Domain: freehaven.net
Stories and comments across the archive that link to freehaven.net.
Comments · 34
-
Re:What good is tor
I've been following this stuff since the 1990s, thanks. Let's just say that I have strong enough credentials on Tor and related systems that detailing them would out me.
If you want to see exactly how irrelevant encryption is to deanonymization by a global adversary, start around the year 2001 or 2002 in this bibliography:
http://freehaven.net/anonbib/#2001
Once again, layering TLS over Tor will not do a damned thing to protect you from widespread traffic analysis. It protect the content of your communication, but it will do no more than bare Tor to protect the fact of the communication itself. Even the content protection is very limited; the attacker can make a lot of very firm inferences, especially if she can learn the content of the same Web site you're hitting.
And, as far as we can tell, yes, there are approximately global adversaries out there.
-
Not New
I wrote a tool like this ages ago called Torcap; http://freehaven.net/~aphex/torcap/ and it does all of that plus works on Windows and is open source.
-
Re:Traffic is still tracable
Personally I'm surprised that nobody has come up with an application that basically merges what TOR and Freenet does into one. A distributed storage would provide both the capacity and the upload bandwidth, while freeing up resources from onion sites.
Funnily enough, Tor arose from a project called Free Haven that aimed to do pretty much what you're suggesting: robust, distributed storage with anonymous access. So far the anonymous access part of the problem has attracted more attention than the distributed storage part, so we have a very high-quality anonymous access component (Tor), but until recently there wasn't a distributed storage component of comparable quality. Perhaps Tahoe LAFS is ready to fill that role.
Unlike Free Haven, Freenet didn't separate the anonymity problem from the storage problem - it tried to solve both problems at once. Nikita Borisov found that Freenet 0.5 provides little or no anonymity to a substantial fraction of users. As far as I know, nobody has analysed the anonymity provided by more recent versions of Freenet, which is not a situation anyone relying on Freenet for anonymity should be happy about. Tor has received a lot more analysis from the security community, and while its anonymity properties are limited, those limits are well understood.
TLDR: Combine Tor with distributed storage, but don't use Freenet.
-
Re:SSL over Tor with Pivroxy
uhg. don't listen to that other guy. anyway. in case you are really curious, consider that (apart from the issues of users and programs and operating systems leaking info accidentally) the servers that run tor nodes are few and have no real system of determining who is trustworthy enough. they put some effort in, for example making sure you don't use nodes too close to one another in your route, but it's not perfect.
an excellent attack that someone with a large-ish amount of money could perform on tor would be to simply host a _lot_ of nodes, and in many different locations. the total number of tor servers is in the mere thousands, i believe. so, if you're willing to spend, say, a few tens of thousands of dollars, you could use hosting services to run your own corrupt nodes. if you control, say, one half of existing tor nodes, there is a 1/2 chance that you can read exit traffic (if you just wanted to get a feel of what tor users are doing), and a (1/2)^3=1/8 chance of both getting knowledge of who the client and server are. in the case of hidden services, it's (1/2)^6, but same deal.
now, if you are, say, at&t, or someone who has access to spying on at&t and other isp's, you don't really even need to break any cryptography or interfere in any way; you just time when someone connects to some server, followed by that server connecting to another, etc, and have a reasonable idea of who is connecting to whom. there's a publicly available list of tor servers to help you test, even
:)in the non-expensive category are such silly things as asking people for their password, or website cookie issues, all of which sound unimportant but of course will give you away.
if you are really interested in such things, i recommend reading whatever papers you feel are interesting from this page:
-
What, me read?
