Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK ISP Tests SIM Card That Forces All of Your Mobile Data Through Tor (vice.com)

Posted by BeauHD on from the middle-finger-to-surveillance dept.

An anonymous reader quotes a report from Motherboard: [O]ne UK grassroots internet service provider is currently testing a data only SIM card that blocks any non-Tor traffic from leaving the phone at all, potentially providing a more robust way to use Tor while on the go. "This is about sticking a middle finger up to mobile filtering, mass surveillance," Gareth Llewelyn, founder of Brass Horn Communications, told Motherboard in an online chat. Brass Horn is a non-profit internet service provider with a focus on privacy and anti-surveillance services. Tor is a piece of software and a related network run by volunteers. When someone runs Tor on their computer or phone, it routes their traffic through multiple servers before reaching its final destination, such as a website. That way, the website owner can't tell who is visiting; only that someone is connecting from Tor. The most common way people access Tor is with the Tor Browser Bundle on desktop, or with the Orbot app on Android.

But, in some cases, neither of these totally guarantee that all of your device's traffic will be routed through Tor. If you're using the Tor Browser Bundle on a laptop, and then go to use another piece of software, that app is probably not going to use Tor. The same might stand for Orbot running on older iterations of Android. Nathan Freitas, from The Guardian Project which maintains Orbot, said with newer versions of Android, you can lock down device traffic to only work if a specific VPN is activated, including Orbot's. This SIM card, however, is supposed to provide a more restricted solution in the event that other approaches don't quite work. The UK-exclusive SIM card requires that users create a new access point name on their device. It also requires Orbot to be installed and running on the device itself.

46 comments

  1. Russian Involvement by BeauHD++(19)+BeauHD · · Score: 0

    Puh-lease. Ain't nothing going to keep us safe from the Russians stealing our info. Tor is a tool of child pornography. IMHO, this is a bad idea.

    1. Re: Russian Involvement by Anonymous Coward · · Score: 0

      You'd know

    2. Re: Russian Involvement by Anonymous Coward · · Score: 0

      Only for child pornography, huh? You do know that Tor was created by the US government, and what its intended purpose was, right?

    3. Re:Russian Involvement by Anonymous Coward · · Score: 0

      You're against trying new things to achieve privacy? Or, do you just like to say things won't work before they are even tried?

      Why are you even a slashdot mod?

  2. I wonder by Anonymous Coward · · Score: 0

    What the legal implications of this are.

    While I applaud the middle finger surely it's just asking for a kicking by the government linking it to the next terrorist attack.

    They've gone after whatsapp previously which was a multi billion dollar company. I wonder what hope this company has in comparison when the inevitable paedoterrorphile links are portrayed in the media.

    1. Re: I wonder by Anonymous Coward · · Score: 1

      Simple, the UK is going to flood the internet with tor exit points. This is fucking stupid.

    2. Re:I wonder by Anonymous Coward · · Score: 0

      Tor is legal in the UK.

    3. Re: I wonder by Anonymous Coward · · Score: 0

      Exactly

      There will be No privacy

      Not in the US, the EU or the UK

    4. Re:I wonder by Anonymous+Brave+Guy · · Score: 1

      The government might not like it, but whether they can do much about it is another question. It would be difficult to draft a law that covered tools like this without causing significant collateral damage.

      Of more immediate practical interest might be that visitors from Tor tend to be restricted in what they can do online because there's a disproportionate risk of attacks, fraud, and other hostile actions. I expect the payment services we use flag traffic from Tor exit nodes as being higher risk, for example, which might make it more difficult to buy things online.

      --
      If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
    5. Re:I wonder by AmiMoJo · · Score: 1

      I regularly use a VPN on my phone and home connection, it's been fine in the UK. If anyone did request my ISP records they would just see a very long term connection to the VPN, although I suppose they could enable extra logging beyond what is legally required if they wanted to establish usage patterns.

      The problem with doing it on mobile is that it doesn't block the worst bit of tracking - location. The mobile providers log which cell towers your phone uses and signal strength, giving your approximate location. You can't do anything about it, it's how mobile networks work.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    6. Re:I wonder by fuzzyfuzzyfungus · · Score: 1

      There's also the issue(likely very significant in this case) that Tor does not (and doesn't claim to; and probably couldn't in principle, at least without significant redesign) protect you from endpoints inferring things about your traffic if it is interesting/identifiable in itself.

