Slashdot Log In
Anonym.OS a Boon for Privacy Geeks?
Posted by
ScuttleMonkey
on Mon Jan 16, 2006 06:29 PM
from the what-happens-online-stays-online dept.
from the what-happens-online-stays-online dept.
The Hosting Guy writes "Wired is running an article about a live CD that makes anonymous browsing easy enough for everyone. 'So easy to use you can hand it to your grandmother and send her off on her own to the local Starbucks.' Anonym.OS makes extensive use of Tor, the onion routing network that relies on an array of servers passing encrypted traffic to permit untraceable surfing."
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Privacy Geek (Score:5, Interesting)
Has the will to un-molestation finally passed out of mainstream?
Re:Privacy Geek (Score:5, Insightful)
There's a big difference between not wanting the government to tap your phone and not wanting web sites to put a cookie on your PC. The latter is a "privacy geek" thing, and yes, that level of privacy is fringe.
Parent
Re:Privacy Geek (Score:4, Insightful)
Funny you should mention "molestation", because guess what behavior Big Brother is going to cite when they crack down on anonymous Internet proxying?
I value my privacy and will fight tooth and nail to preserve it. However, "privacy" and "anonymity" are not the same thing.
My home is private. My computer is private.
Anything I do outside of my home, whether I travel via foot or via wire, is public and there's a possibility that I may be seen or even recognized.
Parent
Re:Privacy Geek (Score:4, Interesting)
Being "seen" or "recognized" as in the pre-computer-age sense isn't the issue. The issue is having the minutiae of your online and offline behavior recorded, wherever you go and whatever you do.
How do you think the police would react if you, a private citizen, set up cameras recording all of their officers as they left and returned to their station. You would deploy robotic cameras to follow them on the public roadways. You'd correlate this video with officer names and pictures and store it in a database, which you'd sell to anyone who would pay your price. I don't think they would permit you to do it for long.
This is essentially what they want to do to us. Why should we permit it, when they won't permit us the same privilege? Are police some sort of superbeings who won't use this imbalance to their own advantage? Are they the world's most perfect database administrators and programmers, who will never leave any flaws or bugs that would let someone steal this information? Are they free of bureaucracy and able to establish truly secure protocols for the management of this information?
It's a power grab, plain and simple, happening online and offline. Technology isn't the problem; the problem is that the current authorities are seizing the initiative to establish every new technological application in their own favor, further empowering the powerful and weakening everyone else.
Parent
Re:Privacy Geek (Score:5, Insightful)
Nothing wrong with any of that, even if it does look a bit out of place to those around you.
Now then, I might elect to use Tor, PGP, S/MIME, OpenVPN in a deliberate attempt to disguise my identity.
And there's nothing wrong with that, either.
The notion that I might be conducting myself "in public" does not require me to wear my secrets on my shirtsleaves.
Parent
Re:Privacy Geek (Score:4, Insightful)
I qoute the 4th ammendment:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Searching and seizing needs to be limited to private places and things, otherwise police can't arrest anyone anywhere without a warrant or confiscate drugs in public parks.
Parent
Re:Privacy Geek (Score:5, Insightful)
(pretending that's not a troll...)
The Internet being "public" is your assumption. You infer it, but it's certainly not implied.
The Internet is designed as an end-to-end architecture. AKA point-to-point, which is exactly what the telephone system is. It's not inherently designed to be public or private, but the end-to-end architecture certainly enables truly private communication (assuming the continuing existence of encryption technologies not broken or illegal), and to me it strongly suggests that, given demand, it should be a feature of most Internet applications. Which it sort of is, if you don't count security (i.e., my email and IM and web surfing is private, but that privacy is usually not very secure.)
Ultimately, the Internet with private communication is ten times as useful as the one without it. Maybe a thousand times. Hell, given the cultural impact, you can't measure the difference at all. It leads to two very different worlds.
