Anonym.OS a Boon for Privacy Geeks? 403
The Hosting Guy writes "Wired is running an article about a live CD that makes anonymous browsing easy enough for everyone. 'So easy to use you can hand it to your grandmother and send her off on her own to the local Starbucks.' Anonym.OS makes extensive use of Tor, the onion routing network that relies on an array of servers passing encrypted traffic to permit untraceable surfing."
Privacy Geek (Score:5, Interesting)
Has the will to un-molestation finally passed out of mainstream?
Re:Privacy Geek (Score:5, Insightful)
There's a big difference between not wanting the government to tap your phone and not wanting web sites to put a cookie on your PC. The latter is a "privacy geek" thing, and yes, that level of privacy is fringe.
Re:Privacy Geek (Score:4, Insightful)
Funny you should mention "molestation", because guess what behavior Big Brother is going to cite when they crack down on anonymous Internet proxying?
I value my privacy and will fight tooth and nail to preserve it. However, "privacy" and "anonymity" are not the same thing.
My home is private. My computer is private.
Anything I do outside of my home, whether I travel via foot or via wire, is public and there's a possibility that I may be seen or even recognized.
Re:Privacy Geek (Score:3, Insightful)
Re:Privacy Geek (Score:3, Insightful)
The problem with this statement is that not all activity on the internet is like strolling in the park or mall. Many times activity on the internet is exactly like a phone call, a communicatin between friends/colleagues/etc. For instance, email or instant messaging. If you post someth
Re:Privacy Geek (Score:4, Informative)
Re:Privacy Geek (Score:5, Insightful)
(pretending that's not a troll...)
The Internet being "public" is your assumption. You infer it, but it's certainly not implied.
The Internet is designed as an end-to-end architecture. AKA point-to-point, which is exactly what the telephone system is. It's not inherently designed to be public or private, but the end-to-end architecture certainly enables truly private communication (assuming the continuing existence of encryption technologies not broken or illegal), and to me it strongly suggests that, given demand, it should be a feature of most Internet applications. Which it sort of is, if you don't count security (i.e., my email and IM and web surfing is private, but that privacy is usually not very secure.)
Ultimately, the Internet with private communication is ten times as useful as the one without it. Maybe a thousand times. Hell, given the cultural impact, you can't measure the difference at all. It leads to two very different worlds.
"Automated" does not imply "Private" (Score:4, Informative)
In fact I wouldn't liken email to regular 'snail mail' at all. It's much more like the old Western Union telegram service. You prepare your message and give it to someone who transmits it to someone else, who copies it down, and then passes it off for delivery to the recipient at some later time. People trust email because the machinery isn't very visible, and the whole thing seems very direct; the telegraph system in contrast is rather obviously not private even to someone unfamiliar with the technology because of the human interaction involved.
People have to divorce the idea of "no human interaction" from "privacy." Just because a system is automated doesn't mean that you should have or make any assumption of privacy. You have no way of knowing whether the recipient's mailserver is retaining copies of all their messages, or forwarding them to a third party, or many third parties. In fact in many corporate environments it's safe to assume that all email is being saved (although it's probably not being looked over immediately by a person) for a number of years -- yet because there's no obvious and constant reminder of the openness of the system (i.e. the telegraph clerk) people forget that it's not private.
As much as I despise the law in its current incarnation, I think the DMCA is an interesting model for the future of privacy in the digital age. If you send unencrpyted conversations over the wire, using any communication model where the messages do not flow directly from one client to the other over TCP/IP (or other network fabric which is commonly known to be end to end, or where the message is not stored and forwarded as a whole, e.g. only as packets), then there should not be any assumption of privacy. The exception is if the owners/operators of all the intermediate servers used in the communication (email servers, IM relays) have explicitly agreed not to retain copies or otherwise retain traffic. (In which case if they do retain copies, it becomes a breach-of-contract case.) If you desire any privacy, either use an end-to-end communication model, which could be as easy as clicking on the other person in AIM and choosing Direct Connect, or use some form of encrpytion on your messages. I don't care if your "encrpytion" is ROT-13, just something so that the person doing the interception has to expend some amount of directed effort to read your message, and that they know the contents were sent with the assumption of privacy.
By encrypting the message you as the communicator are attempting to create a more private channel of communication, and it means that to read your message, someone has to purposely decrypt the message and therefore cannot defend themselves by saying that the message was not sent as a private one. In the same way that the DMCA makes it illegal to circumvent a device meant to protect copyrighted data, a new privacy law could make it illegal for anyone to decrypt a communication that they are not the sender or intended recipient of, without due process and authority (e.g. warrant, or existing agreement with one party).