      The onion routing and encryption of your traffic as it gets passed between the intermediate nodes breaks trivial identification of the origin of the traffic and keeps the intermediate nodes in the dark; but the exit node [i]must[/i] have access to your traffic(potentially not plaintext if you are communicating with a site that uses TLS) in exactly the form that the server you are communicating with expects.

      If your traffic isn't intrinsically identifying; this is something to be aware of; but an improvement over the situation where the origin of your traffic is trivially available to everyone involved in getting it from source ot destination and back. If it is, though, Tor's protections get markedly less useful.

      Contemporary systems can be chatty enough on the PC side(one of the reasons why specialty distros are commonly recommended for Tor use); is anyone crazy enough to expect a smartphone, exemplar of post-privacy computing, to not shed identifying information right and left?

  3. DDoSing Tor? by HornWumpus · · Score: 1

    All your data? Is there a real point? If it succeeds, Tor fails.

    --
    John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
    1. Re:DDoSing Tor? by tlhIngan · · Score: 1

      All your data? Is there a real point? If it succeeds, Tor fails.

      Yeah, their network can't handle 3G speeds, so if they can send your data through Tor, you'd think it was Tor giving you crappy data speeds and not their data network.

      Thus they can offer LTE service at 2.5G speeds!

  4. Blaming Tor? by Anonymous Coward · · Score: 0

    Are people with Tor exit nodes still "people of interest"?

    1. Re:Blaming Tor? by Anonymous Coward · · Score: 0

      No, most of them are government agents.

  5. Rootable Phones by nnull · · Score: 1

    Let me root my phone and let me do what I want with my data please, thank you. I'm getting quite annoyed with the massive lock down of phones lately or they somehow completely gimp your phone if you do, like Sony's new phone where, sure you can root your phone, but your camera just takes green pictures.

    It's getting to the point where I don't even want a phone or tablet anymore. They all want to "Protect" me. But when that protection uploads crap to the cloud hosted in China without my consent (Samsung and Apple, I'm looking at you with your BS default upload to the cloud crap), I don't want your method of protection.

    1. Re:Rootable Phones by PReDiToR · · Score: 2

      Supporting SONY is a case of "no sympathy" because of their stance on DRM, locking their hardware down even after you've bought it off them, and the other million reasons this company should FOAD.

      There are very few companies to buy from in good conscience, in fairness to your purchasing decisions.

      --

      Do not meddle in the affairs of geeks for they are subtle and quick to anger
    2. Re:Rootable Phones by Anonymous Coward · · Score: 0

      Rooting a phone is the equivalent of Windows XP having admin users by default. It only takes a small hack for malware to get full access. Highly insecure. Most of the idiots who root their phones download software of the Internet that exploits security issues on their phones and install who knows what in the background

    3. Re: Rootable Phones by Anonymous Coward · · Score: 0

      Whatever you say shill.

  6. Just another tracking token by Anonymous Coward · · Score: 0

    You shouldn't trust Tor either, or your ISP. They are the problem that must be circumvented if there is to be any hope of a secure internet.

    1. Re:Just another tracking token by Anonymous Coward · · Score: 0

      My biggest gripe is with recruitment agencies "retained by the electronics and embedded industry" that have dodgy and murky dealings with defence companies, British MP's, who thing it is their god given right to contact you by social media and email whenever you send a CV directly to a company that interests you. All because they are snooping on your email like modern day East German Stasi agents.

      For some reason, incoming calls from the USA and Canada are barred... I tried getting the mobile phone company to find out the fault but they just got smug and smarmy about whether I still had problems roaming in the USA.

    2. Re: Just another tracking token by Anonymous Coward · · Score: 0

      So what? If it saves one life it's worth it. What do you have to hide?

    3. Re: Just another tracking token by Anonymous Coward · · Score: 0

      The question now is whether or not complete security and privacy are ever available on the internet.

      Governments and companies see the value in data, why would they ever let people free themselves?

      It's like taxing the people, even the united states does that now, why would they go back to their roots?

      What power hungry organizations ever give up power? They'll right to their dying breath, then they'll scorch the earth when they think they're going to lose.

      It's the very reason people fought to keep things contained from the beginning

  7. Run, Forrest, run! Run like the chickenshit you ar by Anonymous Coward · · Score: 1

    APK, you got caught lying when you denied saying hosts do port forwarding: http://hardware.slashdot.org/comments.pl?sid=12792965&cid=57521005.