Parent
"Automated" does not imply "Private" (Score:4, Informative)
In fact I wouldn't liken email to regular 'snail mail' at all. It's much more like the old Western Union telegram service. You prepare your message and give it to someone who transmits it to someone else, who copies it down, and then passes it off for delivery to the recipient at some later time. People trust email because the machinery isn't very visible, and the whole thing seems very direct; the telegraph system in contrast is rather obviously not private even to someone unfamiliar with the technology because of the human interaction involved.
People have to divorce the idea of "no human interaction" from "privacy." Just because a system is automated doesn't mean that you should have or make any assumption of privacy. You have no way of knowing whether the recipient's mailserver is retaining copies of all their messages, or forwarding them to a third party, or many third parties. In fact in many corporate environments it's safe to assume that all email is being saved (although it's probably not being looked over immediately by a person) for a number of years -- yet because there's no obvious and constant reminder of the openness of the system (i.e. the telegraph clerk) people forget that it's not private.
As much as I despise the law in its current incarnation, I think the DMCA is an interesting model for the future of privacy in the digital age. If you send unencrpyted conversations over the wire, using any communication model where the messages do not flow directly from one client to the other over TCP/IP (or other network fabric which is commonly known to be end to end, or where the message is not stored and forwarded as a whole, e.g. only as packets), then there should not be any assumption of privacy. The exception is if the owners/operators of all the intermediate servers used in the communication (email servers, IM relays) have explicitly agreed not to retain copies or otherwise retain traffic. (In which case if they do retain copies, it becomes a breach-of-contract case.) If you desire any privacy, either use an end-to-end communication model, which could be as easy as clicking on the other person in AIM and choosing Direct Connect, or use some form of encrpytion on your messages. I don't care if your "encrpytion" is ROT-13, just something so that the person doing the interception has to expend some amount of directed effort to read your message, and that they know the contents were sent with the assumption of privacy.
By encrypting the message you as the communicator are attempting to create a more private channel of communication, and it means that to read your message, someone has to purposely decrypt the message and therefore cannot defend themselves by saying that the message was not sent as a private one. In the same way that the DMCA makes it illegal to circumvent a device meant to protect copyrighted data, a new privacy law could make it illegal for anyone to decrypt a communication that they are not the sender or intended recipient of, without due process and authority (e.g. warrant, or existing agreement with one party).
The point is that nobody with a basic understanding of the technology makes the assumption that email or instant messaging is private; although I understand the feelings of people who don't want privacy to be an "opt in" deal, it's also fair that people should have to take a certain amount of responsibility and consideration of how they communicate. If they desire privacy, it's easy enough to do. What we need to do is make sure that we have a legal framework for protecting people, once they make the decision to attempt to secure their channels of communication, so that there is not an open 'arms race' that will leave all but the most technically adept behind.
Parent
Re:Privacy Geek (Score:4, Informative)
Parent
un-molestation (Score:5, Insightful)
The idea that one might live one's life in private and without fear of molestation is a *very* recent phenomenon. It's not passing out of the mainstream, it never quite arrived there.
The right to privacy is a post-war interpolation from the set of Constitutional rights. It was hardly a consideration before single-family households became common beyond the elite classes consequent to industrialisation. The very idea of private life took meaning from the distinction to be drawn between the public and private duties of the landed gentry, whether he was acting as public judge or administrator of his chattel. The idea that citizens required more privacy than that demanded by Christian modesty simply did not occur. It is only in the last generation that anyone became actually interested in the details of your private life. Before the information age, such trivia had no value beyond the prurient, of interest only to busibodies and the beat cop; again, unless you were a name.
Parent
Re:un-molestation (Score:5, Informative)
Both the concept of privacy and the right to it go back much farther than you believe. As a simple example, do you think the inhabitants of a Roman insula (Equivalent to a modern apartment house.) had a communal lifestyle? No, of course they didn't, any more than renters in a modern apartment complex do today, and for the same reason. Each family has their own private space, and what they do there is nobody else's business. I suggest you study at least a little history before you start sounding off about it again, lest you put your other foot into your mouth.