The point is that nobody with a basic understanding of the technology makes the assumption that email or instant messaging is private; although I understand the feelings of people who don't want privacy to be an "opt in" deal, it's also fair that people should have to take a certain amount of responsibility and consideration of how they communicate. If they desire privacy, it's easy enough to do. What we need to do is make sure that we have a legal framework for protecting people, once they make the decision to attempt to secure their channels of communication, so that there is not an open 'arms race' that will leave all but the most technically adept behind.
Re:Privacy Geek (Score:4, Interesting)
Being "seen" or "recognized" as in the pre-computer-age sense isn't the issue. The issue is having the minutiae of your online and offline behavior recorded, wherever you go and whatever you do.
How do you think the police would react if you, a private citizen, set up cameras recording all of their officers as they left and returned to their station. You would deploy robotic cameras to follow them on the public roadways. You'd correlate this video with officer names and pictures and store it in a database, which you'd sell to anyone who would pay your price. I don't think they would permit you to do it for long.
This is essentially what they want to do to us. Why should we permit it, when they won't permit us the same privilege? Are police some sort of superbeings who won't use this imbalance to their own advantage? Are they the world's most perfect database administrators and programmers, who will never leave any flaws or bugs that would let someone steal this information? Are they free of bureaucracy and able to establish truly secure protocols for the management of this information?
It's a power grab, plain and simple, happening online and offline. Technology isn't the problem; the problem is that the current authorities are seizing the initiative to establish every new technological application in their own favor, further empowering the powerful and weakening everyone else.
Re:Privacy Geek (Score:5, Insightful)
Nothing wrong with any of that, even if it does look a bit out of place to those around you.
Now then, I might elect to use Tor, PGP, S/MIME, OpenVPN in a deliberate attempt to disguise my identity.
And there's nothing wrong with that, either.
The notion that I might be conducting myself "in public" does not require me to wear my secrets on my shirtsleaves.
Re:Privacy Geek (Score:4, Insightful)
I qoute the 4th ammendment:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Searching and seizing needs to be limited to private places and things, otherwise police can't arrest anyone anywhere without a warrant or confiscate drugs in public parks.
un-molestation (Score:5, Insightful)
The idea that one might live one's life in private and without fear of molestation is a *very* recent phenomenon. It's not passing out of the mainstream, it never quite arrived there.
The right to privacy is a post-war interpolation from the set of Constitutional rights. It was hardly a consideration before single-family households became common beyond the elite classes consequent to industrialisation. The very idea of private life took meaning from the distinction to be drawn between the public and private duties of the landed gentry, whether he was acting as public judge or administrator of his chattel. The idea that citizens required more privacy than that demanded by Christian modesty simply did not occur. It is only in the last generation that anyone became actually interested in the details of your private life. Before the information age, such trivia had no value beyond the prurient, of interest only to busibodies and the beat cop; again, unless you were a name.
Re:un-molestation (Score:3, Interesting)
People have an inherent concept of public vs. private space, just like they have an inherent concept of property. Neither of these things were magically created by feudalism, still less by industrialization. Even animals like dogs understand the concept of territory, and they will fight when another animal intrudes on that territory.
It's true that in the course of history, some people got a lot of private space, and some people got the shaft. And yes,
Re:un-molestation (Score:3, Insightful)
I don't see how "unresonable search and seizure" and "no troops shall be quartered in private homes" can really be interpreted in any way other than "leave me alone, unless there's a legitimate reason". Some links to research backing up your assertions would be nice.
Re:un-molestation (Score:3, Insightful)
Actually, grandparent is basically correct; what you are forgetting is that the primary concern of citizens during most of our history is insulation against state power, and the Third and Fourth Amendments are restrictions specifically upon the power of the state to intrude substantially into the personal private sphere.
It would not have occurred to anyone for any time except basically our own (with our historically unique communications and information extraction and analysis tools) that the private info
Re:un-molestation (Score:5, Informative)
Both the concept of privacy and the right to it go back much farther than you believe. As a simple example, do you think the inhabitants of a Roman insula (Equivalent to a modern apartment house.) had a communal lifestyle? No, of course they didn't, any more than renters in a modern apartment complex do today, and for the same reason. Each family has their own private space, and what they do there is nobody else's business. I suggest you study at least a little history before you start sounding off about it again, lest you put your other foot into your mouth.