    You got caught overstating the capabilities of hosts and now you're running like the chickenshit coward you are. You're not enough of a man to admit you lied, so you ran.

  8. Exit nodes are great for snooping by cyberisthenewpink · · Score: 1

    This is probably the stupidest idea ever Only traffic going to TOR network should go to TOR network. Going through TOR to browse internet etc is incredibly stupid. Exit nodes can be set up by anybody. Exit nodes can see ALL traffic flowing through them passively - there is absolutely no way to see if someone is intercepting the data on the fly. Even SSL/TLS protected connections are leaking connection metadata and so on.

    1. Re:Exit nodes are great for snooping by Repentinus · · Score: 2

      Exit nodes can see all the data going through them, but they do not know where that data originates from. If you use TLS on top of the Tor circuit, it is unlikely that the exit node can figure out who you are. To do so would require the exit node to also control your entry node and to run a sophisticated timing attack; unsurprisingly, Tor takes measures to guard against it. Exits are also regularly probed for malicious behaviour like traffic sniffing and banned from the network if caught doing that.

  9. Cloudflare Launches Security Service for Tor Users by Freshly+Exhumed · · Score: 1

    If only every site would look into activating this new Cloudflare-Tor solution:

    https://www.securityweek.com/c...

    It has to be activated on the server side, so if you're tired of endless ReCAPTCHA loops of fire hydrants, buses, stairs, chimneys, traffic lights, etc. etc. then ask the site(s) to enable it.

    --
    I deny that I have not avoided attaining the opposite of that which I do not want.
  10. Tor is already failing. by Anonymous Coward · · Score: 0

    Go look at how many different Tor nodes you actually connect to, especially if you use Tor Browser Bundle. There are maybe a few hundred common nodes, and particular ones see far more traffic than others (unless you filter out some region codes), Liberia and Luxembourg being two with the same IPs showing up constantly. Also common is 3 hops all through the same country. Tor only filters by /16s meaning that geoip lookups never filter same-region hops, allowing the possibility for all hops to be through one nation's compromised/hosted nodes. This is all ignoring Windows 10, Intel ME/AMD SP/ARM Trustzone, and compromised cellular devices. Each of these can completely compromise Tor's anonymity by itself, but when combined with only 3 hops (6 for hidden services), tags which can last a whole session or longer, Tor's odds of being compromised by 5 eyes broad surveillance establishment is significant.

    Don't trust my word for it, but at the same time don't trust the Tor Project's. They still get most of their money from government sources, and the majority of their projects have been heavily neglected when funds dry up. Most of their current job openings aren't even for developers, despite many of their projects haven't been undeveloped for 1-6 years. Tor Project is basically the Mozilla of the internet privacy world, and just as impotent with every year that passes. If you have the time, money, skills, or motivation, do your part to help, or start work on an alternative project. Every new option will make it that much harder to see the full picture, and given time and layers might finally regain some of the privacy we've been losing year by year, at least online.

    Tying this back to the grandparent post: All that these 'Tor friendly' phones will do is allow MI5/GCHQ to know these devices should be targetted for attack, and make it easier to focus on the cell phone compromises (or signing keys, if they already have them) necessary to backdoor these devices, allowing them to compromise not only their own traffic, but in the case of exit or relay nodes, compromise one layer of the onion towards deanonymizing all hops, if not the actual traffic carried within.

    1. Re:Tor is already failing. by Anonymous Coward · · Score: 0

      Whenever I bring up a dedicated server that I'm renting for either personal or work purposes, I'll throw a tor instance in a container and give it small but decent (anywhere from 10-200 mbits) amount of bandwidth, depending on how much the server actually needs for its actual task. Within a day, these instances are more or less using their maximum allotment of bandwidth 24/7. If tor seems to be "preferring" certain nodes, that's because they're in big data centers with decent interconnects and they can handle the traffic. On my home connection, it's a different story entirely. Connections are much more sporadic on my home internet.

  11. Unsure by Anonymous Coward · · Score: 0

    ISP Tests SIM Card That Forces ... but when the user don't want TOR becuase it painfully slow and then want go back to normal connection is forced to use a dual SIM phone or table? A switch to classic SIM, also.

