Slashdot Mirror
Anonym.OS a Boon for Privacy Geeks?
The Hosting Guy writes "Wired is running an article about a live CD that makes anonymous browsing easy enough for everyone. 'So easy to use you can hand it to your grandmother and send her off on her own to the local Starbucks.' Anonym.OS makes extensive use of Tor, the onion routing network that relies on an array of servers passing encrypted traffic to permit untraceable surfing."
Has the will to un-molestation finally passed out of mainstream?
Since Slashdot bans most Tor proxies from making comments. Perfect for geeks, eh?
With enough confederate nodes, tor can certainly be tracked. It isn't likely to happen, but it is possible.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
This is why co-workers and I have been working on Fappix - The Pornnoisseur Distro. Not only can you browse anonymously but you have several thousand pre-bookmarked pages to choose from in categories ranging from Amateur Nudes to Bukkake Hentai to Puke porn. You have a hankering for some DP? We got it. Maybe a little fisting for those slow lonely nights at home. Nothing but the best for our users!
Never worry about having the correct video codec or player again as they will all be pre-installed! No more waiting another 20 minutes to download and install some obscure viewer just so you can rub on off to Kismet the Albino Sheep Goes to the Circus!
With our patented "Live (Hand) CD" technology you simply boot from the disk and off you go into fantastic realms of spanktacular fun without the worry of spyware, malware, trojans, or incriminating cache files again. You'll never have to blame that spandex scat video on "some spam or something" ever again!
Fappix. The sound of one hand clapping.
Do not taunt Happy-Fun Ball
Anonymizing yourself isn't a crime or probable cause for any kind of search warrant.
So easy to use you can hand it to your grandmother and send her off on her own to the local Starbucks.
... (pause)...
Fantastic! I've always thought copious amounts of caffeine and an anonymous method of browsing for porn were meant for ubergeeks like myself, but now that my *grandma* can do it as well, that's just fantastic!
OH GOD, MY EYES!!!
Anonymizing yourself isn't a crime or probable cause for any kind of search warrant.
In police states, someone who wants to be anonymous deviates from the norm and automatically becomes suspicious, as The Man considers that if you're not guilty, you have nothing to hide.
In US-PATRIOT USA, I'm not sure I'd want to participate in the Tor network. I'm definitely not the only one. Perhaps I'm a coward, but that should tell you something of what this country is slowly turning into...
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
You might think from the daemon logo that it is a FreeBSD-based thing.
It isn't -- it is OpenBSD-based. So you'd figure the encryption would be top-notch. Also the OS is already very secure. That's what they focus on, to the exclusion of other things.
OpenBSD is quite reliable. If it includes drivers for hardware, they work.
Also, they only use code that they can look at. No blogs of code (like Linux or FreeBSD) are allowed. That's because if you can't inspect them, the NSA or an attacker might have put some bad code in there. It is because of things like this that Theo De Raadt won a prize from Stallman for his contributions to free software.
http://www.thebricktestament.com/the_law/when_to_
I'd check on these projects every few years, until finally, I sorta gave up on following them. They seemed to stagnate, never getting beyond the fringe.
A year or so ago, I wanted to the utilize mixmaster remailers, and I *still* wasn't able to find an up-to-date, lucid HOWTO or a client that didn't require a *lot* of work to use.
I haven't actively sought these tools in a while, so maybe they've caught up. But I keep my ear to the wall, and I have yet to hear any murmers of good anonymizing technologies, nor do I ever see any passing references to people using them.
I have assumed that the movement is either dead (nobody cares anymore) or ubiquitous (it's common knowledge and no big deal). Somehow, I kinda doubt it's the latter.
I've been toying with an idea for a site/system in the spirit of the Mixmaster remailers, but I want to be able to evaluate the current technologies before I totally re-invent the proverbial wheel. (Plus, I wish to be as anonymous in the registration and publication of the site as possible). I'd *love* some pointers.
Method of processing duck feet
Yes, I suppose they have that kind of porn, too.
The world's burning. Moped Jesus spotted on I50. Details at 11.
I nominate this for the most concisely inept retelling of the history of the Internet ever!
The world's burning. Moped Jesus spotted on I50. Details at 11.
