Slashdot Mirror

TrackMeNot runs in Firefox as a low-priority background process that periodically issues randomized search-queries to popular search engines, e.g., AOL, Yahoo!, Google, and MSN. It hides users' actual search trails in a cloud of indistinguishable 'ghost' queries, making it difficult, if not impossible, to aggregate such data into accurate or identifying user profiles. TrackMeNot integrates into the Firefox 'Tools' menu and includes a variety of user-configurable options.

Neat idea. Sadly, the implementation as well as the idea is spectacularly flawed. If you want to be really safe (like the people actually engaging in child pornography) block all cookies, set the browser cache to zero, the browser history to zero, tell your browser not to save passwords/data forms/anything of any kind, run noscript, and run TOR. If this isn't enough, you might want to do all that in Knoppix at a WAP somewhere far from your home, and blow up the computer after you use it.

Just like security, there is no such thing as perfect anonymity, given the motivation law enforcement will track anyone down. Since the afore mentioned ideas will seriously reduce the usefulness of the Web, clearing private data when closing the webbrowser and TOR are probably enough for you.

Back to the reason this "flooding the data miners" idea is flawed, Bruce Schneier wrote:

One, it doesn't hide your searches. If the government wants to know who's been searching on "al Qaeda recruitment centers," it won't matter that you've made ten thousand other searches as well -- you'll be targeted.
Two, it's too easy to spot. There are only 1,673 search terms in the program's dictionary. Here, as a random example, are the program's "G" words...
The program's authors claim that this list is temporary, and that there will eventually be a TrackMeNot server with an ever-changing word list. Of course, that list can be monitored by any analysis program -- as could any queries to that server.
In any case, every twelve seconds -- exactly -- the program picks a random pair of words and sends it to either AOL, Yahoo, MSN, or Google. My guess is that your searches contain more than two words, you don't send them out in precise twelve-second intervals, and you favor one search engine over the others.
Three, some of the program's searches are worse than yours. The dictionary includes...
Does anyone reall think that searches on "erotic rape," "mailbombing bibles," and "choking virgins" will make their legitimate searches less noteworthy?
And four, it wastes a whole lot of bandwidth. A query every twelve seconds translates into 2,400 queries a day, assuming an eight-hour workday. A typical Google response is about 25K, so we're talking 60 megabytes of additional traffic daily. Imagine if everyone in the company used it.
I suppose this kind of thing would stop someone who has a paper printout of your searches and is looking through them manually, but it's not going to hamper computer analysis very much. Or anyone who isn't lazy. But it wouldn't be hard for a computer profiling program to ignore these searches.
Yes, data mining is a signal-to-noise problem. But artificial noise like this isn't going to help much. If I were going to improve on this idea, I would make the plugin watch the user's search patterns. I would make it send queries only to the search engines the user does, only when he is actually online doing things. I would randomize the timing. (There's a comment to that effect in the code, so presumably this will be fixed in a later version of the program.) And I would make it monitor the web pages the user looks at, and send queries based on keywords it finds on those pages. And I would make it send queries in the form the user tends to use, whether it be single words, pair

Those are not examples of DRMed content, they are examples of clandestine copy protection schemes employed on audio CDs. They are dispicable but aren't related to the topic at hand. The Sony rootkit and DRM are entirely different things.

While the article you linked to makes mention of DRM and attibutes it to the EFF, the EFF itself does not make that mistake. See here: http://www.eff.org/IP/DRM/Sony-BMG/

I wish I knew how to make this critism of modern life and politics [sic] constructive, but I don't.

It is possible: You can use tor (and if you're really paranoid, also use a safe, non caching, non javascript browser). This is definitively anonymous if configured correctly.

*cough* you yourself are 15-30 years too late saying only seven years, C0R1D4N. See http://www.eff.org/Net_culture/Virtual_community/p lato_history.article or
http://www.classicgaming.com/features/articles/com putergaminghistory/index5-3.shtml

no. this is not a right, it's a privilege bestowed (or not) upon you by the copyright holder.