http://uniset.ca/terr/news/lat_fbibreakin.html
http://en.wikipedia.org/wiki/Weatherman_(organization)
http://en.wikipedia.org/wiki/United_States_v._Microsoft
http://en.wikipedia.org/wiki/Sedition_Act_of_1918
http://en.wikipedia.org/wiki/Alien_and_Sedition_Acts
http://en.wikipedia.org/wiki/SLAPP
http://www.amazon.com/Bowling-Alone-Collapse-American-Community/dp/0743203046/sr=8-1/qid=1172469926/ref=pd_bbs_sr_1/105-3962904-3664448?ie=UTF8&s=books
http://code.google.com/p/torchat/
http://en.wikipedia.org/wiki/All_the_Shah's_Men
http://en.wikipedia.org/wiki/CIA_and_Contras_cocaine_trafficking_in_the_US
http://en.wikipedia.org/wiki/CIA_drug_trafficking
http://en.wikipedia.org/wiki/Operation_Paperclip
http://en.wikipedia.org/wiki/Project_MKULTRA
http://en.wikipedia.org/wiki/Reichstag_Fire_Decree
http://web.mit.edu/gtmarx/www/iron.html
http://en.wikipedia.org/wiki/Jury_nullification
http://en.wikipedia.org/wiki/Citizens_Rule_Book
http://en.wikipedia.org/wiki/Repeal_of_prohibition
http://en.wikipedia.org/wiki/Writeprint
http://en.wikipedia.org/wiki/Van_Eck_phreaking
http://en.wikipedia.org/wiki/Sousveillance
http://www.cgsecurity.org/wiki/PhotoRec
http://www.eff.org/testyourisp/pcapdiff/
http://en.wikipedia.org/wiki/Panopticon
http://ai.bpa.arizona.edu/COPLINK/
http://ai.bpa.arizona.edu/research/coplink/authorship.htm
http://www.coplink.com/
http://en.wikipedia.org/wiki/COINTELPRO
http://www.zurich.ibm.com/security/idemix/
http://packetstormsecurity.nl/filedesc/Practical_Onion_Hacking.pdf.html
http://www.williamson-labs.com/laser-mic.htm
http://www-users.cs.umn.edu/~dfrankow/files/privacy-sigir2006.pdf
http://freehaven.net/anonbib/topic.html#Anonymous_20communication
http://www.wiley.com/legacy/compbooks/mcnamara/links.html -
Re:Freenet vs Bittorrent
If your in darknet mode isnt that the same as a private tracker?
Not really - with a private tracker, the other users (including the tracker) know what you're uploading and downloading. That's not the case in Freenet. Also, any user of a private tracker can invite their friends, who can also see what you're uploading and downloading, so the network becomes less private as it grows. Freenet becomes more private as it grows, because there are more users who might have initiated any given request.
If your not in darknet mode arnt you just as exposed as BT?
No, requests travel for multiple hops through the network, so if you receive a request from an opennet peer it doesn't mean that peer initiated the request - it might be forwarding the request on behalf of another peer.
If you want to carry out conversations, then i suppose BT isnt a good medium, But isnt that what public/private mailing lists are for?
Mailing lists aren't much good if you need to be anonymous. You could use Tor to set up a webmail account, but then the webmail provider can read your email, so you have anonymity but not privacy. You could use Tor and GnuPG and webmail, but by that point it's probably easier to install Freenet.
Another disadvantage of Tor is that even though your traffic is encrypted, it's easy for someone monitoring your network connection to tell when you're using Tor. If they can correlate the times you connect to Tor with the times a certain webmail account is active then your anonymity is broken. By running a Freenet node 24/7 you make it much harder for an eavesdropper to link your activity patterns to anonymous or pseudonymous messages, because your node is always sending and receiving encrypted packets regardless of whether you're active.
-
This is getting mathematically scary...
Take a look at the research papers linked here and this one in particular:
The Economics of Mass Surveillance and the Questionable Value of Anonymous Communications (PDF)
by George Danezis and Bettina Wittneben.
You may think that half a million phone tapped is not that much... well think again, the social network effect is probably exposing all of Britain. Ask for your rights to be respected now. -
Re:anonymizing via noise
I bet they are switching IP's everytime Google gets wise and blocks them.
The script is configured to have the search term (XXX) in the URL as in "http://www.scroogle.org/cgi-bin/nbbw.cgi?Gw=XXX" and you can add it to your Firefox search toobar.
If you are concerned that they may be keeping logs in spite of their claims (probably unverifiable short of access to their servers) you are probably better off with TOR or Torpark which (as others have mentioned elsewhere) probably provide the best anonymization. The slowness factor is a concern, so for selective browsing turn TOR on and off with Torbutton or SwitchProxy FF add-ons.
On second thought, for your purpose, TOR is probably over-kill. If you are only concerned about Google keeping search results, just running your search through a proxy and disabling cookies should keep G from having any identifiable information on you...
-
Using tor easily
First, using Tor is easy. Just use the Torbutton http://freehaven.net/~squires/torbutton/
Now turn Tor off when not needed, and turn it on with a click when you like to.
Since you go through other hosts, it is often slow, but usually OK.