Re:un-molestation (Score:3, Interesting)
Okay, maybe not the first. (Score:4, Funny)
That's the first time I've ever known a Slashdot editor to be sloppy.
Beware of Geeks Bearing Grifts (Score:3, Interesting)
(One reason I stopped contributing to Wikipedia: members of that community love to use the word "neologism" but obviously have no idea what it actually means.)
Anyway, geekhood is hardly fringe. A geek is just somebody
Re:Beware of Geeks Bearing Grifts (Score:3, Insightful)
What makes you think the public doesn't take privacy seriously? Try getting caught peeking in somebody's bedroom window, and you'll find out how serious most people are about their privacy. It's just that for most people don't need the level of privacy that the Tor Network provides. Someobdy goes to that much trouble to obfuscate their internet tr
Re:Beware of Geeks Bearing Grifts (Score:3, Funny)
"Oh, I'm sorry, sir. I'm anispeptic, frasmotic, even compunctuous to have caused you such pericombobulation."
Re:Fringe Group (Score:5, Insightful)
The fact that this score has an Insightful Moderation is scary...I've got Karma to burn, so let me speak my mind.
We should have a reasonable expectation of privacy in our everyday lives, even if the constitution doesn't have a "de facto" privacy clause in it. Remember that crazy court Case Roe v. Wade? The court didn't say that "abortion was legal," the Court declared that laws prohibiting abortion represented a violation of a women's right to privacy. While the right to privacy does to exist as such in the Constitution it has long been interpreted to exist as an umbrella created by the first 5 amendments in the Bill of Rights.
To be quite honest with you, I know cops who have problems with the way that today's society is going. They don't want to have to worry about carrying an ID when they're walking down the street to buy a gallon of milk. (HIIBEL V. SIXTH JUDICIAL DIST. COURT OF NEV.,HUMBOLDT CTY. (03-5554) 542 U.S. 177 (2004) 118 Nev. 868, 59 P.2d 1201, affirmed. [cornell.edu])
It really bothers me in a multitude of ways that our civil liberties are being torn down under the guise of terrorism. It really bothers me that many people are letting their guards down and just allowing these rights to just be walked on like nothing matters. Is it just me or am I the only one who sees a problem here?
Too bad no one using it can comment (Score:5, Insightful)
Re:Too bad no one using it can comment (Score:5, Interesting)
Re:Too bad no one using it can comment (Score:2, Interesting)
Re:Too bad no one using it can comment (Score:2)
Re:Too bad no one using it can comment (Score:5, Informative)
Of course, (s)he also isn't posting anonymously.
Re:Too bad no one using it can comment (Score:3, Funny)
Stop deluding yourself
Re:Too bad no one using it can comment (Score:3, Informative)
Re:Too bad no one using it can comment (Score:3, Insightful)
People use *their own accounts* to troll Slashdot as well, not to mention regular AC posts. How the fuck is using Tor any different?
Max
Re:Too bad no one using it can comment (Score:3, Interesting)
People need to anonymize their browsing when they are not surfing casually, but rather doing surfing that they don't want anyone to know they've done (duh). So most people don't bother or care to surf, say, slashdot anonymously.
When you are doing things that a government doesn't approve of (and COINTELPRO has taught us that the US government spends lots of time and resources going after people who exercise their rights) then using tor is a good idea.
To put it a
anonymous? (Score:5, Informative)
Re:anonymous? (Score:5, Funny)
Can't you just declare war and have them rejoin the union?
sniffing outbound connections from a tor node (Score:5, Interesting)
Just by running a tor node, you get the oppertunity to collect login+password information for any non-ssl site tor users log into. You also get to see cookie information to boot. Hey, at some point, the traffic has to exit the tor obfuscation network, and if you run a node, you're going to get a bunch of that traffic. It's only a matter of time.
That's why I refuse to use "anonymizer" networks like tor. You can't even login to your damn webmail, without giving away your account information.
Re:sniffing outbound connections from a tor node (Score:5, Informative)
If you're worried about man-in-the-middle attacks, then the website you're visiting is probably the party you trust most in the transaction, and every step that your info takes along the way is another set of eyes that might be snooping on it. In this situation, you are correct that an anonymizing proxy will probably result in subjectively poorer security.
Then again, any website that has private data that you'd like to keep that way most likely has SSL enabled anyway. If you're using an end-to-end SSL-enabled webmail service like Gmail (httpS://gmail.com), and you trust 128-bit SSL, then you've probably got nothing to fear*. If you don't trust SSL, then you're probably worried about Big Brother and No Such Agency and the like. In this case, you're probably better off just hiding under your bed.
