Anonym.OS a Boon for Privacy Geeks?

The Hosting Guy writes "Wired is running an article about a live CD that makes anonymous browsing easy enough for everyone. 'So easy to use you can hand it to your grandmother and send her off on her own to the local Starbucks.' Anonym.OS makes extensive use of Tor, the onion routing network that relies on an array of servers passing encrypted traffic to permit untraceable surfing."

anonymous?

[Lord+Ender]

With enough confederate nodes, tor can certainly be tracked. It isn't likely to happen, but it is possible.

OpenBSD based, not FreeBSD

[putko]

You might think from the daemon logo that it is a FreeBSD-based thing.

It isn't -- it is OpenBSD-based. So you'd figure the encryption would be top-notch. Also the OS is already very secure. That's what they focus on, to the exclusion of other things.

OpenBSD is quite reliable. If it includes drivers for hardware, they work.

Also, they only use code that they can look at. No blogs of code (like Linux or FreeBSD) are allowed. That's because if you can't inspect them, the NSA or an attacker might have put some bad code in there. It is because of things like this that Theo De Raadt won a prize from Stallman for his contributions to free software.

Re:Anonymous developments?

[Jim+McCoy]

1. What are the theories behind simple anonymous sharing of data?

It depends on what you mean by the terms "simple", "anonymous", and "sharing." Seriously. There is a lot of crypto research out there that touches upon the various possibilities, but it all boils down to this: the more anonymity you have in the network the higher the cost of using that network for everyone involved (where cost == increased bandwidth & CPU consumption and increased message passing latency.) In terms of what is possible there is basically a big dial, labelled "apply various crypto protocols and message-hiding techniques", that you can turn to decide how much inconvenience you are willing to put up with in return for better privacy.

2. Is it possible to completely diversify the Internet away from IP-based hosting to a new swarm-network of anonymous users all hosting little pieces of various forms of information? 2b. Is anyone working on this swarm idea?

Possible, but difficult. The difficulty increases significantly if you want to ensure reliability & availability of the data provided by the swarm or provide the nifty "web 2.0" trappings that most people have come to expect from web sites. Various projects are working on components of this mythical system, ranging from the Tor networking system mentioned in the original post to the Invisible Internet Project and GNUNet. Nailing the whole package in a single effort is a non-starter for anyone who has even casually glanced at the relevant research necessary to begin such a project, so each effort focuses on one specific aspect and eventually it might be possible to combine these efforts into a single coherent sytem.

In other words, don't hold your breath waiting for this one to actually come about.

3. As information becomes more accessible, will the need for information privacy be important? 3b. Is it more important to create a totally anonymous information sharing network than it is to work on harder to break encryption schemes?

I won't bother trying to answer the first part of the question because it is a matter of personal preference. As far as the second half of the question goes, having good end-to-end security does not help you if either of the endpoints is compromised; a malicious server can reveal that you are surfing for child porn while a malicious user can reveal that your site is distributing bomb-making recipes with no need for the points in between the two ends to break the communications encryption.

Re:Too bad no one using it can comment

[Omnifarious]

Of course, (s)he also isn't posting anonymously.

TOR

[Jesus+2.0]

I stopped using TOR when I discovered the name of one of the common exit nodes. I forget exactly what it was, but I kid you not, it was something like "datapirates.org".

Torrent Download

[HazE_nMe]

I couldn't find a torrent link in the comments, so here is one:
http://linuxtracker.org/download.php?id=1249&name= anonymos-shmoo.iso.torrent
175seeds to 700peers as of 6:53PM MST

Re:un-molestation

[techno-vampire]

The right to privacy is a post-war interpolation from the set of Constitutional rights. It was hardly a consideration before single-family households became common beyond the elite classes consequent to industrialisation.

Both the concept of privacy and the right to it go back much farther than you believe. As a simple example, do you think the inhabitants of a Roman insula (Equivalent to a modern apartment house.) had a communal lifestyle? No, of course they didn't, any more than renters in a modern apartment complex do today, and for the same reason. Each family has their own private space, and what they do there is nobody else's business. I suggest you study at least a little history before you start sounding off about it again, lest you put your other foot into your mouth.

Re:sniffing outbound connections from a tor node

[Jonboy+X]

I think that either you or the users you have in mind are missing the point of an anonymous Internet proxy. The idea is that when you go through a proxy network, the website you're viewing/posting can't (easily) identify you by your IP. Sure, the site admins can see what you posted, but they can't be sure where it originated.

If you're worried about man-in-the-middle attacks, then the website you're visiting is probably the party you trust most in the transaction, and every step that your info takes along the way is another set of eyes that might be snooping on it. In this situation, you are correct that an anonymizing proxy will probably result in subjectively poorer security.

Then again, any website that has private data that you'd like to keep that way most likely has SSL enabled anyway. If you're using an end-to-end SSL-enabled webmail service like Gmail (httpS://gmail.com), and you trust 128-bit SSL, then you've probably got nothing to fear*. If you don't trust SSL, then you're probably worried about Big Brother and No Such Agency and the like. In this case, you're probably better off just hiding under your bed.

*Note that Yahoo! mail SSL-enables only their login page. Anybody in the middle running a packet sniffer or checking their web proxy logs can see your mail when you read it. They just can't see your Yahoo! password.