For example, currently RIAA does grant you the priviledge to format-shifting your CDs (but they reserve the right to change that in the future).
However, they do NOT grant you the privilege to 'format-shifting' DRMed downloads.

more info here if you care: http://www.eff.org/deeplinks/archives/004212.php

I'm thinking if Apple had a choice, they would not put DRM onto their files.

Guess again.

The RIAA flip flops on issues about making copies. See EFF Article "RIAA Says Ripping CDs to Your iPod is NOT Fair Use"

Questions 6 and 7.

I've thought a lot about the many comments which related to my manner of responding to questions 6 and 7, and I accept their verdict : I was rude and disrespectful.

Then I asked myself why, since I'm not usually quite that obnoxious.

Here's why I think it happened.

1. I go into everything public assuming that anything is being monitored by the RIAA, because it is.
2. I assume that everyone who asks me questions or makes comments could be an RIAA troll, because some of them are.
3. Both questions seem to ask questions about how to skirt the law. The first about whether doing something illegal from an "offshore" site would stand on a different legal footing than doing it from an American site. The other about whether buying a cd gives you rights in the songs that were contained on the cd, such as a perpetual right to get new copies from any source you like, based upon a perpetual "listening right". I found both questions to be rather odd.

I found it hard to believe that either question was an honest, good faith question, and responded sarcastically and impatiently.

I guess the fact that the questions were so positively moderated, and ultimately selected by the Interviews editor, indicates that they were honest, good faith questions from real Slashdotters so I should have just answered them respectfully. So to the questioners, if you are good guys, I apologize. And to those who complained about me, those of you who are not RIAA trolls, I apologize as well.

I've also noticed a lot of frustration, and anger, for not telling people that it's ok to make copies from a cd to your computer, keep them and use them on your computer, and keep them and use them on your mp3 player as you see fit, so long as it's for your personal use. Some people seem to assume it's because I don't know anything about the law, or don't know what an mp3 is, or something like that. After all, it seems like a simple enough question, and common sense would dictate that the answer should be yes, that it's ok. But there are no cases on the subject, and there is caselaw to the effect that your computer is not a personal audio device like an iPod is. And if you see the EFF article on the subject, "RIAA Says Ripping CDs to Your iPod is NOT Fair Use", you'll see that the RIAA has flip flopped on this issue.

So I could go ahead, act knowledgeable, and tell you "sure, go ahead, that's perfectly legal". Or I could also go ahead, act knowledgeable, and tell you "no, that's absolutely illegal".

In either case I would be guessing, and I would be dishonest in pretending to know the answer to a question on which the jury is still out. So I would appreciate your cutting me some slack.

Wish I had a mod point for you. File shares are doing a bit more than breaking the law: they're pushing for change. See also the EFF page on alternative music industry business models.

The "File Sharer" position (which includes people who aren't engaged in copyright violation -- merely interested in fair use freedom) is that the RIAA *cannot win* this fight; the state of technology is such that some of us will share music and movies in such a way that we can't be caught. The technically savvy have been miles ahead of the **AA every step of the way. While they were tearing down napster, we were building Gnutella. They're just now suing children and women using Kazaa, while we've moved on to bittorrent. They just killed eDonkey, but we've been using eMule for years.

If they follow us here, we'll move to encryption, darknets, and traffic obfuscation. Technology moves too fast. Copying data will always be easy. Copying it anonymously won't be much harder.

If they keep pushing like this, there will come a time where they can't reach us any more. Then they'll have to change.

So why not cut to the chase? Give us what we want at a fair price.

http://www.eff.org/share/?f=legal.html
http://www.eff.org/share/?f=compensation.html

Wish I had a mod point for you. File shares are doing a bit more than breaking the law: they're pushing for change. See also the EFF page on alternative music industry business models.