Parent
Okay, maybe not the first. (Score:4, Funny)
That's the first time I've ever known a Slashdot editor to be sloppy.
Parent
Re:Fringe Group (Score:5, Insightful)
The fact that this score has an Insightful Moderation is scary...I've got Karma to burn, so let me speak my mind.
We should have a reasonable expectation of privacy in our everyday lives, even if the constitution doesn't have a "de facto" privacy clause in it. Remember that crazy court Case Roe v. Wade? The court didn't say that "abortion was legal," the Court declared that laws prohibiting abortion represented a violation of a women's right to privacy. While the right to privacy does to exist as such in the Constitution it has long been interpreted to exist as an umbrella created by the first 5 amendments in the Bill of Rights.
To be quite honest with you, I know cops who have problems with the way that today's society is going. They don't want to have to worry about carrying an ID when they're walking down the street to buy a gallon of milk. (HIIBEL V. SIXTH JUDICIAL DIST. COURT OF NEV.,HUMBOLDT CTY. (03-5554) 542 U.S. 177 (2004) 118 Nev. 868, 59 P.2d 1201, affirmed. [cornell.edu])
It really bothers me in a multitude of ways that our civil liberties are being torn down under the guise of terrorism. It really bothers me that many people are letting their guards down and just allowing these rights to just be walked on like nothing matters. Is it just me or am I the only one who sees a problem here?
Parent
Too bad no one using it can comment (Score:5, Insightful)
Re:Too bad no one using it can comment (Score:5, Interesting)
Parent
Re:Too bad no one using it can comment (Score:5, Informative)
Of course, (s)he also isn't posting anonymously.
Parent
anonymous? (Score:5, Informative)
Re:anonymous? (Score:5, Funny)
Can't you just declare war and have them rejoin the union?
Parent
sniffing outbound connections from a tor node (Score:5, Interesting)
Just by running a tor node, you get the oppertunity to collect login+password information for any non-ssl site tor users log into. You also get to see cookie information to boot. Hey, at some point, the traffic has to exit the tor obfuscation network, and if you run a node, you're going to get a bunch of that traffic. It's only a matter of time.
That's why I refuse to use "anonymizer" networks like tor. You can't even login to your damn webmail, without giving away your account information.
Parent
Re:sniffing outbound connections from a tor node (Score:5, Informative)
If you're worried about man-in-the-middle attacks, then the website you're visiting is probably the party you trust most in the transaction, and every step that your info takes along the way is another set of eyes that might be snooping on it. In this situation, you are correct that an anonymizing proxy will probably result in subjectively poorer security.
Then again, any website that has private data that you'd like to keep that way most likely has SSL enabled anyway. If you're using an end-to-end SSL-enabled webmail service like Gmail (httpS://gmail.com), and you trust 128-bit SSL, then you've probably got nothing to fear*. If you don't trust SSL, then you're probably worried about Big Brother and No Such Agency and the like. In this case, you're probably better off just hiding under your bed.
*Note that Yahoo! mail SSL-enables only their login page. Anybody in the middle running a packet sniffer or checking their web proxy logs can see your mail when you read it. They just can't see your Yahoo! password.
Parent
Speaking of anonymous.... (Score:5, Funny)
This is why co-workers and I have been working on Fappix - The Pornnoisseur Distro. Not only can you browse anonymously but you have several thousand pre-bookmarked pages to choose from in categories ranging from Amateur Nudes to Bukkake Hentai to Puke porn. You have a hankering for some DP? We got it. Maybe a little fisting for those slow lonely nights at home. Nothing but the best for our users!
Never worry about having the correct video codec or player again as they will all be pre-installed! No more waiting another 20 minutes to download and install some obscure viewer just so you can rub on off to Kismet the Albino Sheep Goes to the Circus!