*Note that Yahoo! mail SSL-enables only their login page. Anybody in the middle running a packet sniffer or checking their web proxy logs can see your mail when you read it. They just can't see your Yahoo! password.
Re:sniffing outbound connections from a tor node (Score:3)
He's talking about Yahoo webmail, and Google (GMail) webmail. There's no SMTP involved.
On GMail, the whole HTTP session is secured with SSL, on Yahoo only the login page is, so anyone can sniff the rest of the session and read your messages. With GMail that's not possible (assuming you trust 128-bit SSL). Everything, at least as it was being discussed, is being done through the browser, not through a regular email client. So at least if you use GMail, there is end-to-end encryption. With Yahoo there is
Re:sniffing outbound connections from a tor node (Score:3, Informative)
Re:anonymous? (Score:3, Informative)
Yes, it is a little slow, but nothing like freenet. Just slow enough to be too annoying to use consistantly - for me, anyway.
Speaking of anonymous.... (Score:5, Funny)
This is why co-workers and I have been working on Fappix - The Pornnoisseur Distro. Not only can you browse anonymously but you have several thousand pre-bookmarked pages to choose from in categories ranging from Amateur Nudes to Bukkake Hentai to Puke porn. You have a hankering for some DP? We got it. Maybe a little fisting for those slow lonely nights at home. Nothing but the best for our users!
Never worry about having the correct video codec or player again as they will all be pre-installed! No more waiting another 20 minutes to download and install some obscure viewer just so you can rub on off to Kismet the Albino Sheep Goes to the Circus!
With our patented "Live (Hand) CD" technology you simply boot from the disk and off you go into fantastic realms of spanktacular fun without the worry of spyware, malware, trojans, or incriminating cache files again. You'll never have to blame that spandex scat video on "some spam or something" ever again!
Fappix. The sound of one hand clapping.
Re:Speaking of anonymous.... (Score:5, Funny)
Re:Speaking of anonymous.... (Score:3, Funny)
You can tell the guy who's had to deal with porn video file formats a lot. This is real life experience speaking here.
Re:Speaking of anonymous.... (Score:5, Funny)
Very likely because they think your talking about some body part.
Re:Speaking of anonymous.... (Score:5, Insightful)
All of it?
I'm looking for hard statistics cause most "normal" people don't get it when I refer to my connection as a "porn pipe".
Have you tried wearing pants?
Interesting quotes (Score:4, Funny)
'So easy to use you can hand it to your grandmother and send her off on her own to the local Starbucks.'
Am I the only one who finds the juxtaposition of these two quotes alarming? I don't want gamgams to end up in the pokey (pun intended) for inappropriate behavior at Starbucks. That would be weird.
Re:Interesting quotes (Score:3, Funny)
Re:Interesting quotes (Score:4, Funny)
Keep a weather eye on those friends, too.
If her compiler is a little dusty, compile-time meta-programming is definitely out. Bingo is a sufficiently 'edgy' activity for gamgams, think you not?
Anonymous developments? (Score:4, Interesting)
1. What are the theories behind simple anonymous sharing of data? (I know there are newer versions of P2P beyond Torrent that allow for a third party mediator between two anonymous parties. This seems like a start to making a truly free-speech undernet.)
2. Is it possible to completely diversify the Internet away from IP-based hosting to a new swarm-network of anonymous users all hosting little pieces of various forms of information? 2b. Is anyone working on this swarm idea?
3. As information becomes more accessible, will the need for information privacy be important? 3b. Is it more important to create a totally anonymous information sharing network than it is to work on harder to break encryption schemes?
Re:Anonymous developments? (Score:3, Insightful)
The only way I see to guarantee anonymous receiving is some kind of broadcast - for example as exists with satellite downloading systems: the information is always broadcast by the satellite to a really wide area, in which any part
Re:Anonymous developments? (Score:3, Insightful)
Iridium != High Speed Internet (Score:3, Informative)
You're correct that it's two-way, however it's a very different style of system. Iridium uses a constellation of 66 low-earth-orbit satellites (similar to how GPS works) and small handheld transcievers; satellite internet is much more like satellite television: "pizza box" dishes aimed at geosyncronous satellites (much higher orbits than the LEO Iridiums) that just bounce a signal from the remote ear
Re:Anonymous developments? (Score:5, Informative)
It depends on what you mean by the terms "simple", "anonymous", and "sharing." Seriously. There is a lot of crypto research out there that touches upon the various possibilities, but it all boils down to this: the more anonymity you have in the network the higher the cost of using that network for everyone involved (where cost == increased bandwidth & CPU consumption and increased message passing latency.) In terms of what is possible there is basically a big dial, labelled "apply various crypto protocols and message-hiding techniques", that you can turn to decide how much inconvenience you are willing to put up with in return for better privacy.