The "File Sharer" position (which includes people who aren't engaged in copyright violation -- merely interested in fair use freedom) is that the RIAA *cannot win* this fight; the state of technology is such that some of us will share music and movies in such a way that we can't be caught. The technically savvy have been miles ahead of the **AA every step of the way. While they were tearing down napster, we were building Gnutella. They're just now suing children and women using Kazaa, while we've moved on to bittorrent. They just killed eDonkey, but we've been using eMule for years.

If they follow us here, we'll move to encryption, darknets, and traffic obfuscation. Technology moves too fast. Copying data will always be easy. Copying it anonymously won't be much harder.

If they keep pushing like this, there will come a time where they can't reach us any more. Then they'll have to change.

So why not cut to the chase? Give us what we want at a fair price.

http://www.eff.org/share/?f=legal.html
http://www.eff.org/share/?f=compensation.html

Glad you're so sure. But See EFF Article "RIAA Says Ripping CDs to Your iPod is NOT Fair Use"

"Conjecture" is exactly what it would take to answer a few of the questions. Some were easy to answer: there is no listening right. What is not so easy is whether copies for personal use are "fair use". See EFF Article "RIAA Says Ripping CDs to Your iPod is NOT Fair Use"

The issue about copies for personal use is an area in which the RIAA has flip flopped. See EFF Article "RIAA Says Ripping CDs to Your iPod is NOT Fair Use"

If you think it's safe to rely on that assumption see what EFF has to say.

You can't safely assume anything in this crazy climate. See EFF article on making personal copies.

I know what an MP3 is. Just didn't know what MP3's he was talking about. He didn't say how he got the MP3's. Can't assume that RIAA are just agreeing that everybody can make all the copies they want for personal use. See what EFF has reported.

Question 2: there is no right answer
Question 3: So even making sure to pay for all of your downloads wouldn't protect you from a lawsuit.
Question 4: dismember the internet as we know it.
Question 5: ...And it's being eroded rapidly
Question 6: they bring CRIMINAL cases, not civil ones. (their emphasis)
Question 7: You shouldn't be trying to educate the younger generation about this stuff. The law is unsettled. Is it? I thought this was resolved years ago with VHS?
Question 8: I'm an ordinary lawyer... ...The US Attorney General is on the RIAA's side.
Question 9: the entire underpinning of each case is a joke.
Question 10: But if you just want to play hardball, the judge would probably just strike your answer and give the RIAA a money judgment by default

1. An environment of fear of noncompliance has very successfully been created and applied to music consumers, and the lawyers won't rock the boat either.
2. Another example of "I'm not a criminal so I have nothing to fear." Where an artificial fear is created and maintained to enable psychological control on a national scale.
3. I agree that sharing the music is wrong, but the psychology of fear is being used to remove any personal ownership (as in personal copies) whatsoever. I thought personal copies were long ago approved by the courts. Someone please inform me otherwise.

Cut the crap, and donate to the EFF http://www.eff.org/ if you aren't going to spend your personal time making change on the issue yourself.

Creative Commons

Defective by Design's List of DRM-Free Music Sites

dmusic

Electronic Frontier Foundation List of "Artists Online"

emusic.com

Fading Ways Records

FreeCulture.org

harveydanger.com

Janis Ian.com

last.fm

Lime Light Radio

live365.com free downloads

MagnaTune

myspace.com

Nettwerk Download Store

R.evolution I.n P.rogress

RIAARadar.com

uncoolcentral.com

Vision Metal Records

I keep a list on my blog and welcome more suggestions.

Because this will be hardware made through the Chinese government, won't this tech give them an unprecedented to build various spying and censorship tools right into the chips? It seems to be true that many US printers print hidden ID codes, so if you think TCP/DRM/etc. are bad, imagine what the Chinese will have imposed on them.

From the article: "Specter has moved to have his bill voted upon next week by voice vote, called a unanimous consent motion, according to the ACLU's Graves. Such a procedure would leave no record of who voted for or against the bill." It sure gives me a warm fuzzy feeling to know that "freedom-loving Americans" are spreading their open and accountable flavour of democracy arould the world - not!

