Anonym.OS a Boon for Privacy Geeks?

The Hosting Guy writes "Wired is running an article about a live CD that makes anonymous browsing easy enough for everyone. 'So easy to use you can hand it to your grandmother and send her off on her own to the local Starbucks.' Anonym.OS makes extensive use of Tor, the onion routing network that relies on an array of servers passing encrypted traffic to permit untraceable surfing."

Privacy Geek

[(1+-sqrt(5))*(2**-1)]

I'm decidedly uncomfortable with the neologism "privacy geek": it implies that wanting to be left the hell alone is now fringe.

Has the will to un-molestation finally passed out of mainstream?

Re:Privacy Geek

"Anything I do outside of my home, whether I travel via foot or via wire, is public and there's a possibility that I may be seen or even recognized."

Being "seen" or "recognized" as in the pre-computer-age sense isn't the issue. The issue is having the minutiae of your online and offline behavior recorded, wherever you go and whatever you do.

How do you think the police would react if you, a private citizen, set up cameras recording all of their officers as they left and returned to their station. You would deploy robotic cameras to follow them on the public roadways. You'd correlate this video with officer names and pictures and store it in a database, which you'd sell to anyone who would pay your price. I don't think they would permit you to do it for long.

This is essentially what they want to do to us. Why should we permit it, when they won't permit us the same privilege? Are police some sort of superbeings who won't use this imbalance to their own advantage? Are they the world's most perfect database administrators and programmers, who will never leave any flaws or bugs that would let someone steal this information? Are they free of bureaucracy and able to establish truly secure protocols for the management of this information?

It's a power grab, plain and simple, happening online and offline. Technology isn't the problem; the problem is that the current authorities are seizing the initiative to establish every new technological application in their own favor, further empowering the powerful and weakening everyone else.

Re:Too bad no one using it can comment

[grub]

testing through tor...

The whole privacy movement seems to have fizzled.

[Deagol]

Back in the early 90's, when I was new to the 'net, I remember uncovering all these programs and concepts that gave me hope that people would be able to wander the internet truly anonymously. I discovered PGP, anon.penet.fi, the whole cypherpunk movement (crypto, remailers, etc.), anonymoizer.com, Chaum's eCash. Things were rough around the edges, and tough to use for a internet newbie, but progressing along fast enough that I thought we'd actually see Joe Sixpack able to easily utilize these tools. Someday.

I'd check on these projects every few years, until finally, I sorta gave up on following them. They seemed to stagnate, never getting beyond the fringe.

A year or so ago, I wanted to the utilize mixmaster remailers, and I *still* wasn't able to find an up-to-date, lucid HOWTO or a client that didn't require a *lot* of work to use.

I haven't actively sought these tools in a while, so maybe they've caught up. But I keep my ear to the wall, and I have yet to hear any murmers of good anonymizing technologies, nor do I ever see any passing references to people using them.

I have assumed that the movement is either dead (nobody cares anymore) or ubiquitous (it's common knowledge and no big deal). Somehow, I kinda doubt it's the latter.

I've been toying with an idea for a site/system in the spirit of the Mixmaster remailers, but I want to be able to evaluate the current technologies before I totally re-invent the proverbial wheel. (Plus, I wish to be as anonymous in the registration and publication of the site as possible). I'd *love* some pointers.

Re:Maybe it's a newbie question

[jrockway]

If the certificate validates, then probably yes.

If it doesn't validate, it means that someone could have setup a web server pretending to be the one asking for your credit card. It's a common man-in-the-middle attack, and is very easy to do with automated tools (like ettercap). You are protected, though, since the certificate (shouldn't be) valid in this case... the trusted CAs are trusted because they won't give a valid certificate to someone that's doing MITM attacks in Starbucks. (However, the CAs have been known to lapse. A certificate was granted a while back to something like paypa1.com and was used to phish paypal details. Users thought it was OK because the cert was valid, but it was valid for the wrong site.)

Either way, be careful.

Re:The whole privacy movement seems to have fizzle

[GigsVT]

The cypherpunk movement is dead. Just scanning the slashdot comments and reading all the "If you don't have anything to hide, why are you concerned?" posts makes that obvious.

At one point in Internet history, we (the libertarian/anarchists/cypherpunks) thought it might bring a new era of freedom. BBSs had given us a taste, and many people expected the Internet to be like a huge BBS, with everything you could imagine on it.

And it was, for a while.

Then some copyright lawyers started jumping on board, and harassing lyrics sites.

The Scientologists started suing people left and right.

Spam started snowballing.

MP3s cause the record companies to start wishing people were only trading lyrics.

Late 1998 though 1999 was the high point I think. Geeks were Gods. Stories of geek millionaires were all over the place. The US finally watered down the stupid crypto regulations. Things were looking up.

Then the Columbine shootings happened.

The 2000 elections brough all kinds of leftists out of the woodwork. Remember Nader? He sure got enough astroturfing here on Slashdot.

The so called "anarchists" get all over the news acting like total fuckwads at WTO "protests".

The WTC attack caused all the people with comfortable lives that liked to think they were cypherpunks to turn. Pull up some stories from Slashdot on 9/11 and 9/12 and see how many people were so willing to offer up the liberty for a slice of security. PATRIOT act flies through with little hassle.

News media reduced to saying things like "Some civil libertarians have concerns" instead of "What the fuck are they thinking?"

Scam artists hiding behind patent law started really milking it.

So you have left what you have today. An environment where you can't really do anything without the risk of lawsuit or arrest. I see things slowly shifting back toward the side of freedom, but it's been a slow recovery.

If Steve Jackson Games Raid happened today, would people be outraged enough to form something like the EFF? I doubt it.

sniffing outbound connections from a tor node

[SuperBanana]

With enough confederate nodes, tor can certainly be tracked. It isn't likely to happen, but it is possible.

Just by running a tor node, you get the oppertunity to collect login+password information for any non-ssl site tor users log into. You also get to see cookie information to boot. Hey, at some point, the traffic has to exit the tor obfuscation network, and if you run a node, you're going to get a bunch of that traffic. It's only a matter of time.

That's why I refuse to use "anonymizer" networks like tor. You can't even login to your damn webmail, without giving away your account information.