2. Is it possible to completely diversify the Internet away from IP-based hosting to a new swarm-network of anonymous users all hosting little pieces of various forms of information? 2b. Is anyone working on this swarm idea?
Possible, but difficult. The difficulty increases significantly if you want to ensure reliability & availability of the data provided by the swarm or provide the nifty "web 2.0" trappings that most people have come to expect from web sites. Various projects are working on components of this mythical system, ranging from the Tor networking system mentioned in the original post to the Invisible Internet Project and GNUNet. Nailing the whole package in a single effort is a non-starter for anyone who has even casually glanced at the relevant research necessary to begin such a project, so each effort focuses on one specific aspect and eventually it might be possible to combine these efforts into a single coherent sytem.
In other words, don't hold your breath waiting for this one to actually come about.
3. As information becomes more accessible, will the need for information privacy be important? 3b. Is it more important to create a totally anonymous information sharing network than it is to work on harder to break encryption schemes?
I won't bother trying to answer the first part of the question because it is a matter of personal preference. As far as the second half of the question goes, having good end-to-end security does not help you if either of the endpoints is compromised; a malicious server can reveal that you are surfing for child porn while a malicious user can reveal that your site is distributing bomb-making recipes with no need for the points in between the two ends to break the communications encryption.
Re:Anonymous developments? (Score:3, Interesting)
For starters, turn as many people as possible into open proxies. Then encrypt traffic between those proxies. Get brave volunteers to allow their machines to be end-nodes (places where traffic is allowed to exit and enter the network) instead of just routing nodes. Ideally, the end-nodes should be located in countries with a) negligible computer-crime budgets, or b) negligible computer crime laws. This has a detrimental effect on network laten
Fantastic! (Score:5, Funny)
Fantastic! I've always thought copious amounts of caffeine and an anonymous method of browsing for porn were meant for ubergeeks like myself, but now that my *grandma* can do it as well, that's just fantastic!
OH GOD, MY EYES!!!
Maybe it's a newbie question (Score:2)
Re:Maybe it's a newbie question (Score:3, Insightful)
Re:Maybe it's a newbie question (Score:2)
So if I'm at Starbucks (or anywhere else on a network that's not using WPA or WEP or whatever), and I type in my credit card info to an online store that's using HTTPS, I'm reasonably safe?
Re:Maybe it's a newbie question (Score:2, Informative)
Re:Maybe it's a newbie question (Score:2, Insightful)
Think about it this way:
HTTPS etc encrypt your data before it is sent to the wireless card
WPA/WEP encrypts the data as its recieved on the wireless card, then transmits it
not quite right but basicly, HTTPS encrypts data before it would be encrypted for WPA wireless.
Re:Maybe it's a newbie question (Score:5, Interesting)
If it doesn't validate, it means that someone could have setup a web server pretending to be the one asking for your credit card. It's a common man-in-the-middle attack, and is very easy to do with automated tools (like ettercap). You are protected, though, since the certificate (shouldn't be) valid in this case... the trusted CAs are trusted because they won't give a valid certificate to someone that's doing MITM attacks in Starbucks. (However, the CAs have been known to lapse. A certificate was granted a while back to something like paypa1.com and was used to phish paypal details. Users thought it was OK because the cert was valid, but it was valid for the wrong site.)
Either way, be careful.
OpenBSD based, not FreeBSD (Score:5, Informative)
It isn't -- it is OpenBSD-based. So you'd figure the encryption would be top-notch. Also the OS is already very secure. That's what they focus on, to the exclusion of other things.
OpenBSD is quite reliable. If it includes drivers for hardware, they work.
Also, they only use code that they can look at. No blogs of code (like Linux or FreeBSD) are allowed. That's because if you can't inspect them, the NSA or an attacker might have put some bad code in there. It is because of things like this that Theo De Raadt won a prize from Stallman for his contributions to free software.
Re:OpenBSD based, not FreeBSD (Score:5, Funny)
Re:OpenBSD based, not FreeBSD (Score:3, Informative)
I'm not a Linux expert. I can't point to the stuff.
All I know is that OpenBSD absolutely doesn't allow that stuff.