According to the US Constition's 4th Amendment: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized." Now is the time to start helping the ACLU and EFF to bring this unconstitutional fascism before a federal court ASAP!

Declaring bankruptcy would discharge a debt based on copyright infringement unless the creditor can prove the copyright infringement was malicious and willful. The Electronic Frontier Foundation has recently written an interesting article on the subject. It would be extremely difficult, and quite cost-ineffective, for the RIAA to try to do that in these cases.

I bet they are switching IP's everytime Google gets wise and blocks them.

The script is configured to have the search term (XXX) in the URL as in "http://www.scroogle.org/cgi-bin/nbbw.cgi?Gw=XXX" and you can add it to your Firefox search toobar.

If you are concerned that they may be keeping logs in spite of their claims (probably unverifiable short of access to their servers) you are probably better off with TOR or Torpark which (as others have mentioned elsewhere) probably provide the best anonymization. The slowness factor is a concern, so for selective browsing turn TOR on and off with Torbutton or SwitchProxy FF add-ons.

On second thought, for your purpose, TOR is probably over-kill. If you are only concerned about Google keeping search results, just running your search through a proxy and disabling cookies should keep G from having any identifiable information on you...

I bet they are switching IP's everytime Google gets wise and blocks them.

The script is configured to have the search term (XXX) in the URL as in "http://www.scroogle.org/cgi-bin/nbbw.cgi?Gw=XXX" and you can add it to your Firefox search toobar.

If you are concerned that they may be keeping logs in spite of their claims (probably unverifiable short of access to their servers) you are probably better off with TOR or Torpark which (as others have mentioned elsewhere) probably provide the best anonymization. The slowness factor is a concern, so for selective browsing turn TOR on and off with Torbutton or SwitchProxy FF add-ons.

On second thought, for your purpose, TOR is probably over-kill. If you are only concerned about Google keeping search results, just running your search through a proxy and disabling cookies should keep G from having any identifiable information on you...

I had to look it up to tell if it was a joke...

http://www.eff.org/legal/cases/ESPC_v_Ebert/

No joke.

EFF doesn't think so: http://www.eff.org/legal/cases/ESPC_v_Ebert/

"The Napster case - wasn't their defense destroyed because Fanning basically admitted to his intent in an interview?"

My understanding is that it was due to some internal emails, but yeah, your understanding is correct. There was hard evidence that they knew what they were doing.

The record labels are going after the P2P companies based not on the Napster ruling, but on a later case, known as the Morpheus ruling, or MGM vs. Grokster. You can read about it on the EFF site. It gave the record companies the momentum they needed to go after the rest. It was eDonkey's turn sooner or later.

Actually there is a good blurb on EFF about how some TOR servers have been identified for carrying torrents of DCMA protected material. The rights of the ISP and individual computers are covered and if I read correctly, not liable for packets being routed through. After all - think of the dozens of hops a packet must make - how could they all be liable for carrying the material?
http://tor.eff.org/eff/tor-legal-faq.html
http://tor.eff.org/eff/tor-dmca-response.html

regards,
Jon

Actually there is a good blurb on EFF about how some TOR servers have been identified for carrying torrents of DCMA protected material. The rights of the ISP and individual computers are covered and if I read correctly, not liable for packets being routed through. After all - think of the dozens of hops a packet must make - how could they all be liable for carrying the material?
http://tor.eff.org/eff/tor-legal-faq.html
http://tor.eff.org/eff/tor-dmca-response.html

regards,
Jon

When I first heard this story I honestly thought it was about the whole embedding unique IDs into every printed page thing. But then I remembered that was sanctioned by the government.

That's a good point; I hadn't thought of looking at it as two sides of the same coin, but now that you mention it, it makes sense to.