You have the right to pamphlet anonymously. You have the right to use the internet to do it. You should be able to criticize the government without worrying about anyone getting revenge on you. I totally agree that the Patriot act goes way too far. By removing our basic freedoms, George W. has given the victory to the terrorists. We should be fighting to preserve our freedoms, not giving up our freedoms to fight the terrorists.
The fact that a bunch of sickos use this technology to be perverted does not mean that the rest of us should not use it. If you care about your freedom and you don't like what is going on then you can use it to safely make your complaints heard.
1. What are the theories behind simple anonymous sharing of data?
It depends on what you mean by the terms "simple", "anonymous", and "sharing." Seriously. There is a lot of crypto research out there that touches upon the various possibilities, but it all boils down to this: the more anonymity you have in the network the higher the cost of using that network for everyone involved (where cost == increased bandwidth & CPU consumption and increased message passing latency.) In terms of what is possible there is basically a big dial, labelled "apply various crypto protocols and message-hiding techniques", that you can turn to decide how much inconvenience you are willing to put up with in return for better privacy.
2. Is it possible to completely diversify the Internet away from IP-based hosting to a new swarm-network of anonymous users all hosting little pieces of various forms of information? 2b. Is anyone working on this swarm idea?
Possible, but difficult. The difficulty increases significantly if you want to ensure reliability & availability of the data provided by the swarm or provide the nifty "web 2.0" trappings that most people have come to expect from web sites. Various projects are working on components of this mythical system, ranging from the Tor networking system mentioned in the original post to the Invisible Internet Project and GNUNet. Nailing the whole package in a single effort is a non-starter for anyone who has even casually glanced at the relevant research necessary to begin such a project, so each effort focuses on one specific aspect and eventually it might be possible to combine these efforts into a single coherent sytem.
In other words, don't hold your breath waiting for this one to actually come about.
3. As information becomes more accessible, will the need for information privacy be important? 3b. Is it more important to create a totally anonymous information sharing network than it is to work on harder to break encryption schemes?
I won't bother trying to answer the first part of the question because it is a matter of personal preference. As far as the second half of the question goes, having good end-to-end security does not help you if either of the endpoints is compromised; a malicious server can reveal that you are surfing for child porn while a malicious user can reveal that your site is distributing bomb-making recipes with no need for the points in between the two ends to break the communications encryption.
If the certificate validates, then probably yes.
If it doesn't validate, it means that someone could have setup a web server pretending to be the one asking for your credit card. It's a common man-in-the-middle attack, and is very easy to do with automated tools (like ettercap). You are protected, though, since the certificate (shouldn't be) valid in this case... the trusted CAs are trusted because they won't give a valid certificate to someone that's doing MITM attacks in Starbucks. (However, the CAs have been known to lapse. A certificate was granted a while back to something like paypa1.com and was used to phish paypal details. Users thought it was OK because the cert was valid, but it was valid for the wrong site.)
Either way, be careful.
My other car is first.
The idea that one might live one's life in private and without fear of molestation is a *very* recent phenomenon. It's not passing out of the mainstream, it never quite arrived there.
The right to privacy is a post-war interpolation from the set of Constitutional rights. It was hardly a consideration before single-family households became common beyond the elite classes consequent to industrialisation. The very idea of private life took meaning from the distinction to be drawn between the public and private duties of the landed gentry, whether he was acting as public judge or administrator of his chattel. The idea that citizens required more privacy than that demanded by Christian modesty simply did not occur. It is only in the last generation that anyone became actually interested in the details of your private life. Before the information age, such trivia had no value beyond the prurient, of interest only to busibodies and the beat cop; again, unless you were a name.
illegitimii non ingravare
The cypherpunk movement is dead. Just scanning the slashdot comments and reading all the "If you don't have anything to hide, why are you concerned?" posts makes that obvious.
At one point in Internet history, we (the libertarian/anarchists/cypherpunks) thought it might bring a new era of freedom. BBSs had given us a taste, and many people expected the Internet to be like a huge BBS, with everything you could imagine on it.
And it was, for a while.
Then some copyright lawyers started jumping on board, and harassing lyrics sites.
The Scientologists started suing people left and right.
Spam started snowballing.
MP3s cause the record companies to start wishing people were only trading lyrics.
