People used to go the other way
May 18th, 2016 by Ken Hagler

Developer Of Anonymous Tor Software Dodges FBI, Leaves US. An anonymous reader quotes a report from CNN: FBI agents are currently trying to subpoena one of Tor’s core software developers to testify in a criminal hacking investigation, CNNMoney has learned. But the developer, who goes by the name Isis Agora Lovecruft, fears that federal agents will coerce her to undermine the Tor system — and expose Tor users around the world to potential spying. That’s why, when FBI agents approached her and her family over Thanksgiving break last year, she immediately packed her suitcase and left the United States for Germany. “I was worried they’d ask me to do something that hurts innocent people — and prevent me from telling people it’s happening,” she said in an exclusive interview with CNNMoney. Earlier in the month, Tech Dirt reported the Department of Homeland Security wants to subpoena the site over the identity of a hyperbolic commenter. [Slashdot]

It’s depressing that I can now say that I’m old enough to remember when people defected to the US.

EFF Publishes Study On Browser Fingerprinting
Jun 3rd, 2011 by Ken Hagler

EFF Publishes Study On Browser Fingerprinting. Rubinstien writes “The Electronic Frontier Foundation investigated the degree to which modern web browsers are susceptible to ‘device fingerprinting’ via version and configuration information transmitted to websites. They implemented one possible algorithm, and collected data from a large sample of browsers visiting their Panopticlick test site, which we’ve discussed in the past. According to the PDF describing the study, browsers that supported Flash or Java on average supplied at least 18.8 bits of identifying information, and 94.2% of those browsers were uniquely identifiable in their sample. My own browser was uniquely identifiable from both the list of plugins and available fonts, among 1,557,962 browsers tested so far.” [Slashdot]

I visited the test site with my default browser with Tor and NoScipt on, and it had this to say:

Within our dataset of several million visitors, only one in 10,791 browsers have the same fingerprint as yours.

Currently, we estimate that your browser has a fingerprint that conveys 13.4 bits of identifying information.

However, it reports the user agent incorrectly, as Tor is set to lie about what browser I’m using. When I turned Tor off and reloaded the test page, I got this instead:

Within our dataset of several million visitors, only one in 21,435 browsers have the same fingerprint as yours.

Currently, we estimate that your browser has a fingerprint that conveys 14.39 bits of identifying information.

If I’m not mistaken, this means that the test site thinks I’m in the first group of browsers when I’m actually in the second group.

Tor weaknesses
Dec 28th, 2010 by Ken Hagler

Flaws in Tor anonymity network spotlighted. At the Chaos Computer Club Congress in Berlin, Germany on Monday, researchers from the University of Regensburg delivered a new warning about the Tor anonymizer network, a system aimed at hiding details of a computer user’s online activity from spying eyes.

The attack doesn’t quite make a surfer’s activity an open book, but offers the ability for someone on the same local network—a Wi-Fi network provider, or an ISP working at law enforcement (or a regime’s) request, for example—to gain a potentially good idea of sites an anonymous surfer is viewing. [Ars Technica]

There are things users can do to protect themselves. From the article:

Users themselves can guard against this type of fingerprint-based eavesdropping relatively easily, Herrmann noted. Downloading or requesting more than one site at a time through the network will muddy the pattern enough that certainty will be very difficult for the eavesdropper to establish.

And from one of the comments:

This attack should be significantly less effective as well if the target in question is a fully functional and quality relaying node. In that case other people accessing through the node would randomize things significantly, and their access would be impossible to differentiate from a local user without the kind of physical access that makes the entire thing moot.

Wrong approach
May 26th, 2010 by Ken Hagler

Browser add-on blocks Google Analytics. Google has released an add-on for Web browsers that blocks information from being sent to its Analytics service. [MacCentral]

This is rather pointless, as Tor blocks Google Analytics, and any other form of spying on the Internet. Anyone who wants their browsing to be private is using it, which means that the people complaining about Google Analytics tracking their activity are only announcing their own ignorance or stupidity (or both).

Browsing the web without Tor and complaining about privacy is like standing on a crowded sidewalk and then complaining that people can see you.

How not to release leaked information
Dec 31st, 2009 by Ken Hagler

Brief: TSA subpoenas bloggers to find source of security doc leak.

The Transportation Security Administration is attempting to find the source of a leak of a sensitive security directive that followed a failed airline bombing attempt on Christmas Day. Two travel bloggers have revealed that they have been subpoenaed to provide information that may lead to the source of the leak.

Shortly after an attempted “underwear” bomber was discovered on Northwest Airlines Flight 253 from Amsterdam to Detroit on December 25, the Transportation Security Administration issued immediate, temporary changes to security procedures in an attempt to prevent similar incidents. The particular details of those changes were issued in an internal security directive, intended only for TSA employees. However, copies of the directive were leaked to several bloggers and quickly spread around the ‘Net.

Writers Chris Elliott and Steven Frischling both received copies of the security directive from anonymous sources, and both published the text of the directive after mass confusion set in among holiday travelers affected by the sudden changes in security procedures. It appears that the TSA is not punishing either for publishing the document; rather, they are trying to find the source of the leak.

"The DHS & TSA are taking this matter seriously, and that tells me that they are paying attention to security in detail," Frischling wrote on his blog. So far, neither has admitted to knowing the identity of the source of the TSA directive.

The leak is somewhat embarrassing for the TSA, though, in light of a recent leak of the entire contents of the TSA’s “Standard Operating Procedures” manual online. That disclosure was due to improper redacting of the document, which the TSA later claimed to be out of date.

[Ars Technica]

The lesson to be learned here is that if you find yourself in possession of information which would embarrass the government, don’t pin a giant target on yourself by posting it to your blog. Instead, use Tor to upload it anonymously to Wikileaks.

Article on sci-fi publisher Tor
Nov 13th, 2008 by Ken Hagler

New at Reason: Katherine Mangu-Ward on Science Fiction Publisher Tor Books.

From our December issue, Associate Editor Katherine Mangu-Ward offers a guided tour of the anti-authoritarian universe of Tor Books, the world’s most successful science fiction publisher.

Read all about it here. 

[Hit and Run]

Some particularly good quotes from the article:

Science fiction novelist Cory Doctorow, a self-described civil libertarian whose Tor titles include the brilliantly paranoid young adult novel Little Brother, suggests why science fiction writers think so much about alternative worlds. “It’s completely unsurprising that people who, you can imagine, aren’t at the top of the pecking order in high school would turn to science fiction,” says Doctorow, who is also co-author of the wildly popular geek blog Boing Boing. “The people who write it have often not been beneficiaries of the authoritarian system. They’re the people who don’t fit in exactly, and if you always rub up against social constraints, you’re the kind of person who’s willing to sit down and have a good hard think about whether this is the best way to do things.”


“I suspect S.F. has an individualistic, antiauthoritarian trend to it not least because so many of the people who read and write it (not all by any means, but quite a few) are innerdirected introverts who make neither good leaders nor good followers,” emails Harry Turtledove, a best-selling author whose most famous novels pose questions about contingency in history and the importance of individual action. “Am I talking about myself? Well, now that you mention it, yes. But I ain’t the only one, not even close.”

»  Substance:WordPress   »  Style:Ahren Ahimsa
© Ken Hagler. All rights reserved.