People used to go the other way
May 18th, 2016 by Ken Hagler

Developer Of Anonymous Tor Software Dodges FBI, Leaves US. An anonymous reader quotes a report from CNN: FBI agents are currently trying to subpoena one of Tor's core software developers to testify in a criminal hacking investigation, CNNMoney has learned. But the developer, who goes by the name Isis Agora Lovecruft, fears that federal agents will coerce her to undermine the Tor system -- and expose Tor users around the world to potential spying. That's why, when FBI agents approached her and her family over Thanksgiving break last year, she immediately packed her suitcase and left the United States for Germany. "I was worried they'd ask me to do something that hurts innocent people -- and prevent me from telling people it's happening," she said in an exclusive interview with CNNMoney. Earlier in the month, Tech Dirt reported the Department of Homeland Security wants to subpoena the site over the identity of a hyperbolic commenter. [Slashdot]

It's depressing that I can now say that I'm old enough to remember when people defected to the US.

EFF Publishes Study On Browser Fingerprinting
Jun 3rd, 2011 by Ken Hagler

EFF Publishes Study On Browser Fingerprinting. Rubinstien writes "The Electronic Frontier Foundation investigated the degree to which modern web browsers are susceptible to 'device fingerprinting' via version and configuration information transmitted to websites. They implemented one possible algorithm, and collected data from a large sample of browsers visiting their Panopticlick test site, which we've discussed in the past. According to the PDF describing the study, browsers that supported Flash or Java on average supplied at least 18.8 bits of identifying information, and 94.2% of those browsers were uniquely identifiable in their sample. My own browser was uniquely identifiable from both the list of plugins and available fonts, among 1,557,962 browsers tested so far." [Slashdot]

I visited the test site with my default browser with Tor and NoScipt on, and it had this to say:

Within our dataset of several million visitors, only one in 10,791 browsers have the same fingerprint as yours.

Currently, we estimate that your browser has a fingerprint that conveys 13.4 bits of identifying information.

However, it reports the user agent incorrectly, as Tor is set to lie about what browser I'm using. When I turned Tor off and reloaded the test page, I got this instead:

Within our dataset of several million visitors, only one in 21,435 browsers have the same fingerprint as yours.

Currently, we estimate that your browser has a fingerprint that conveys 14.39 bits of identifying information.

If I'm not mistaken, this means that the test site thinks I'm in the first group of browsers when I'm actually in the second group.

Tor weaknesses
Dec 28th, 2010 by Ken Hagler

Flaws in Tor anonymi­ty net­work spot­light­ed. At the Chaos Com­put­er Club Con­gress in Berlin, Ger­many on Mon­day, researchers from the Uni­ver­si­ty of Regens­burg deliv­ered a new warn­ing about the Tor anonymiz­er net­work, a sys­tem aimed at hid­ing details of a com­put­er user’s online activ­i­ty from spy­ing eyes.

The attack doesn’t quite make a surfer’s activ­i­ty an open book, but offers the abil­i­ty for some­one on the same local network—a Wi-Fi net­work provider, or an ISP work­ing at law enforce­ment (or a régime’s) request, for example—to gain a poten­tial­ly good idea of sites an anony­mous surfer is view­ing. [Ars Tech­ni­ca]

There are things users can do to pro­tect them­selves. From the arti­cle:

Users them­selves can guard against this type of fingerprint-based eaves­drop­ping rel­a­tive­ly eas­i­ly, Her­rmann not­ed. Down­load­ing or request­ing more than one site at a time through the net­work will mud­dy the pat­tern enough that cer­tain­ty will be very dif­fi­cult for the eaves­drop­per to estab­lish.

And from one of the com­ments:

This attack should be sig­nif­i­cant­ly less effec­tive as well if the tar­get in ques­tion is a ful­ly func­tion­al and qual­i­ty relay­ing node. In that case oth­er peo­ple access­ing through the node would ran­dom­ize things sig­nif­i­cant­ly, and their access would be impos­si­ble to dif­fer­en­ti­ate from a local user with­out the kind of phys­i­cal access that makes the entire thing moot.

Wrong approach
May 26th, 2010 by Ken Hagler

Brows­er add-on blocks Google Ana­lyt­ics. Google has released an add-on for Web browsers that blocks infor­ma­tion from being sent to its Ana­lyt­ics ser­vice. [Mac­Cen­tral]

This is rather point­less, as Tor blocks Google Ana­lyt­ics, and any oth­er form of spy­ing on the Inter­net. Any­one who wants their brows­ing to be pri­vate is using it, which means that the peo­ple com­plain­ing about Google Ana­lyt­ics track­ing their activ­i­ty are only announc­ing their own igno­rance or stu­pid­i­ty (or both).

Brows­ing the web with­out Tor and com­plain­ing about pri­va­cy is like stand­ing on a crowd­ed side­walk and then com­plain­ing that peo­ple can see you.