The whole privacy movement seems to have fizzled. (Score:5, Interesting)
I'd check on these projects every few years, until finally, I sorta gave up on following them. They seemed to stagnate, never getting beyond the fringe.
A year or so ago, I wanted to the utilize mixmaster remailers, and I *still* wasn't able to find an up-to-date, lucid HOWTO or a client that didn't require a *lot* of work to use.
I haven't actively sought these tools in a while, so maybe they've caught up. But I keep my ear to the wall, and I have yet to hear any murmers of good anonymizing technologies, nor do I ever see any passing references to people using them.
I have assumed that the movement is either dead (nobody cares anymore) or ubiquitous (it's common knowledge and no big deal). Somehow, I kinda doubt it's the latter.
I've been toying with an idea for a site/system in the spirit of the Mixmaster remailers, but I want to be able to evaluate the current technologies before I totally re-invent the proverbial wheel. (Plus, I wish to be as anonymous in the registration and publication of the site as possible). I'd *love* some pointers.
Re:The whole privacy movement seems to have fizzle (Score:5, Interesting)
At one point in Internet history, we (the libertarian/anarchists/cypherpunks) thought it might bring a new era of freedom. BBSs had given us a taste, and many people expected the Internet to be like a huge BBS, with everything you could imagine on it.
And it was, for a while.
Then some copyright lawyers started jumping on board, and harassing lyrics sites.
The Scientologists started suing people left and right.
Spam started snowballing.
MP3s cause the record companies to start wishing people were only trading lyrics.
Late 1998 though 1999 was the high point I think. Geeks were Gods. Stories of geek millionaires were all over the place. The US finally watered down the stupid crypto regulations. Things were looking up.
Then the Columbine shootings happened.
The 2000 elections brough all kinds of leftists out of the woodwork. Remember Nader? He sure got enough astroturfing here on Slashdot.
The so called "anarchists" get all over the news acting like total fuckwads at WTO "protests".
The WTC attack caused all the people with comfortable lives that liked to think they were cypherpunks to turn. Pull up some stories from Slashdot on 9/11 and 9/12 and see how many people were so willing to offer up the liberty for a slice of security. PATRIOT act flies through with little hassle.
News media reduced to saying things like "Some civil libertarians have concerns" instead of "What the fuck are they thinking?"
Scam artists hiding behind patent law started really milking it.
So you have left what you have today. An environment where you can't really do anything without the risk of lawsuit or arrest. I see things slowly shifting back toward the side of freedom, but it's been a slow recovery.
If Steve Jackson Games Raid happened today, would people be outraged enough to form something like the EFF? I doubt it.
Re:The whole privacy movement seems to have fizzle (Score:4, Informative)
Steve Jackson Games [wikipedia.org]
EFF's SJG Archive [eff.org]
SJG's Opinion of the whole thing [sjgames.com]
In short, the Secret Service knocks over a game publisher (micro-TSR-style games, such as Illuminati) and attempts to prove that D&D'ers taught David Lightman how to use a Shlitz pulltab to hack into the 911 system. Courts decide Secret Service was completely unjustified, award court fees to SJG. The legal team/computer activists that coalesced around the issue became the EFF.
Re:The whole privacy movement seems to have fizzle (Score:3, Insightful)
As an anarchist [infoshop.org], somebody who was at the WTO protests, and someone who strongly supports online privacy and the cypherpunk perspective, I'd like to ask what the hell you're talking about?
The WTO protests was one of the biggest events of the late 20th century, it was part of a snowballing effect against corporate globalization which stretched from all points on the globe, and culminated in events such as the uprisin
Re:The whole privacy movement seems to have fizzle (Score:3, Insightful)
Yeah, that's probably [life.com] true [africanamericans.com].
-Eric
Re:The whole privacy movement seems to have fizzle (Score:3, Interesting)
Re:The whole privacy movement seems to have fizzle (Score:3, Funny)
There's your problem. You are supposed to put the glass to the wall and your ear to the glass.
Has this been tested? (Score:4, Funny)
Like, have they downloaded/posted credit card numbers, kiddy porn, terrost plots, maybe post a promise to kill the president, and customized ones for several western and radical countries? Maybe send death threats to the head of the CIA, FBI, and NSA? Maybe the russian mafia? Maybe the israli secret police?
If people start getting away with those kind of things, then I'll conisider it.
Re:Has this been tested? (Score:3, Funny)
Holy shit, where did you get a copy of my to-do list at? Apparently I need to encrypt my information a bit better myself.