With our patented "Live (Hand) CD" technology you simply boot from the disk and off you go into fantastic realms of spanktacular fun without the worry of spyware, malware, trojans, or incriminating cache files again. You'll never have to blame that spandex scat video on "some spam or something" ever again!
Fappix. The sound of one hand clapping.
Re:Speaking of anonymous.... (Score:5, Funny)
Parent
Re:Speaking of anonymous.... (Score:5, Funny)
Very likely because they think your talking about some body part.
Parent
Re:Speaking of anonymous.... (Score:5, Insightful)
All of it?
I'm looking for hard statistics cause most "normal" people don't get it when I refer to my connection as a "porn pipe".
Have you tried wearing pants?
Parent
Interesting quotes (Score:4, Funny)
'So easy to use you can hand it to your grandmother and send her off on her own to the local Starbucks.'
Am I the only one who finds the juxtaposition of these two quotes alarming? I don't want gamgams to end up in the pokey (pun intended) for inappropriate behavior at Starbucks. That would be weird.
Re:Interesting quotes (Score:4, Funny)
Keep a weather eye on those friends, too.
If her compiler is a little dusty, compile-time meta-programming is definitely out. Bingo is a sufficiently 'edgy' activity for gamgams, think you not?
Parent
Anonymous developments? (Score:4, Interesting)
1. What are the theories behind simple anonymous sharing of data? (I know there are newer versions of P2P beyond Torrent that allow for a third party mediator between two anonymous parties. This seems like a start to making a truly free-speech undernet.)
2. Is it possible to completely diversify the Internet away from IP-based hosting to a new swarm-network of anonymous users all hosting little pieces of various forms of information? 2b. Is anyone working on this swarm idea?
3. As information becomes more accessible, will the need for information privacy be important? 3b. Is it more important to create a totally anonymous information sharing network than it is to work on harder to break encryption schemes?
Re:Anonymous developments? (Score:5, Informative)
It depends on what you mean by the terms "simple", "anonymous", and "sharing." Seriously. There is a lot of crypto research out there that touches upon the various possibilities, but it all boils down to this: the more anonymity you have in the network the higher the cost of using that network for everyone involved (where cost == increased bandwidth & CPU consumption and increased message passing latency.) In terms of what is possible there is basically a big dial, labelled "apply various crypto protocols and message-hiding techniques", that you can turn to decide how much inconvenience you are willing to put up with in return for better privacy.
2. Is it possible to completely diversify the Internet away from IP-based hosting to a new swarm-network of anonymous users all hosting little pieces of various forms of information? 2b. Is anyone working on this swarm idea?
Possible, but difficult. The difficulty increases significantly if you want to ensure reliability & availability of the data provided by the swarm or provide the nifty "web 2.0" trappings that most people have come to expect from web sites. Various projects are working on components of this mythical system, ranging from the Tor networking system mentioned in the original post to the Invisible Internet Project and GNUNet. Nailing the whole package in a single effort is a non-starter for anyone who has even casually glanced at the relevant research necessary to begin such a project, so each effort focuses on one specific aspect and eventually it might be possible to combine these efforts into a single coherent sytem.
In other words, don't hold your breath waiting for this one to actually come about.
3. As information becomes more accessible, will the need for information privacy be important? 3b. Is it more important to create a totally anonymous information sharing network than it is to work on harder to break encryption schemes?
I won't bother trying to answer the first part of the question because it is a matter of personal preference. As far as the second half of the question goes, having good end-to-end security does not help you if either of the endpoints is compromised; a malicious server can reveal that you are surfing for child porn while a malicious user can reveal that your site is distributing bomb-making recipes with no need for the points in between the two ends to break the communications encryption.
Parent
Fantastic! (Score:5, Funny)
Fantastic! I've always thought copious amounts of caffeine and an anonymous method of browsing for porn were meant for ubergeeks like myself, but now that my *grandma* can do it as well, that's just fantastic!
OH GOD, MY EYES!!!