Also, if a lot of your Google searches returns Wikipedia pages, just search directly in Wikipedia and so on. -
new implimentation of an old idea
Ross Anderson of the Computer Security Group at Cambridge University wrote a paper called the Eternity Service. It has had a few different attempts at implementation, as well as some reworks in terms of design. The primary difference is in the Eternity Service - you had no idea what data you had, nor did you have access to the keys. This new concept/design seems to provide more control/granualirity for the user. Given the new proposed encryption laws in the UK, I'm not sure this is a good idea.
-
I made something like this about a year ago...
http://freehaven.net/~aphex/torch/torch.png
It is more like jabber. It uses .onion addresses to identify buddies. It is very secure. -
Re:TOR
I'll say it again: the encryption in Tor does _not_ hide your payload. It only serves to hide your IP address.
This link implies otherwise. -
great anonymity tools
This are so far some of the best anonymity tools:
Tor: http://tor.freehaven.net/
Freenet: http://freenet.sourceforge.net/
And, yes, we still need some smart guy/girl to come up with an even better anonymity software. -
Re:A distributed, random web proxy?
Some kind of open distributed web proxy might do the trick.
Sounds good, how about tor http://tor.freehaven.net/
if a single (or even multiple) tor proxies get blocked, it will just go through a different one.
it works nicely for me
hrmmm... I wonder if it would get through the "great firewall of China" just as easily -
Censorship resistant networks
-
Tor's hidden service is the really cool thing
Tor supports something called a "hidden service" which allows you to serve something, such as a web site, ftp, or dare I say, a bittorent link.
The neat thing is, you can serve the service without anyone knowing your IP address. So you would share a link such as follows: http://6sxoyfb3h2nvok2d.onion/ (which is the tor hidden service wiki BTW). The Tor servers "meet in the middle", thus hiding the originating serving ip address. Read here for more on this functionality.
This could really shut the door on XXAA type organizations looking to hunt down people for litigous purposes.
-
Re:Onion Routing != FreeNet
And unlike FreeNet onion routing is anonymous.
FreeNet: Can't shut down a "site" (document) without shutting down the network. Plausable deniability. Yet, it's not anonymous in that anyone downloading a piece of data is infinitely more likely to be the initiator than one who isn't. You're still among the suspects, it's just that there are some more of them.
Onion Routing: Can't find a site without shutting down the network (well yes you can, see end to end traffic analysis on the Tor site). Can't find who's communicating what with whom. I.e. "true" anonymity. You're still among the suspects, but so is the whole network. (Depending on the number of proxies you use.) -
Privacy after death requires work before deathIn general, people haven't had the expectation of privacy from family and/or executors after death. If you become incapacitated, you can lose privacy even before death, i.e. an overall power of attorney, or financial guardianships / conservatorships. (If you have elderly relatives, they should read this AARP article on how to prevent forced guardianship. Scary stuff. But at any age its a good idea to set up Advanced Directives and all that with people you trust.)
If he had secrets he felt he needed to keep hidden I hope he did the work one needs to do to keep them hidden in life as well as in death (if in death you don't have cares, you also don't have embarrassment).
If you have letters, photos, books, or other evidence of your secret life, you do have to work to prevent them from going into your estate at your death. Simply storing letters in a hosted email service, like storing letters in a storage unit, isn't sufficient. You'd have to make special arrangements to keep your post office boxes and safety deposit boxes private after death: the default is that your estate gets distributed, not destroyed. If you have storage that's not under your name, and that only very trusted other people know about, then you might keep it out of your estate. Simply putting letters into a safety deposit box or storage rented under your own name hasn't ever given people pre-death privacy, let alone after-death privacy.
In this case there is no evidence the soldier was trying to keep this address private. I assume he emailed his family from it, because his family members knew it existed. In this case his Yahoo address is like a post office box or a rented office unders one's own name. Offices or mailboxes are private in life, but once you're dead they're part of the estate. Heck, even if you're incapacitated they aren't private. I've had the terrible burden of holding a POA for a severely ill person- for all intents and purposes I was legally that other person. Medical records, bank records, storage units, probably even his Permanent School Record: all legally accessible to me, and again, that was when he was alive. Generally after a death there'll be at least one person with at least as much access to your stuff.
So Yahoo is acting like the exception here, not the rule, in denying his family / the estate access to his items stored at Yahoo. Of course, given how easy it is for the FBI / CIA / NSA to get into Yahoo accounts, why would anyone store anything private there? A physical storage unit would at least require a subpoena (or non-payment) before other people could get inside.
