

If you're not a developer, but you would still like to help us succeed in our mission of securing the world's communications, please donate! It is a rather big job, after all.

We will keep you updated as we learn more about the exact capabilities of this program.

1105
Security / Re: Is it safe to use facebook
« on: June 09, 2013, 06:30 am »
If you only give them fake info, then they won't know anything about, since Tor takes care of hiding your IP address and physical location. My answer above was based on the assumption that that's what OP wanted to do. However, I suppose Facebook could infer things about you from your friends, if they use real information. If they are all located in one city, there's a good chance you are too. Also, apparently there was a time when Facebook would ask people if their friends' info was accurate. I don't believe they do that anymore since the media picked it up as "snitching on your friends". Then again, if your friends are snitching on you to Facebook, you probably need better friends.

1106
Security / Re: Brainstorming the ideal anonymity network
« on: June 09, 2013, 05:45 am »
Great write up!

First, I want to point out, as you probably know but didn't mention, that hidden services can be multihomed, you simply publish the descriptor from two or more boxes. It isn't common, but I have talked to people who do it. Also, I2P has a hidden mode that is similar to entry guards and Freenet's darknet mode. So the features of Tor and I2P overlap more than is usually considered.

One of the most important properties of an anonymity network is the size of the user base. A high latency mix network with one user offers no anonymity. Similarly, I would feel a lot safer using I2P if it had a million concurrent users. Unfortunately, it only has 10,000 to 20,000 users. The main reason of course is that Tor offers easier access to clearnet sites, and it doesn't require you to be a relay. So those are the most important properties for an anonymity network with a large user base.

But to address your ideas, are you brainstorming a theoretical network, or something actually worth building? Because I think any competitor network will suffer the same problem that competitor darknet markets suffer. Everyone is on SR, so everyone will use SR, regardless of how good the alternatives are from a technical standpoint. Right now, 90% of anonymity network users are on Tor. It's doubtful a significant number of people would bother to use another anonymity network, even if was much more robust. Tor is "good enough" for most people.

So if you're describing a theoretical network, your ideas are good. If you want to build something that people would actually use, why not layer it on top of Tor? Route it through Tor but with additional properties that enhance anonymity. Since Tor clients control their circuits, they can easily build variable length paths. Adding timing delays would require modification of relays, and thus cooperation of others, but it might be easier to convince the Tor developers and relay operators to do that than to build a useful competitor network.

1107
Security / Re: clearnet with Tor- bad?
« on: June 09, 2013, 12:03 am »
Yeah, I don't buy their argument about that. One of them said that disabling JavaScript is ok for now, since there are a lot of tech savvy users who disable JavaScript, but as Tor becomes more popular, you will become more unique. That's not true. You will be a smaller percentage of Tor users, but the set should be the same size unless tech savvy users abandon Tor, and actually there are plenty of tech savvy users who don't use Tor yet, so as it gets more popular, the set of Tor uses with JavaScript disabled should increase.

Whether or not to disable JavaScript depends on your circumstances. 99% of exploits are written for Windows and I don't use Windows, and the cross-platform ones are Flash and Java based, which already disabled, so it's not a threat that I'm concerned about. I gain a lot by being part of the JavaScript-enabled anonymity set at very little cost/risk.

On Windows I would probably disable it.

1108
Security / Re: clearnet with Tor- bad?
« on: June 08, 2013, 11:46 pm »
Tor Project is *obsessed* with linkability, they focus disproportionately on preventing linkability attacks. Traceability has always been a secondary issue for them. Browser fingerprinting is a trivial sort of linking attack and disabling javascript makes it substantially more effective (although the practical implications of this are debatable). Hacking somebodies browser with malicious javascript is an advanced sort of attack that can lead to tracing in addition to linking

Tor Project ships TorBrowser with JavaScript enabled not because they don't care about traceability or people getting hacked, but because disabling JavaScript would break a lot of clearnet sites, and most Tor users wouldn't know that they can whitelist domains or turn off NoScript. They would think that TorBrowser is broken and stop using it. The Tor devs surmise that using Tor with JavaScript is better than not using Tor at all.

That being said, the Tor devs put NoScript in TorBrowser and it's easy to turn on if you're worried about JavaScript attacks.

1109
Off topic / Re: made it to 100 now what
« on: June 08, 2013, 11:24 pm »
What happens when a forum member reaches 100 posts?  Ive noticed I don't have to enter the captcha every time I want to post, which is awesome.  Is there anything else?

Dude, wait til you get to 2000 posts. It's fucking awesome.

1110
Cut three fingers off a latex glove. Triple wrap your shit. You know where to stick it.

Just kidding. In my experience, security personnel at music festivals aren't looking for drugs, just guns and knives. You can hide your stash in many places, your luggage, your socks, etc., since they don't search very thoroughly, but that may depend on the festival.

Now, if you get pulled over by a cop on your way there, that may be a different story. Pro tip: don't go to a festival in a hippie van or look like an obvious druggie. Cops may be sitting along the road right before the festival site.

Pages: 1 ... 72 73 [74] 75 76 ... 208