OpenBSD based, not FreeBSD (Score:5, Informative)
It isn't -- it is OpenBSD-based. So you'd figure the encryption would be top-notch. Also the OS is already very secure. That's what they focus on, to the exclusion of other things.
OpenBSD is quite reliable. If it includes drivers for hardware, they work.
Also, they only use code that they can look at. No blogs of code (like Linux or FreeBSD) are allowed. That's because if you can't inspect them, the NSA or an attacker might have put some bad code in there. It is because of things like this that Theo De Raadt won a prize from Stallman for his contributions to free software.
Re:OpenBSD based, not FreeBSD (Score:5, Funny)
Parent
The whole privacy movement seems to have fizzled. (Score:5, Interesting)
I'd check on these projects every few years, until finally, I sorta gave up on following them. They seemed to stagnate, never getting beyond the fringe.
A year or so ago, I wanted to the utilize mixmaster remailers, and I *still* wasn't able to find an up-to-date, lucid HOWTO or a client that didn't require a *lot* of work to use.
I haven't actively sought these tools in a while, so maybe they've caught up. But I keep my ear to the wall, and I have yet to hear any murmers of good anonymizing technologies, nor do I ever see any passing references to people using them.
I have assumed that the movement is either dead (nobody cares anymore) or ubiquitous (it's common knowledge and no big deal). Somehow, I kinda doubt it's the latter.
I've been toying with an idea for a site/system in the spirit of the Mixmaster remailers, but I want to be able to evaluate the current technologies before I totally re-invent the proverbial wheel. (Plus, I wish to be as anonymous in the registration and publication of the site as possible). I'd *love* some pointers.
Re:The whole privacy movement seems to have fizzle (Score:5, Interesting)
At one point in Internet history, we (the libertarian/anarchists/cypherpunks) thought it might bring a new era of freedom. BBSs had given us a taste, and many people expected the Internet to be like a huge BBS, with everything you could imagine on it.
And it was, for a while.
Then some copyright lawyers started jumping on board, and harassing lyrics sites.
The Scientologists started suing people left and right.
Spam started snowballing.
MP3s cause the record companies to start wishing people were only trading lyrics.
Late 1998 though 1999 was the high point I think. Geeks were Gods. Stories of geek millionaires were all over the place. The US finally watered down the stupid crypto regulations. Things were looking up.
Then the Columbine shootings happened.
The 2000 elections brough all kinds of leftists out of the woodwork. Remember Nader? He sure got enough astroturfing here on Slashdot.
The so called "anarchists" get all over the news acting like total fuckwads at WTO "protests".
The WTC attack caused all the people with comfortable lives that liked to think they were cypherpunks to turn. Pull up some stories from Slashdot on 9/11 and 9/12 and see how many people were so willing to offer up the liberty for a slice of security. PATRIOT act flies through with little hassle.
News media reduced to saying things like "Some civil libertarians have concerns" instead of "What the fuck are they thinking?"
Scam artists hiding behind patent law started really milking it.
So you have left what you have today. An environment where you can't really do anything without the risk of lawsuit or arrest. I see things slowly shifting back toward the side of freedom, but it's been a slow recovery.
If Steve Jackson Games Raid happened today, would people be outraged enough to form something like the EFF? I doubt it.
Parent
Re:The whole privacy movement seems to have fizzle (Score:4, Informative)
Steve Jackson Games [wikipedia.org]
EFF's SJG Archive [eff.org]
SJG's Opinion of the whole thing [sjgames.com]
In short, the Secret Service knocks over a game publisher (micro-TSR-style games, such as Illuminati) and attempts to prove that D&D'ers taught David Lightman how to use a Shlitz pulltab to hack into the 911 system. Courts decide Secret Service was completely unjustified, award court fees to SJG. The legal team/computer activists that coalesced around the issue became the EFF.
Parent
Has this been tested? (Score:4, Funny)
Like, have they downloaded/posted credit card numbers, kiddy porn, terrost plots, maybe post a promise to kill the president, and customized ones for several western and radical countries? Maybe send death threats to the head of the CIA, FBI, and NSA? Maybe the russian mafia? Maybe the israli secret police?