For email privacy that survives into death you'd want an account where you use heavy encryption, never use your real name (emails can always be forwarded) and use onion routers (thanks, EFF) to get to the account. For physical-item privacy you'd need to do the same sort of work. Harsh, but that's life.
As for the soldier's family, they should tell the RIAA / BSA / FBI he was storing music / illegal copies of software / subversive literature there. After a few minutes Interpol should copy the account and shares it with other agencies. Then a FOIA request should get them the emails after a few years.
-
Solution: Use the Tor NetworkThis is the perfect application to use the tor network. Tor is an anonymizing relay network that allows for clients and more importantly servers exist anonymously. Think freenet that doesn't suck. It's really easy to set up and use, and is availble for Windows, Linux/BSD and Mac OS..
Why don't some of the index servers open source their website code so that motivated anonymous individuals can take over running them on Tor?
It should even be possible for trackers to run on top of tor. Any internet service can be turned into a tor service quite easily.
-
Solution: Use the Tor NetworkThis is the perfect application to use the tor network. Tor is an anonymizing relay network that allows for clients and more importantly servers exist anonymously. Think freenet that doesn't suck. It's really easy to set up and use, and is availble for Windows, Linux/BSD and Mac OS..
Why don't some of the index servers open source their website code so that motivated anonymous individuals can take over running them on Tor?
It should even be possible for trackers to run on top of tor. Any internet service can be turned into a tor service quite easily.
-
Solution: Use the Tor NetworkThis is the perfect application to use the tor network. Tor is an anonymizing relay network that allows for clients and more importantly servers exist anonymously. Think freenet that doesn't suck. It's really easy to set up and use, and is availble for Windows, Linux/BSD and Mac OS..
Why don't some of the index servers open source their website code so that motivated anonymous individuals can take over running them on Tor?
It should even be possible for trackers to run on top of tor. Any internet service can be turned into a tor service quite easily.
-
Of course....
If they used Tor, subpoenas wouldn't really have given any useful information away. Then again, it's so sloooow perhaps they'd still be downloading
;). -
Re:Freenet
Freenet's a cool idea, but it's too glacially slow. I've been considering setting up eMule-over-Tor at some point. I think it'd be reasonably fast (e.g. only 1/6 as fast as not-over-Tor) and still pretty much 100% secure. Especially once there's a lot of people using it.
As an added bonus, eMule-over-Tor could be added to eMule itself, and you could easily flag which files are "Tor only" and leave the base eMule protocols to handle all the other files. -
Re:Mixmaster for TCP?"This sounds a lot like an implementation of Mixmaster for TCP."
Indeed, why not break-up the tedium of reading TFA, by quoting interesting snippets to slashdotters who havent?
Subsequent relay-based anonymity designs have diverged in two main directions. Systems like Babel [28], Mixmaster [36], and Mixminion [15] have tried to maximize anonymity at the cost of introducing comparatively large and variable latencies. Because of this decision, these high-latency networks resist strong global adversaries, but introduce too much lag for interactive tasks like web browsing, Internet chat, or SSH connections.
Tor belongs to the second category: low-latency designs that try to anonymize interactive network traffic. These systems handle a variety of bidirectional protocols. They also provide more convenient mail delivery than the high-latency anonymous email networks, because the remote mail server provides explicit and timely delivery confirmation. But because these designs typically involve many packets that must be delivered quickly, it is difficult for them to prevent an attacker who can eavesdrop both ends of the communication from correlating the timing and volume of traffic entering the anonymity network with traffic leaving it [45]. These protocols are similarly vulnerable to an active adversary who introduces timing patterns into traffic entering the network and looks for correlated patterns among exiting traffic. Although some work has been done to frustrate these attacks, most designs protect primarily against traffic analysis rather than traffic confirmation (see Section 3.1). - Tor design -
Why should I run Tor?
Maybe somebody already mentioned it, but the developers' replies to this question are at http://www.freehaven.net/tor/doc/tor-doc.html Yes, communication privacy can be abused. But we do not see anyone screaming that sending a letter in the real world should require authentication and total disclosure of the contents of the letter, so why should the digital world be different? (By the way, it might be that Tor is slashdotted now.)
-
Re:What a load of crap.You support government control because it's preferable to corporate control, but perhaps there's a third option: no control.
I'm talking about a completely decentralized network with no central body allocating addresses, with strong encryption at the link level and end-to-end, guaranteeing privacy and freedom of speech to anyone who can connect to it.
