freehaven.net · Domains · Slashdot Mirror

Re:What good is tor by Hizonner · 2013-09-01 09:19 · Score: 1 · on Feds Seek Prison For Man Who Taught How To Beat a Polygraph

I've been following this stuff since the 1990s, thanks. Let's just say that I have strong enough credentials on Tor and related systems that detailing them would out me.

If you want to see exactly how irrelevant encryption is to deanonymization by a global adversary, start around the year 2001 or 2002 in this bibliography:

http://freehaven.net/anonbib/#2001

Once again, layering TLS over Tor will not do a damned thing to protect you from widespread traffic analysis. It protect the content of your communication, but it will do no more than bare Tor to protect the fact of the communication itself. Even the content protection is very limited; the attacker can make a lot of very firm inferences, especially if she can learn the content of the same Web site you're hitting.

And, as far as we can tell, yes, there are approximately global adversaries out there.

Not New by Afecks · 2013-07-15 11:25 · Score: 4, Interesting · on Open Source Tortilla For Tor To Be Released At Black Hat

I wrote a tool like this ages ago called Torcap; http://freehaven.net/~aphex/torcap/ and it does all of that plus works on Windows and is open source.

Re:Traffic is still tracable by Anonymous Coward · 2012-03-05 01:38 · Score: 0 · on Anonymous, Decentralized and Uncensored File-Sharing Is Booming

Personally I'm surprised that nobody has come up with an application that basically merges what TOR and Freenet does into one. A distributed storage would provide both the capacity and the upload bandwidth, while freeing up resources from onion sites.

Funnily enough, Tor arose from a project called Free Haven that aimed to do pretty much what you're suggesting: robust, distributed storage with anonymous access. So far the anonymous access part of the problem has attracted more attention than the distributed storage part, so we have a very high-quality anonymous access component (Tor), but until recently there wasn't a distributed storage component of comparable quality. Perhaps Tahoe LAFS is ready to fill that role.

Unlike Free Haven, Freenet didn't separate the anonymity problem from the storage problem - it tried to solve both problems at once. Nikita Borisov found that Freenet 0.5 provides little or no anonymity to a substantial fraction of users. As far as I know, nobody has analysed the anonymity provided by more recent versions of Freenet, which is not a situation anyone relying on Freenet for anonymity should be happy about. Tor has received a lot more analysis from the security community, and while its anonymity properties are limited, those limits are well understood.

TLDR: Combine Tor with distributed storage, but don't use Freenet.

Re:SSL over Tor with Pivroxy by beyondkaoru · 2008-07-12 11:24 · Score: 1 · on The Pirate Bay's Plans To Encrypt the 'Net

uhg. don't listen to that other guy. anyway. in case you are really curious, consider that (apart from the issues of users and programs and operating systems leaking info accidentally) the servers that run tor nodes are few and have no real system of determining who is trustworthy enough. they put some effort in, for example making sure you don't use nodes too close to one another in your route, but it's not perfect.

an excellent attack that someone with a large-ish amount of money could perform on tor would be to simply host a _lot_ of nodes, and in many different locations. the total number of tor servers is in the mere thousands, i believe. so, if you're willing to spend, say, a few tens of thousands of dollars, you could use hosting services to run your own corrupt nodes. if you control, say, one half of existing tor nodes, there is a 1/2 chance that you can read exit traffic (if you just wanted to get a feel of what tor users are doing), and a (1/2)^3=1/8 chance of both getting knowledge of who the client and server are. in the case of hidden services, it's (1/2)^6, but same deal.

now, if you are, say, at&t, or someone who has access to spying on at&t and other isp's, you don't really even need to break any cryptography or interfere in any way; you just time when someone connects to some server, followed by that server connecting to another, etc, and have a reasonable idea of who is connecting to whom. there's a publicly available list of tor servers to help you test, even :)

in the non-expensive category are such silly things as asking people for their password, or website cookie issues, all of which sound unimportant but of course will give you away.

if you are really interested in such things, i recommend reading whatever papers you feel are interesting from this page:

http://freehaven.net/anonbib/topic.html

What, me read? by Anonymous Coward · 2008-05-16 16:30 · Score: 5, Insightful · on US Senate Asks for National Security Letter Explanation

Re:Freenet vs Bittorrent by mrogers · 2008-04-25 04:22 · Score: 2, Insightful · on Freenet Releases 0.7.0rc2

If your in darknet mode isnt that the same as a private tracker?

Not really - with a private tracker, the other users (including the tracker) know what you're uploading and downloading. That's not the case in Freenet. Also, any user of a private tracker can invite their friends, who can also see what you're uploading and downloading, so the network becomes less private as it grows. Freenet becomes more private as it grows, because there are more users who might have initiated any given request.