If people start getting away with those kind of things, then I'll conisider it.
TOR (Score:4, Informative)
Re:TOR (Score:4, Informative)
Tor was developed [internetnews.com] by the US Navy. This is not a huge surprise -- DARPA and the ONR fund a lot of computer research, including security. Besides, if the federal government wanted to spy on you, it wouldn't be doing so via the Navy. That's the FBI's job.
Well, unless you don't live in the US. Then it's the CIA's job.
Parent
Torrent Download (Score:5, Informative)
http://linuxtracker.org/download.php?id=1249&name
175seeds to 700peers as of 6:53PM MST
Phone conversation with Grandma at Starbucks (Score:5, Funny)
[me] There's no blue E grandma, click on the orange and blue ball.
[Grandma] What does "Server not found" mean?
[me, muttering...] fsck'ing TOR timeouts
[Grandma] What was that again, I couldn't hear you.
How anonymous are we talking? (Score:4, Funny)
Re:Anonymous and suspicious (Score:4, Insightful)
Parent
Re:Anonymous and suspicious (Score:5, Insightful)
In police states, someone who wants to be anonymous deviates from the norm and automatically becomes suspicious, as The Man considers that if you're not guilty, you have nothing to hide.
In US-PATRIOT USA, I'm not sure I'd want to participate in the Tor network. I'm definitely not the only one. Perhaps I'm a coward, but that should tell you something of what this country is slowly turning into...
Parent
Anonymity is your constitutional right (Score:5, Insightful)
The fact that a bunch of sickos use this technology to be perverted does not mean that the rest of us should not use it. If you care about your freedom and you don't like what is going on then you can use it to safely make your complaints heard.
Parent
Re:Anonymity is your constitutional right (Score:4, Insightful)
Parent
Re:Anonymity is your constitutional right (Score:4, Informative)
How about the Fourth Amendment? While it denies the government the ability to do "unreasonable" searches and seizures, it allows them to do all the REASONABLE searchin' and seizin' they want. That pretty much limits your privacy to whatever the administration in charge deems to be "reasonable." For instance there is no limit on how intrusive an inspector from Child Protective Services can be. None.
Parent
Re:Anonymous and suspicious (Score:5, Insightful)
So true. In fact, I would suggest that you stop using envelopes when mailing letters and just use postcards instead, that way everybody along the way can read them much more easily. You don't have anything to hide, do you?
No real reason for secret ballots either, now that I think about it. After all, you're not attemting to make an illegal vote.
The police ought to be able to search your house at will, too. If you're not doing anything wrong you have nothing to fear, right?
Oh, remember that sooner or later if you stop defending your freedoms you lose them. When it becomes illegal to criticize the government and you say "but that wasn't what I meant" it's just a tad too late.
Parent
Re:But (Score:5, Funny)
Yes, I suppose they have that kind of porn, too.
Parent
Re:Joke's on them (Score:5, Funny)
I nominate this for the most concisely inept retelling of the history of the Internet ever!
Parent
Re:Maybe it's a newbie question (Score:5, Interesting)
If it doesn't validate, it means that someone could have setup a web server pretending to be the one asking for your credit card. It's a common man-in-the-middle attack, and is very easy to do with automated tools (like ettercap). You are protected, though, since the certificate (shouldn't be) valid in this case... the trusted CAs are trusted because they won't give a valid certificate to someone that's doing MITM attacks in Starbucks. (However, the CAs have been known to lapse. A certificate was granted a while back to something like paypa1.com and was used to phish paypal details. Users thought it was OK because the cert was valid, but it was valid for the wrong site.)
Either way, be careful.
Parent
you first. (Score:5, Funny)
Hey, can I have your Social Security and bank account numbers?
What do you mean, "no"? INFORMATION WANTS TO BE FREEEEE!!!
Parent