TOR (Score:4, Informative)
Re:TOR (Score:3, Insightful)
Re:TOR (Score:4, Informative)
Tor was developed [internetnews.com] by the US Navy. This is not a huge surprise -- DARPA and the ONR fund a lot of computer research, including security. Besides, if the federal government wanted to spy on you, it wouldn't be doing so via the Navy. That's the FBI's job.
Well, unless you don't live in the US. Then it's the CIA's job.
Torrent Download (Score:5, Informative)
http://linuxtracker.org/download.php?id=1249&name
175seeds to 700peers as of 6:53PM MST
Phone conversation with Grandma at Starbucks (Score:5, Funny)
[me] There's no blue E grandma, click on the orange and blue ball.
[Grandma] What does "Server not found" mean?
[me, muttering...] fsck'ing TOR timeouts
[Grandma] What was that again, I couldn't hear you.
How anonymous are we talking? (Score:4, Funny)
Further information from kaos.theory (Score:3, Informative)
I've just updated the kaos.theory blog with some further information about Anonym.OS and some responses to blog, article, and comment criticism:
http://theory.kaos.to/blog/archives/2006/01/17/kao stheory-responds/ [theory.kaos.to]
First of all, I'd like to take a moment to express, on behalf of kaos.theory, how excited and flattered we are by all of the attention that we and Anonym.OS have received. We always thought we were working on a cool project, but we really underestimated the overwhelming response that we've had. Scores of terabyte upon terrabytes of data have flowed and the hit counters keep on ticking. It appears that privacy is as big of a concern for a large segment of the population as it is for us.
That being said, there have been a few comments made and viewpoints published that we would like to address while we have the bully pulpit provided by the good folks at digg, Slashdot, Reddit, Wired News, and Ars Technica, among others.
USB
In the article written and posted at Wired News, Ethan Zuckerman makes the excellent point that rebooting really isn't an option for many living in oppressive, hostile regimes. Additionally, Mr. Zuckerman suggests the use of a bootable / emulated Anonym.OS environment available from a removable, USB key chain device. This is a feature that we have already incorporated into our road map and that we hope to release very soon.
For now, we need as many people as can reboot or run a session in VMWare / Virtual PC / QEMU to please please please test our release. We're not at 1.0 yet, contrary to some postings and articles. Our hope with this release is to solicit feedback from the community concerning features, bugs, and suggestions for everything from desktop wallpaper to file system optimization. Immediately after the Shmoocon talk, all of the members of the group happily fielded questions and comments from audience members that included many suggestions that we intend to incorporate quickly. This type of candid environment is one of the many traits that make Open Source a success and it's what we need in order to keep Anonym.OS growing and on a positive track.
The "China Problem"
Some have asked how we intend to deal with the "China Problem," which could be rephrased as, "What can Anonym.OS do to protect a user against a monitoring party who owns the entire network that the user is using?" Ultimately, this comes down to the ability of the user to utilize covert channels for escaping the network and reaching tor servers. If the party controlling the network is serious enough about its desires and goals in censoring its users, nothing can stop them from implementing a white-list only policy, effectively blocking all tor traffic as well as access to proxies and other tools used for evading filtering.
With those concerns in mind, kaos.theory will be working towards and automated egress filtering evasion script for use in conjunction with Anonym.OS. In terms of the "China Problem," this may not offer much as it will most likely require a "trusted friend" on the outside of the hostile network. In terms of a restrictive corporate network, this could be a viable solution. Again, however, these "covert channels" will likely lead to a ridiculous number of anomalous packets coming from a system (who really makes 25,000 DNS requests in an hour, anyway?) and thus are not a bullet-proof solution.
This is a staggering issue, and it's not one that's answerable entirely by technology. If a country or company chooses to restrict access for its users, and the entity is really serious in terms of throwing resources at the problem, there's not a lot we can do from the client-side.
The Naysayers
There have been two strains of objection to the project, one classical and the other uninformed. The former line of argument goes that we're simply enabling criminals to hide their illegal activities and, as suc
Problems with Tor. (Score:3, Insightful)
rhY
Trusted binaries ? (Score:3, Insightful)
Do you trust the precompiled binaries on the livecd ?
Sure, the OpenBSD source is available for you to comb over for backdoors & sniffers etc, but how do you know that Anonym.OS was compiled using that exact same source code ?