So the leapfrog game might ultimately be bidirectional. I don't think that necessarily means the Good Guys shouldn't play, though. Starting with an open standard would provide one advantage for those on the side of privacy; one of the biggest problems with DRM schemes (both strategically *and* ethically) is their dependence on secrecy. Conversely, Tor's source code is freely available - http://tor.eff.org/ - and yet it's far from trivial to trace individual users.

While you have me thinking in these terms though, how about turning one of the DRM-ers own weapons against them - the DMCA and its anti-circumvention provisions? A P2P software suite can be open yet can contain an EULA that prohibits circumventing its privacy features in order to identify individual users against their wishes. I wouldn't depend on that alone, mind you, but it would be amusing to see how the RIAA would deal with the Catch-22 of having to use self-incriminating evidence to sue individual users of such a system.

submitted this at 1 am

BoingBoing picked up a report that German police has raided and seized TOR server rooms. TOR is a service that allows one to anonymize his or her internet experience (web, chat, etc). BoingBoing writes: “We need support, lots of people are chanting the same stupid arguments against anonymization over and over again... "You dont need to be afraid if you have nothing to hide" ... "Only criminals have the need for anonymity." [] AskMefi has a great list of responses to that infernal "if you have nothing to hide..." question.

soultcer.net : "According to an owner of one of the servers, who talked to a public prosecutor, the public prosecutors office knew that the server owners had nothing to do with the child pornography case. Regardless they confiscated some hard disks so that the TOR servers were unusable. As reason they stated that they wanted to scan for traces (e.g. log files). Even though TOR does not keep any logs? I dont really believe them...
Why have the hard disks really been confiscated??"

citizen428.net: :Don’t get me wrong, child pornography is one of the worst crimes I can think of, and I wish the German authorities all the best in finding the people they are after. I do however feel that the route taken here wasn’t ideal, as it may well lead to a negative perception of Tor in the general public."

itnomad: "One operator whose server was seized as well wrote a letter to all the TOR-operators in Germany he was aware of, reaching me as well; he wrote that he is not aware of any charges pressed against him at the moment and that his provider, whose server-room was raided, was not avilable for a real comment on the weekend."

submitted this at 1 am

BoingBoing picked up a report that German police has raided and seized TOR server rooms. TOR is a service that allows one to anonymize his or her internet experience (web, chat, etc). BoingBoing writes: “We need support, lots of people are chanting the same stupid arguments against anonymization over and over again... "You dont need to be afraid if you have nothing to hide" ... "Only criminals have the need for anonymity." [] AskMefi has a great list of responses to that infernal "if you have nothing to hide..." question.

soultcer.net : "According to an owner of one of the servers, who talked to a public prosecutor, the public prosecutors office knew that the server owners had nothing to do with the child pornography case. Regardless they confiscated some hard disks so that the TOR servers were unusable. As reason they stated that they wanted to scan for traces (e.g. log files). Even though TOR does not keep any logs? I dont really believe them...
Why have the hard disks really been confiscated??"

citizen428.net: :Don’t get me wrong, child pornography is one of the worst crimes I can think of, and I wish the German authorities all the best in finding the people they are after. I do however feel that the route taken here wasn’t ideal, as it may well lead to a negative perception of Tor in the general public."

itnomad: "One operator whose server was seized as well wrote a letter to all the TOR-operators in Germany he was aware of, reaching me as well; he wrote that he is not aware of any charges pressed against him at the moment and that his provider, whose server-room was raided, was not avilable for a real comment on the weekend."

Log minSeverity[-maxSeverity] stderr|stdout|syslog
Send all messages between minSeverity and maxSeverity to the standard output stream, the standard error stream, or to the system log. (The "syslog" value is only supported on Unix.) Recognized severity levels are debug, info, notice, warn, and err. We advise using "notice" in most cases, since anything more verbose may provide sensitive information to an attacker who obtains the logs. If only one severity level is given, all messages of that level or higher will be sent to the listed destination.

SafeLogging 0|1
If 1, Tor replaces potentially sensitive strings in the logs (e.g. addresses) with the string [scrubbed]. This way logs can still be useful, but they don't leave behind personally identifying information about what sites a user might have visited. (Default: 1)

a form of trespass, little different than intruding on their land or making unwanted use of their private property.

