Slashdot Mirror
New 'Hardened' Tor Browser Protects Users From FBI Hacking (vice.com)
An anonymous reader quotes an article from Motherboard: According to a new paper, security researchers are now working closely with the Tor Project to create a "hardened" version of the Tor Browser, implementing new anti-hacking techniques which could dramatically improve the anonymity of users and further frustrate the efforts of law enforcement...
"Our solution significantly improves security over standard address space layout randomization (ASLR) techniques currently used by Firefox and other mainstream browsers," the researchers write in their paper, whose findings will be presented in July at the Privacy Enhancing Technologies Symposium in Darmstadt, Germany.
The researchers say Tor is currently field-testing their solution for an upcoming "hardened" release, making it harder for agencies like the FBI to crack the browser's security, according to Motherboard. "[W]hile that defensive advantage may not last for too long, it shows that some in the academic research community are still intent on patching the holes that their peers are helping government hackers exploit."
"Our solution significantly improves security over standard address space layout randomization (ASLR) techniques currently used by Firefox and other mainstream browsers," the researchers write in their paper, whose findings will be presented in July at the Privacy Enhancing Technologies Symposium in Darmstadt, Germany.
The researchers say Tor is currently field-testing their solution for an upcoming "hardened" release, making it harder for agencies like the FBI to crack the browser's security, according to Motherboard. "[W]hile that defensive advantage may not last for too long, it shows that some in the academic research community are still intent on patching the holes that their peers are helping government hackers exploit."
So, to recap, the government-paid researchers are fighting the efforts of government-paid hackers to make the tool, that the government paid to create as a secure one, less so.
Whichever side wins, we, the taxpayers lose...
In Soviet Washington the swamp drains you.
for both sides. enjoy
So, to recap, the government-paid researchers are fighting the efforts of government-paid hackers to make the tool, that the government paid to create as a secure one, less so.
Whichever side wins, we, the taxpayers lose...
You have multiple countries with teams of very smart people working to crack everything crackable that protects privacy--because what allows private communication necessarily allows evasion of monitoring.
Of course, there are a lot of kinds of monitoring. Most obvious categories include:
1. Good purposes (attacking and/or defending against terrorists/child pornographers/organized crime/repressive regimes; tracking and blocking malware and other electronic attacks; etc...).
2. Middle-ground purposes (arguably ends-justify-the-means-behavior like violating some civil liberties while hunting white-collar criminals, child support nonpayment grey market income, doing propaganda against people in group #1).
3. Bad purposes (hunting political opposition, tracking and classifying people based on their political opinions or other things that should be prevented by freedom of speech, finding dirt for blackmail, gathering evidence of and prosecuting someone for common civil ordinance violations and petty crimes in a way which chills and stifles free speech and gives the monitoring agency unfettered power, etc...)
Real lawyers write in C++
The article never stated that Tor (or the hardened branch of the Tor Browser) was designed to frustrate law enforcement. Only that it could, which is a true statement. It's simply an unintentional though welcome side-effect.
Wait a second, you're suggesting people use an unpatched and out of date browser to protect themselves? Good luck with that.
pornographers have a larger audience?
"Won't someone think of the children?"
Which law? There are a bout 150 different versions and the FBI will hack anybody (which is criminal in almost all countries for them to do). So, you are right, if the FBI stopped breaking the law, this problem would go away.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
The new version will protect against hacking, not from FBI hacking. The research with the hack the FBI used was published, so other people could use the same method. So basically this update protects people from a known vulnerability. This kind of reporting does more harm than inform, as it gives the impression that the main purpose of TOR is to commit crimes.
Why must you record my phone calls?
Are you planning a bootleg LP?
Said you've been threatened by gangsters
Now it's you that's threatening me
Can't fight corruption with con tricks
They use the law to commit crime
And I dread, dread to think what the future will bring
When we're living in gangster time
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
https://github.com/immunant/se...
If your computer is completely untrusted then there are ways it still can communicate over an air gap with another untrusted computer.
For example, if you use usb sticks to share data, they could obiously store different stuff as well on the USB stick.
Why can't they just stop passing unreasonable laws? Then they wouldn't have to surveil everyone.
What about those of us who are communicating with oppressed people?
It little behooves the best of us to comment on the rest of us.
Isn't it useless on Windows 10, where Microsoft monitors everything you type and every site you go to? The govt. probably doesn't even need a warrant because you "have no expectation of privacy" on your data in Microsoft's databases. Thus do they have warrantless access to your privacy because of some fine print on page 287 of your Windows click-through license agreement.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Believe it or not, Yes! It's a feature no less. https://en.wikipedia.org/wiki/...
Not that I believe it's really being used in that way, but it's possible. The thing is, many of us don't have a problem with targeted surveillance, if you have a nice court approved warrant beforehand for an individual I don't even have a problem with surveillance of US citizens. This sort of tech isn't really useful for bulk surveillance, which is what many people have a problem with.
So lets pretend that we've just completed writing this code, as opposed to having just completed sabotaging it -Altera
Bad news.
In this day and age, " The Government " IS the threat.
We the people aren't sending drones over to kill folks.
We're not spearheading the "War on Drugs".
We're not doing regime changes, implementing no fly lists, spying on anyone and everything and doing our damdest to undo The Constitution.
We don't lock people up in a prison with no means to even challenge their accusers. Nor do we outsource torture to get around local laws.
We're not trying to force our will on any other people or governments.
The Government, on the other hand, is guilty of every single statement above and a whole lot more I don't need to type. Not to mention the crap we don't even know about
So, yeah, if there is anything to be wary of, it's the Government
Generalizing, if you haven't done anything wrong then you have no need to fear constant surveillance.
Just being accused of doing something wrong can be enough to fuck up your life forever. You could be stuck in jail until your court date, and then go bankrupt because of the attorney's fees.
A hardened Android based on the raw android that protects you from being backdoored and tried to identify and alert you to the fake cellphone towers when you connect to one.
Then let's get a nice hardened Linux as well that actively fights attacks and tried to hide.
THEN we have a place for this browser to live.
Do not look at laser with remaining good eye.
For Tor? It has and very much so. When the FBI quite criminally (for most non-US citizen affected) mass-hacked Freedom Hosting (and they hacked everybody they could, quite a few users of entirely legal services among them), nobody that had updated their Tor Browser when prompted was affected. It was just people that used the old one for two weeks or so longer than they should have. And here is the kicker: Tor Browser releases have change notes and these state what was patched. And there is the patched source, and you can see what was fixed. And that is exactly how low-cost vulnerability-finding works.
So yes, unpatched is pretty central to how secure it is. Requires some minimal understanding on how things work in the real world to see that though.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
How does a non-expert know whether this really is secure or has a NSA / FBI / Chinese etc back door. The government can easily afford to pay people to post on public forums like this claiming that any particular software is or is not secure.
Open source doesn't really help since very few people are expert enough (or have time) to review the code, and its impossible to tell if other "experts" are paid to spread misinformation.
Bueller...
Bueller...
That's what I thought.