If your not in darknet mode arnt you just as exposed as BT?

No, requests travel for multiple hops through the network, so if you receive a request from an opennet peer it doesn't mean that peer initiated the request - it might be forwarding the request on behalf of another peer.

If you want to carry out conversations, then i suppose BT isnt a good medium, But isnt that what public/private mailing lists are for?

Mailing lists aren't much good if you need to be anonymous. You could use Tor to set up a webmail account, but then the webmail provider can read your email, so you have anonymity but not privacy. You could use Tor and GnuPG and webmail, but by that point it's probably easier to install Freenet.

Another disadvantage of Tor is that even though your traffic is encrypted, it's easy for someone monitoring your network connection to tell when you're using Tor. If they can correlate the times you connect to Tor with the times a certain webmail account is active then your anonymity is broken. By running a Freenet node 24/7 you make it much harder for an eavesdropper to link your activity patterns to anonymous or pseudonymous messages, because your node is always sending and receiving encrypted packets regardless of whether you're active.

This is getting mathematically scary... by alexandre · 2007-02-20 04:37 · Score: 2, Informative · on UK Taps 439,000 Phones, Now Wants To Monitor MPs

Take a look at the research papers linked here and this one in particular:

The Economics of Mass Surveillance and the Questionable Value of Anonymous Communications (PDF)
by George Danezis and Bettina Wittneben.

You may think that half a million phone tapped is not that much... well think again, the social network effect is probably exposing all of Britain. Ask for your rights to be respected now.

Re:anonymizing via noise by mindwar23 · 2006-09-13 11:00 · Score: 1 · on The Drawbacks of Anonymous Surfing

I bet they are switching IP's everytime Google gets wise and blocks them.

The script is configured to have the search term (XXX) in the URL as in "http://www.scroogle.org/cgi-bin/nbbw.cgi?Gw=XXX" and you can add it to your Firefox search toobar.

If you are concerned that they may be keeping logs in spite of their claims (probably unverifiable short of access to their servers) you are probably better off with TOR or Torpark which (as others have mentioned elsewhere) probably provide the best anonymization. The slowness factor is a concern, so for selective browsing turn TOR on and off with Torbutton or SwitchProxy FF add-ons.

On second thought, for your purpose, TOR is probably over-kill. If you are only concerned about Google keeping search results, just running your search through a proxy and disabling cookies should keep G from having any identifiable information on you...

Using tor easily by viking2000 · 2006-09-13 05:45 · Score: 1 · on The Drawbacks of Anonymous Surfing

First, using Tor is easy. Just use the Torbutton http://freehaven.net/~squires/torbutton/
Now turn Tor off when not needed, and turn it on with a click when you like to.

Since you go through other hosts, it is often slow, but usually OK.

Also, if a lot of your Google searches returns Wikipedia pages, just search directly in Wikipedia and so on.

new implimentation of an old idea by bingbong · 2006-08-21 03:24 · Score: 3, Informative · on A Move to Secure Data by Scattering the Pieces

Ross Anderson of the Computer Security Group at Cambridge University wrote a paper called the Eternity Service. It has had a few different attempts at implementation, as well as some reworks in terms of design. The primary difference is in the Eternity Service - you had no idea what data you had, nor did you have access to the keys. This new concept/design seems to provide more control/granualirity for the user. Given the new proposed encryption laws in the UK, I'm not sure this is a good idea.

I made something like this about a year ago... by Afecks · 2006-07-22 14:47 · Score: 4, Interesting · on Hacktivismo launches ScatterChat

http://freehaven.net/~aphex/torch/torch.png

It is more like jabber. It uses .onion addresses to identify buddies. It is very secure.

Re:TOR by Anonymous Coward · 2006-01-23 02:52 · Score: 0 · on Anonym.OS a Boon for Privacy Geeks?

I'll say it again: the encryption in Tor does _not_ hide your payload. It only serves to hide your IP address.

This link implies otherwise.

great anonymity tools by Anonymous Coward · 2005-05-13 07:52 · Score: 0 · on Dissidents Seeking Anonymous Web Solutions?

This are so far some of the best anonymity tools:

Tor: http://tor.freehaven.net/
Freenet: http://freenet.sourceforge.net/

And, yes, we still need some smart guy/girl to come up with an even better anonymity software.

Re:A distributed, random web proxy? by spikedvodka · 2005-01-07 15:12 · Score: 5, Insightful · on Iran Cracks Down on Internet Sites

Some kind of open distributed web proxy might do the trick.

Sounds good, how about tor http://tor.freehaven.net/
if a single (or even multiple) tor proxies get blocked, it will just go through a different one.

it works nicely for me

hrmmm... I wonder if it would get through the "great firewall of China" just as easily

Censorship resistant networks by Morganth · 2004-12-30 12:47 · Score: 4, Interesting · on Exeem "Successor" to Suprnova Announced

Shouldn't these developers take a look at some of the research in this area?