Maybe comparing hashes of the binaries to the offical OpenBSD versions would be a good start, but there are various reasons why this will only get you half way to validating that the build is kosher
I'm not even beginning to suggest this work is trojaned or anything - the last thing I want to do is spread FUD about something this cool and useful
One solution (which is very time consuming, and already dated), is the Trusted Build Live CD [sourceforge.net] (TB) by the Hacktivismo group. It is basically a cookbook for rolling your own Gentoo livecd, with some tailoring for anonymity related applications like Tor (AFAIK, it doesn't do the nice packet filtering that Anonym.OS does, however).
Take it to starbucks? I don't think so. (Score:4, Insightful)
That being said, what would be required for the linux community to make Wifi drivers more accessible? Is this something that is reliant entirely on the manufacturers providing drivers or is there some other solution? It would surely aid linux adoption if it was easier to get your Laptop Wifi working.
For the linux-savvy, NDISWrapper is of course very slick, and I was able to get my HP Notebook Wifi card working in about 20 minutes, but the less techy people such as the Grandmother mentioned in the posting are not going to be able to sort their way through ndiswrapper and iwconfig, much less figure out newer encryption methods.
Re:Anonymous and suspicious (Score:4, Insightful)
Re:Anonymous and suspicious (Score:2, Insightful)
Re:Anonymous and suspicious (Score:5, Insightful)
In police states, someone who wants to be anonymous deviates from the norm and automatically becomes suspicious, as The Man considers that if you're not guilty, you have nothing to hide.
In US-PATRIOT USA, I'm not sure I'd want to participate in the Tor network. I'm definitely not the only one. Perhaps I'm a coward, but that should tell you something of what this country is slowly turning into...
Re:Anonymous and suspicious (Score:2)
Anonymity is your constitutional right (Score:5, Insightful)
The fact that a bunch of sickos use this technology to be perverted does not mean that the rest of us should not use it. If you care about your freedom and you don't like what is going on then you can use it to safely make your complaints heard.
Re:Anonymity is your constitutional right (Score:4, Insightful)
Re:Anonymity is your constitutional right (Score:4, Informative)
How about the Fourth Amendment? While it denies the government the ability to do "unreasonable" searches and seizures, it allows them to do all the REASONABLE searchin' and seizin' they want. That pretty much limits your privacy to whatever the administration in charge deems to be "reasonable." For instance there is no limit on how intrusive an inspector from Child Protective Services can be. None.
Re:Anonymity is your constitutional right (Score:3, Insightful)
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
This means that the government is outright forbidden to conduct unreasonable search and seizure. It also forbids unsubstantiated warrant
Ha! (Score:3, Informative)
Welcome to the land of the free...
Re:Anonymous and suspicious (Score:3, Interesting)
Contrary to popular belief you run in to quite a few sympathetic coppers in that line of protest. Especially after they'ved been ordered about by a few Audrey Hamilton's.
OT : I know a lot of Americans like their hunting and those of you who don't care one way or the other about hunting, I just want to make the point that in England hunting is not just
Kinda' (Score:2, Insightful)
Re:Anonymous and suspicious (Score:5, Insightful)
So true. In fact, I would suggest that you stop using envelopes when mailing letters and just use postcards instead, that way everybody along the way can read them much more easily. You don't have anything to hide, do you?
No real reason for secret ballots either, now that I think about it. After all, you're not attemting to make an illegal vote.
The police ought to be able to search your house at will, too. If you're not doing anything wrong you have nothing to fear, right?
Oh, remember that sooner or later if you stop defending your freedoms you lose them. When it becomes illegal to criticize the government and you say "but that wasn't what I meant" it's just a tad too late.
Re:Anonymous and suspicious (Score:3)
I have something to hide, like trading kidding porn
Beautiful woman: I'd really like to make love to you.
Guy: Really?!
Beautiful woman: Nah, just kidding.
Re:But (Score:5, Funny)
Yes, I suppose they have that kind of porn, too.
Re:Joke's on them (Score:5, Funny)
I nominate this for the most concisely inept retelling of the history of the Internet ever!
you first. (Score:5, Funny)
Hey, can I have your Social Security and bank account numbers?
What do you mean, "no"? INFORMATION WANTS TO BE FREEEEE!!!
Re:"Privacy is dead, deal with it!" (Score:3, Insightful)
Information doesn't want shit, deal with it.
Max
Re:What about changing the MAC Address? (Score:3, Informative)
Re:What about changing the MAC Address? (Score:3, Informative)
# ifconfig eth0 hw ether [new MAC address]
However, I've no idea of what the userspace program under Windows is to do this.
Incidently, this breaks a (rather silly) 802.11 security proposal I've heard that relies on people not being able to modify their MAC address.