Late 1998 though 1999 was the high point I think. Geeks were Gods. Stories of geek millionaires were all over the place. The US finally watered down the stupid crypto regulations. Things were looking up.
Then the Columbine shootings happened.
The 2000 elections brough all kinds of leftists out of the woodwork. Remember Nader? He sure got enough astroturfing here on Slashdot.
The so called "anarchists" get all over the news acting like total fuckwads at WTO "protests".
The WTC attack caused all the people with comfortable lives that liked to think they were cypherpunks to turn. Pull up some stories from Slashdot on 9/11 and 9/12 and see how many people were so willing to offer up the liberty for a slice of security. PATRIOT act flies through with little hassle.
News media reduced to saying things like "Some civil libertarians have concerns" instead of "What the fuck are they thinking?"
Scam artists hiding behind patent law started really milking it.
So you have left what you have today. An environment where you can't really do anything without the risk of lawsuit or arrest. I see things slowly shifting back toward the side of freedom, but it's been a slow recovery.
If Steve Jackson Games Raid happened today, would people be outraged enough to form something like the EFF? I doubt it.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
And thank God..... instead of trying to win a losing battle against privacy loss it would be better if we put our energies into making a completely transparent world. Information wants to be free, deal with it.
Hey, can I have your Social Security and bank account numbers?
What do you mean, "no"? INFORMATION WANTS TO BE FREEEEE!!!
So true. In fact, I would suggest that you stop using envelopes when mailing letters and just use postcards instead, that way everybody along the way can read them much more easily. You don't have anything to hide, do you?
No real reason for secret ballots either, now that I think about it. After all, you're not attemting to make an illegal vote.
The police ought to be able to search your house at will, too. If you're not doing anything wrong you have nothing to fear, right?
Oh, remember that sooner or later if you stop defending your freedoms you lose them. When it becomes illegal to criticize the government and you say "but that wasn't what I meant" it's just a tad too late.
http://www.rootstrikers.org/
I stopped using TOR when I discovered the name of one of the common exit nodes. I forget exactly what it was, but I kid you not, it was something like "datapirates.org".
I couldn't find a torrent link in the comments, so here is one:= anonymos-shmoo.iso.torrent
http://linuxtracker.org/download.php?id=1249&name
175seeds to 700peers as of 6:53PM MST
Just by running a tor node, you get the oppertunity to collect login+password information for any non-ssl site tor users log into. You also get to see cookie information to boot. Hey, at some point, the traffic has to exit the tor obfuscation network, and if you run a node, you're going to get a bunch of that traffic. It's only a matter of time.
That's why I refuse to use "anonymizer" networks like tor. You can't even login to your damn webmail, without giving away your account information.
Please help metamoderate.
The fact that this score has an Insightful Moderation is scary...I've got Karma to burn, so let me speak my mind.
We should have a reasonable expectation of privacy in our everyday lives, even if the constitution doesn't have a "de facto" privacy clause in it. Remember that crazy court Case Roe v. Wade? The court didn't say that "abortion was legal," the Court declared that laws prohibiting abortion represented a violation of a women's right to privacy. While the right to privacy does to exist as such in the Constitution it has long been interpreted to exist as an umbrella created by the first 5 amendments in the Bill of Rights.
To be quite honest with you, I know cops who have problems with the way that today's society is going. They don't want to have to worry about carrying an ID when they're walking down the street to buy a gallon of milk. (HIIBEL V. SIXTH JUDICIAL DIST. COURT OF NEV.,HUMBOLDT CTY. (03-5554) 542 U.S. 177 (2004) 118 Nev. 868, 59 P.2d 1201, affirmed.)
It really bothers me in a multitude of ways that our civil liberties are being torn down under the guise of terrorism. It really bothers me that many people are letting their guards down and just allowing these rights to just be walked on like nothing matters. Is it just me or am I the only one who sees a problem here?
I disable sigs...do you?
[Grandma] Where's the blue E?
[me] There's no blue E grandma, click on the orange and blue ball.
[Grandma] What does "Server not found" mean?
[me, muttering...] fsck'ing TOR timeouts
[Grandma] What was that again, I couldn't hear you.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
What are you saying? Is this like... better than the "Post Anonymously" check box and stuff?
Does this rag smell like chloroform to you?