How not to release leaked information
Dec 31st, 2009 by Ken Hagler

Brief: TSA sub­poe­nas blog­gers to find source of secu­ri­ty doc leak.

The Trans­porta­tion Secu­ri­ty Admin­is­tra­tion is attempt­ing to find the source of a leak of a sen­si­tive secu­ri­ty direc­tive that fol­lowed a failed air­line bomb­ing attempt on Christ­mas Day. Two trav­el blog­gers have revealed that they have been sub­poe­naed to pro­vide infor­ma­tion that may lead to the source of the leak.

Short­ly after an attempt­ed “under­wear” bomber was dis­cov­ered on North­west Air­lines Flight 253 from Ams­ter­dam to Detroit on Decem­ber 25, the Trans­porta­tion Secu­ri­ty Admin­is­tra­tion issued imme­di­ate, tem­po­rary changes to secu­ri­ty pro­ce­dures in an attempt to pre­vent sim­i­lar inci­dents. The par­tic­u­lar details of those changes were issued in an inter­nal secu­ri­ty direc­tive, intend­ed only for TSA employ­ees. How­ev­er, copies of the direc­tive were leaked to sev­er­al blog­gers and quick­ly spread around the ‘Net.

Writ­ers Chris Elliott and Steven Frischling both received copies of the secu­ri­ty direc­tive from anony­mous sources, and both pub­lished the text of the direc­tive after mass con­fu­sion set in among hol­i­day trav­el­ers affect­ed by the sud­den changes in secu­ri­ty pro­ce­dures. It appears that the TSA is not pun­ish­ing either for pub­lish­ing the doc­u­ment; rather, they are try­ing to find the source of the leak.

The DHS & TSA are tak­ing this mat­ter seri­ous­ly, and that tells me that they are pay­ing atten­tion to secu­ri­ty in detail,” Frischling wrote on his blog. So far, nei­ther has admit­ted to know­ing the iden­ti­ty of the source of the TSA direc­tive.

The leak is some­what embar­rass­ing for the TSA, though, in light of a recent leak of the entire con­tents of the TSA’s “Stan­dard Oper­at­ing Pro­ce­dures” man­u­al online. That dis­clo­sure was due to improp­er redact­ing of the doc­u­ment, which the TSA lat­er claimed to be out of date.

[Ars Tech­ni­ca]

The les­son to be learned here is that if you find your­self in pos­ses­sion of infor­ma­tion which would embar­rass the gov­ern­ment, don’t pin a giant tar­get on your­self by post­ing it to your blog. Instead, use Tor to upload it anony­mous­ly to Wik­ileaks.

Article on sci-fi publisher Tor
Nov 13th, 2008 by Ken Hagler

New at Rea­son: Kather­ine Mangu-Ward on Sci­ence Fic­tion Pub­lish­er Tor Books.

From our Decem­ber issue, Asso­ciate Edi­tor Kather­ine Mangu-Ward offers a guid­ed tour of the anti-authoritarian uni­verse of Tor Books, the world’s most suc­cess­ful sci­ence fic­tion pub­lish­er.

Read all about it here. 

[Hit and Run]

Some par­tic­u­lar­ly good quotes from the arti­cle:

Sci­ence fic­tion nov­el­ist Cory Doc­torow, a self-described civ­il lib­er­tar­i­an whose Tor titles include the bril­liant­ly para­noid young adult nov­el Lit­tle Broth­er, sug­gests why sci­ence fic­tion writ­ers think so much about alter­na­tive worlds. “It’s com­plete­ly unsur­pris­ing that peo­ple who, you can imag­ine, aren’t at the top of the peck­ing order in high school would turn to sci­ence fic­tion,” says Doc­torow, who is also co-author of the wild­ly pop­u­lar geek blog Boing Boing. “The peo­ple who write it have often not been ben­e­fi­cia­ries of the author­i­tar­i­an sys­tem. They’re the peo­ple who don’t fit in exact­ly, and if you always rub up against social con­straints, you’re the kind of per­son who’s will­ing to sit down and have a good hard think about whether this is the best way to do things.”


I sus­pect S.F. has an indi­vid­u­al­is­tic, anti­au­thor­i­tar­i­an trend to it not least because so many of the peo­ple who read and write it (not all by any means, but quite a few) are innerdi­rect­ed intro­verts who make nei­ther good lead­ers nor good fol­low­ers,” emails Har­ry Tur­tle­dove, a best-selling author whose most famous nov­els pose ques­tions about con­tin­gency in his­to­ry and the impor­tance of indi­vid­ual action. “Am I talk­ing about myself? Well, now that you men­tion it, yes. But I ain’t the only one, not even close.”

»  Substance:WordPress   »  Style:Ahren Ahimsa
© Ken Hagler. All rights reserved.