... but to suggest that emailing someone is equivalent to trespass??!? Just how out-of-touch and confused does the state have to get with technology before they're sat down in an electric chair in front of a monitor, with a sticky on its side saying "Learn"?

Yes, "making unwanted use of their property" is a form of trespassing, known as Trespass to chattels, which is a well defined legal concept that has been around for hundreds of years. "Chattel" is the archaic legal term for personal property, in contrast with land or real estate.

Having watched the talks given at the last several years of MIT Spam Conferences, I can safely say that the people involved with drafting Virginia's anti-spam laws and prosecuting this particular spammer have a very good understanding of technology in general, and email in particular. They probably have a better understanding than than the average slashdot user. As horrible as it may be for some geeks to imagine, yes, there are a lot of lawyers that are very smart and can learn very technical stuff.

Firstly it is the confluence of internet/SM protocols, not the spammer, that puts the email on your server - although in the vast majority of these cases, you can believe that the recipient doesn't own the server at all.

You seem to have a very fuzzy concept of the internet and protocols. When someone puts a packet out on the net, they are, indeed, knowingly creating a process that will result in the packet ending up on the receiving computer's network port. It may not be the same exact electrons, but that is irrelevant. And, I assure you that AOL owns their servers and they are the ones that received the spam. Yes, customers of AOL rent the mailboxes from them, but AOL still has legal rights to the servers. This is no different than a hotel or apartment owner that rents out rooms/apartments. They still have legal rights to their property.

Not everyone likes the idea of applying the age old concept of Trespass to Chattels to the internet, for example, the EFF sees problems with it. I agree with the EFF on most things, and have contributed money to them, but in the area of spam, they act too much like chicken-little. The Virginia anti-spam law was narrowly taylored and well thought out. It is a shame that it large parts of it have been overridden by the much worse federal CAN-SPAM act.

Want real privacy? Use the free open-source browser Torpark. Based on Firefox, comes with NoScript and Adblock, default config stores no history or cookies, your traffic runs through the Tor network, and best of all it can run from a removeable flash drive. Encrypt your flashdrive with TrueCrypt if you want.

DRM is a colosally bad idea. Think of it like this: today you alone have a piece of content (which you spent lots of time/money creating), the end state is that it's in the public domain, and how did you make money going from here to there? The fairest way to do it is the Ransom model. A similar but more formal arrangement is the Street Performer Protocol.

An idea I like is an incremental ransom model. You spend $100 million making a movie, say 7200 seconds (two hours) long. You chop it into pieces a half-second long, encrypt each with a separate 128-bit key, and publish the 14,400 encrypted tarballs with bittorrent. Now your problem is to make back a few hundred million dollars by selling the 14,400 secret keys. You can ransom them, just as Stephen King did with chapters of The Plant (but without his unnecessary condition that some minimum fraction of consumers be non-defectors). You can auction off others on eBay. You can donate some keys to charity. You can sell some keys to sponsors, e.g. Hershey might want to buy the keys for the sequence where somebody is eating Reese's pieces because Mars/M&M didn't want to invest in your movie.

Of course some keys will represent more interesting parts of the movie than others, and you'll want to think about how to reflect those differences in the prices you try to get for them. A few exciting bits, released for cheap, might make good teasers.

I would be really curious to see how it would work out if a major movie were released this way. It would be really interesting to see how the economics of that would play out.

I hear tell that AT&T volunteer full access to db information and raw telecom data.

"in order to ensure connectivity for everyone"

No, that's in order to continue selling people bandwidth they couldn't deliver, known to ISPs as "statistical oversubscription". Then when we want to get what we paid for, they take it away entirely. Unless you're watching the telco's own IPTV, which somehow has as much bandwidth as they need to sell it to you, for an additional charge.

Blocking competitive services to support ripoff monopoly business models is the reason telcos and other big ISPs hate Net Neutrality.