Freenet and the Freehaven project's second-generation onion router have laid a lot of the groundwork, but they're designed to be internet overlays. What we need is a truly decentralized packet-switching network, independent of the internet, capable of operating over an ad hoc collection of wireless, leased line, modem and (for the moment) internet connections. The internet can function as scaffolding but nothing in the new network's design should be internet-specific.
It's already possible to build small networks of this kind - see Mute, for example. Each machine's address is derived from its public key, and you find routes by broadcasting. But broadcasting every query isn't scalable, so in my PhD research I'm looking for scalable ways to route packets across a large, untrusted network with no address aggregation. If you have any ideas, please reply and I'll send you my email address.
:-) -
Free Haven
-
Re:FreeNet
So, it would seem that we need a peer-to-peer service that is built with the following attributes:
-completely anonymous users, file transfers, hosts, etc.
-reliable and stable structure
-decentralized topology
-efficient data management
-and complete deniability (I didn't host that file, or I didn't download that file, as member's cant control content on the network)
We do. We have several.
- FreeNet, and similar projects (Publius, FreeHaven) for distributing anonymous files
- The Invisible IRC Project for anonymous, deniable instant messaging
- InvisiBlog for blogging
- MixMaster and Hushmail for email
- Anonymizer and Peek-a-booty for browsing
Anyone care to add to this list? I've only put the ones that immediately spring to mind, but I know there are more distributed anonymous deniable chaffed encrypted file-share programs that I've not tried. -
Re:This particular service begs for an OS solutionLogin info consumes almost NO diskspace - an extra helping of distributed storage redundancy is a given.
You'd have to be blind to a LARGE percentage of the net to be without your info.
-
various comments on the article, mostly negative
...no individual peer can be considered to be engaging in illegal harassment, hacking, denial of service, etc. Rather it is only the totally decentralized..., ie a distributed denial of service. Wow. I didn't know thase were legal....
A *real* digital demonstration would be if a group of people each went home, wrote emails to their congresspersons, and sent them off. This would be legal, safe, open, and... probably not so effective. Dead trees are just harder to ignore than emails, and take more work to filter. This is all the more true if those emails are part of a DDOS attack.
In terms of resistance to government tampering, Publius or Free Haven would be a better way to get your ideas around if people would use them, which many people do. -
Re:The Problem with Choice
The end user may trust some companies more than others (just like banks). Where would you put your money: Bank of America or Banco Commercial de Buenos Aires?
We can imagine a system where the user simply specifies the degree of trust and the information gets mapped to storage servers transparently. We can even imagine using architectures like Publius or FreeHaven to split the data into slices and have slices spread all over the network. -
Mojo Nation vs. Swarmcast (vs. Freenet, vs...)
It isn't true that Mojo Nation is "not focussed on performance". I'm one of the Mojo Nation hackers, and we care about performance. It is true, however, that Mojo Nation is pretty complex, providing both data transfer (using a "swarm" like technique), and data storage, and a queriable search engine. The end result is something like a distributed, non-deletable World Wide Web. (Sort of like Freenet plus persistent data, or the earlier concept of Ross Anderson's "Eternity Service".)
Performance isn't that great on Mojo Nation right now, but it is good enough, in my experience, for daily use.
I'm pretty excited about the Swarmcast open source release, both because I think Swarmcast is a cool app in itself, and because I can now start taking ideas and code from Swarmcast to put into Mojo Nation, and vice versa.
In the long run, both Mojo Nation and Swarmcast will improve because of this sharing, as will other related open source projects like Freenet and Free Haven.
Regards,
Zooko
P.S. I've been talking with Justin Chapweske, the Swarmcast, lead, on irc.openprojects.net, and he's already pointed out a potential bug that we need to avoid in future versions of the Evil Geniuses Transport Protocol...
-
Article about anonymous p2p difficulties
The MIT Freehaven site is a similar project and has some interesting articles about problems of current anonymous p2p systems like Gnutella Freenet and Mojo Nation , such as Accountability flexibility and different kinds of anonymity.
-
Napster is not P2PNapster is not peer-to-peer, it is client-server architecture. Free Net and Mojo Nation are P2P.
See Free Haven for resources on real P2P development.
When a Court orders the shutting off of Napster, it shuts off the server(s) and the system is gone. The judge doesn't have to enter your home to shut down the whole system.
On correct implementations of P2P the court would have to shut down at least N-1 nodes of an N-node network (or break links so that no 2 nodes can talk to each other).