  12. But how will the Jew control us all? by Anonymous Coward · · Score: 0

    If we have anonymous access to all the information on the internet, how will the lying Jew prevent people from researching the 'Holocaust' story for themselves, and finding out that it's all a huge LIE, that requires imprisonment of anybody who questions it, in order to keep existing?

    www.codoh.com

    Don't believe me, investigate it for yourself. Ask yourself why anybody who merely questions the 'Holocaust' story is put IN PRISON in many European countries - including 90 year old women. Gee... they must be such a threat to society...

  13. Re:Cloudflare :))))))))) by Anonymous Coward · · Score: 0

    if you're tired of endless ReCAPTCHA loops of fire hydrants, buses, stairs, chimneys, traffic lights, etc. etc. then ask the site(s) to enable it.

  14. that is going by sad_ · · Score: 1

    that is going to ruin tor for everybody, or at least everybody in the UK.

    --
    On a long enough timeline, the survival rate for everyone drops to zero.
  15. TOR is broken, why bother? by Anonymous Coward · · Score: 0

    And for quite a while...

    https://www.extremetech.com/extreme/211169-mit-researchers-figure-out-how-to-break-tor-anonymity-without-cracking-encryption

  16. Won't survive by Anonymous Coward · · Score: 0

    Mark my words. There is no way this project won't accidentally implode or disappear, or feature a hidden back door

  17. The government created it by raymorris · · Score: 1

    > The government might not like it

    The government created Tor.

    > there's a disproportionate risk of attacks, fraud, and other hostile actions. I expect the payment services we use flag traffic from Tor exit nodes as being higher risk, for example, which might make it more difficult to buy things online.

    True.

    1. Re:The government created it by Anonymous Coward · · Score: 0

      The government created Tor.

      The UK government (you know, the pertinent entity here) did NOT create Tor.

  18. Hello Captchas by Anonymous Coward · · Score: 0

    People using those phones will learn what the CloudFlare "One more step", "I am not a robot" screen is, and will enjoy solving the captchas that popup on 30% of the sites they visit.

    1. Re:Hello Captchas by wiretrip · · Score: 1

      Well they'll soon be very good at identifying chimneys, fire hydrants and buses :-)

  19. Re:Cloudflare Launches Security Service for Tor Us by Anonymous Coward · · Score: 0

    Asking every site owner on the world. Well that doesn't sound like tedious work. How many sites can there be on the internet after all, like 30-40?

  20. LOL by Anonymous Coward · · Score: 0

    Tor = slow as a turtle

    Tor on mobile = slower than 100 turtles

  21. SIMPLE TEST THAT SHUTS YOU UP...apk by Anonymous Coward · · Score: 0

    0.0.0.0 test1.com:53
    0.0.0.0 test2.com:53
    0.0.0.0 test1.com:53
    0.0.0.0 test2.com:53
    0.0.0.0 test1.com:53
    0.0.0.0 test2.com:53
    0.0.0.0 test1.com:53
    0.0.0.0 test2.com:53
    0.0.0.0 test1.com:53
    0.0.0.0 test2.com:53
    0.0.0.0 jowie.com
    0.0.0.0 jealous.com
    0.0.0.0 jowie.com
    0.0.0.0 test1.com:53
    0.0.0.0 test2.com:53
    0.0.0.0 test3.com
    0.0.0.0 test3.com
    0.0.0.0 borlnd.com
    0.0.0.0 tester.com

    * RUN THAT DATASET THRU MY PROGRAM & WHAT RESULTS COME OUT THAT HAVE A "PORT FILTER" ATTACHED?

    NONE!

    Only borlnd.com, tester.com, test3.com, jealous.com & jowie.com (last 2 are for YOU, lol) REMAIN (no filters on them)

    MY PROGRAM EVEN PREVENTS THAT MISTAKE!

    PK

    P.S.=> THIS PROVES MY PROGRAM'S OUTPUT DOES NOT ALLOW "PORT FILTERING" ENTRIES IN HOSTS as I said DESPITE you IMPERSONATING ME & LYING (already PROVEN YOU DO THAT c6gunner https://linux.slashdot.org/com... )... apk

  22. Good luck with some websites by Anonymous Coward · · Score: 0

    Some websites (eg Garmin) block access where the exit node is a Tor node. That's going to piss a lot of people off when things like Garmin Connect stop uploading fitness data etc.