Tangler, FreeHaven, and Publius come to mind.

Tor's hidden service is the really cool thing by javab0y · 2004-12-22 10:16 · Score: 2, Interesting · on EFF Promotes Freenet-like System Tor

Tor supports something called a "hidden service" which allows you to serve something, such as a web site, ftp, or dare I say, a bittorent link.

The neat thing is, you can serve the service without anyone knowing your IP address. So you would share a link such as follows: http://6sxoyfb3h2nvok2d.onion/ (which is the tor hidden service wiki BTW). The Tor servers "meet in the middle", thus hiding the originating serving ip address. Read here for more on this functionality.

This could really shut the door on XXAA type organizations looking to hunt down people for litigous purposes.

Re:Onion Routing != FreeNet by Vaste · 2004-12-22 10:16 · Score: 1 · on EFF Promotes Freenet-like System Tor

And unlike FreeNet onion routing is anonymous.

FreeNet: Can't shut down a "site" (document) without shutting down the network. Plausable deniability. Yet, it's not anonymous in that anyone downloading a piece of data is infinitely more likely to be the initiator than one who isn't. You're still among the suspects, it's just that there are some more of them.

Onion Routing: Can't find a site without shutting down the network (well yes you can, see end to end traffic analysis on the Tor site). Can't find who's communicating what with whom. I.e. "true" anonymity. You're still among the suspects, but so is the whole network. (Depending on the number of proxies you use.)

Privacy after death requires work before death by geekotourist · 2004-12-21 13:40 · Score: 1 · on Dead? Hope You Left Someone Your Passwords

In general, people haven't had the expectation of privacy from family and/or executors after death. If you become incapacitated, you can lose privacy even before death, i.e. an overall power of attorney, or financial guardianships / conservatorships. (If you have elderly relatives, they should read this AARP article on how to prevent forced guardianship. Scary stuff. But at any age its a good idea to set up Advanced Directives and all that with people you trust.)

If he had secrets he felt he needed to keep hidden I hope he did the work one needs to do to keep them hidden in life as well as in death (if in death you don't have cares, you also don't have embarrassment).

If you have letters, photos, books, or other evidence of your secret life, you do have to work to prevent them from going into your estate at your death. Simply storing letters in a hosted email service, like storing letters in a storage unit, isn't sufficient. You'd have to make special arrangements to keep your post office boxes and safety deposit boxes private after death: the default is that your estate gets distributed, not destroyed. If you have storage that's not under your name, and that only very trusted other people know about, then you might keep it out of your estate. Simply putting letters into a safety deposit box or storage rented under your own name hasn't ever given people pre-death privacy, let alone after-death privacy.

In this case there is no evidence the soldier was trying to keep this address private. I assume he emailed his family from it, because his family members knew it existed. In this case his Yahoo address is like a post office box or a rented office unders one's own name. Offices or mailboxes are private in life, but once you're dead they're part of the estate. Heck, even if you're incapacitated they aren't private. I've had the terrible burden of holding a POA for a severely ill person- for all intents and purposes I was legally that other person. Medical records, bank records, storage units, probably even his Permanent School Record: all legally accessible to me, and again, that was when he was alive. Generally after a death there'll be at least one person with at least as much access to your stuff.

So Yahoo is acting like the exception here, not the rule, in denying his family / the estate access to his items stored at Yahoo. Of course, given how easy it is for the FBI / CIA / NSA to get into Yahoo accounts, why would anyone store anything private there? A physical storage unit would at least require a subpoena (or non-payment) before other people could get inside.

For email privacy that survives into death you'd want an account where you use heavy encryption, never use your real name (emails can always be forwarded) and use onion routers (thanks, EFF) to get to the account. For physical-item privacy you'd need to do the same sort of work. Harsh, but that's life.

As for the soldier's family, they should tell the RIAA / BSA / FBI he was storing music / illegal copies of software / subversive literature there. After a few minutes Interpol should copy the account and shares it with other agencies. Then a FOIA request should get them the emails after a few years.

Solution: Use the Tor Network by Anonymous Coward · 2004-12-21 06:57 · Score: 0 · on Following up on Torrent Shutdowns

This is the perfect application to use the tor network. Tor is an anonymizing relay network that allows for clients and more importantly servers exist anonymously. Think freenet that doesn't suck. It's really easy to set up and use, and is availble for Windows, Linux/BSD and Mac OS..

Why don't some of the index servers open source their website code so that motivated anonymous individuals can take over running them on Tor?

It should even be possible for trackers to run on top of tor. Any internet service can be turned into a tor service quite easily.