There is an existing client that solves both your problems and is designed to run off flashdrive: Torpark. It's a portable version of Firefox that doesn't write to your hard drive. And it uses the Tor network to bounce your signal through an onion network so the remote site will never know who/where you are. Of course that means it is slow, but pretty strong privacy. It's no VPN but it's free...

The latest version of Steven's telecom reform bill has the broadcast flag, the RIAA's audio flag, and compulsory web labelling for US adult sites. The bill is currently unpopular among some senators because there's no network neutrality provisions -- but there's a lot more in there that stinks.

More information at the EFF. Please write to your senator, and tell them to stand against Steven's bill.

The latest version of Steven's telecom reform bill has the broadcast flag, the RIAA's audio flag, and compulsory web labelling for US adult sites. The bill is currently unpopular among some senators because there's no network neutrality provisions -- but there's a lot more in there that stinks.

More information at the EFF. Please write to your senator, and tell them to stand against Steven's bill.

This is no different to not letting someone view a website because they're not using Internet Explorer. Once you put something up on the 'net it should be available to everyone or available to no-one. A website should not care (content wise) where their visitors are coming from and no matter how you may consider this being self-censorship, it flies directly in the face of free information flow on the Internet. This is another reason why networks like http://tor.eff.org/ Tor exist. The less you know about who is coming to your site and how, the less effect your freaky censorship will have on me.

As an aside I recently started seeding a Linux based Tor Virtual Appliance. You can find it linked in the Tor wiki http://wiki.noreply.org/noreply/TheOnionRouter if you're interested.

And if you really want to screw with them use TOR as your proxy. They'll have great difficulty figuring out where you are when you IP changes every 5 minuntes. Though it blocks all advertising targetted or not, Google usually thinks I'm in Germany...

It's not anonymous, and apparently it never will be. Although it seems like anonymous file sharing would be a straightforward problem to solve, the FreeNet project has been working on this for, what, five years now? They have yet to produce anything usable, or even anything approximating usable. Others have tried as well, and none has produced anything that can actually be used for actual file sharing. I'd like to help, but at this point, I wouldn't even know where to begin...

BitTorrent as a basic client will never be truely anonymous by virtue of the technology involved. Only by using private VPNs (like The pirate party one or by using additional software higher up the network stack like Tor can basic anonymity be enabled.

You wouldn't be prosecuted for copyright violation but for DMCA violation (copy protection circumvention). It has already happened with a professor and a programmer ans a slew of others.
(see: http://www.eff.org/IP/DMCA/20020503_dmca_consequen ces.html for more info).

The DMCA was and is a bad law. It is vaguely worded and exceptions in it are few. A violation of the DMCA is a felony in its own and shouldn't be taken lightly.

B.

i'm working on a 'portable privacy suite' kind of thing on my 1gb drive. Someone's put together a portable version of Tor for win32, so that's on there. Portable Firefox is on there, with a few choice plugins like Torbutton, Noscripts and Customizegoogle. puTTY is on there, Filezilla is going to go on there soon, and I'm considering a version of PGP/GPG to put on, too. I also plan to put Eraser on.

Last step is finding a cheap/compact roll-up USB keyboard to avoid hardware keyloggers.

I really don't have anything worth hiding, but it's an interesting project. I want to see how workable a very strong "personal security policy" really is.

Does anyone have any other suggestions for software or other modifications? The idea is to keep it fairly simple at it's core.

(the keyboard is kind of pushing it already on the simple front, imo. so is my other idea of getting a micro usb hub and using smaller size keys for subdividing tasks - like having a cheap 64mb drive for my public/private keyrings, one for encryption software itself, one for everything else; then wrapping it all in the rollup keyboard... going to the library and whipping that bad boy out of my pocket and plugging it in all at once. i think the looks alone might be priceless, if i didn't get arrested on the spot...)

Couldn't find it in the linked article, found it on EFF page:
original site
site after complaint

We win.