If, however, there was an equal exploit that could be triggered on a Qubes user (ability to execute code on the local machine), exactly what protections are in place to prevent gathering their real external IP, MAC, and forwarding it off to the attacker?
Under Qubes, the Tor Browser (actually, all browsers) operates within its own hardware-enforced (both VT-x and VT-d) virtual machine ensuring that even privilege-escalated code would have no way to access the Internet except through Tor itself. It would have no access to real system settings or personal info, etc., unless for some odd reason you put them into that VM.
The system architecture is a series of VMs that have varying levels of risk assigned to them. Even the firewall, IP stack and X11 graphics (with attendant hardware drivers) run in their own separate VMs under Qubes, booted from a non-writeable system template.
The hypervisor itself is a desktop GUI disconnected from any networking devices.
We get a long list of complicated half-measures from 10 years ago, especially the idea of using Tor to access commercial email providers that like to capriciously ban Tor users.
If email metadata is such a concern (because metadata=data), then does it help all that much to have people try to adjust to using PGP? I don't think it does. Giving the wiretappers the Who and When (and even Subject) of our communications doesn't jibe with the underlying goal of stopping surveillance.
The only really good encryption in this environment is the kind that effectively encrypts the Who, When and everything else... and doesn't limit you to Web browsing the way Tor normally does. TAILS already recognized the value of using I2P for comprehensive privacy, which is why they started including it in their distro years ago. The "downside" is that the other end has to use I2P as well (but that ensures end-to-end encryption, so its also a big plus).
Tor is outdated and dangerous to use because it encourages illusions like: a) 1024bit encryption is 'enough'; b) an elect group of core nodes can provide cover for everyone else (I2P makes everyone a router); c) the insecurities of the whole everyday Internet and PCs can be rectified by installing a small app, and you don't have to make technical demands on people you're communicating with.
In short: Use I2P for communications (it has a DHT-based email system, and you can even torrent fully over it) and use it with an OS built for privacy and security like TAILS or Qubes. If the recent exploits against the Tor Browser had occurred against a Qubes user, there is no way they could have discovered the user's real address or other info. That, plus put a secure open source firmware on your routers (its been revealed that the NSA breaks into routers more than anything else; garden variety crooks will probably be following suit).
Its the threat that they can decide to make you "special" when and if it suits their cronies' prejudices and career prospects.
Do you think you are special?
We heard this kneejerk rejoinder all through the 2000s-- an attempt to stop critical thinking because it causes people like you too much cognitive dissonance. But that's the cop-out BS which landed us in the situation we have now.
You confuse "Linux for the Desktop" and "Desktops for Morons". A predictable result of your condition.
Harsh? Only if you believe it's not moronic to target "Desktop" as the sole purpose of Linux.
What a stupid response. Its a logical fallacy to suggest that I meant 'Linux' must be devoted solely to the Desktop.
Google had the right idea: Make necessary changes to the software stack, drilling all the way down into the kernel to make necessary changes. Then if the kernel folks refuse to see the value of the changes, threaten to fork the codebase. It worked for Android, and the sysadmins and tinkerers were no worse off.
And I'll go as far as to say Linus is a "Desktop Idiot". Like the kernel devs at any Microsoft or Apple, he hasn't a clue what it really takes to make a decent desktop platform. The rest of the folks at the Linux Foundation seem to struggle with the question in a manner that is both half-hearted and hamfisted.
The first rule for them should be not to shove piles of 'packages' bereft of vertical integration (and unifying design) at consumers... Do not throw the products of server-room culture at them and expect that to be more than good enough. Second, do not automatically defer to "upstream" when something needs to be fixed... take responsibility. Third, don't wait 8 years to offer a coherent SDK to app developers (yes... we know it took 8 years because it never occurred to LF for a long time, but from that we can conclude they're out of their depth). Fourth, do not expect a putsch to coat the above 'mis-givings' with candy-inspired graphics to solve the underlying problems.
Finally (because this is as far as I'll go right now), don't look to DRM schemes as a way to advance Linux within personal computing.
What to do:
* Feature-stability for both app developers (APIs) and consumers (GUI); Holistic design vertically integrating both, because your #1 job is to bring software authors and users together on the same predictable platform. * Make consumers feel like the GUI provides ultimate control over their hardware, even if that's not what they want to do most of the time. * Enable consumers to get software directly from whomever they want. * Run a hardware certification program with a logo that vendors can license.
No it is not. It's the other way around. Apple does not allow you access to the upgrade program and security fixes unless you give them personal information. They want their computer hacked, or they wouldn't place this huge and unnecessary barrier to upgrades. They know most people buy a new Mac when their old one becomes unusable so by not allowing security upgrades, they greatly increased the stream of people that will stand in long lines to give them cash.
Its garbage like this, and Apple's willingness to let the NSA spy on their customers 24/7 that has turned me away from OS X. Apple have gotten WAY too controlling to the point of being a menace to society.
I haven't read the review yet, but I'm going to bet that the issue of privacy was not covered more than glancingly (and zero references to mass surveillance).
You're right... the 'friends' element doesn't work at all for the applications they are supporting. The spies know the who + when of the packet delivery, which is most of the metadata they would collect anyway.
I2P makes everyone a router by default: A P2P principle which not only curbs the impulse to abuse other nodes, but attracts the widest background of re-routed packets in which to mix your own packets. Its got the best-available resistance against traffic analysis attacks, IMHO. And if VPN-like performance is desired for some applications, you can trade some anonymity for speed according to your comfort level.
The point isn't to interface with traditional email, but for I2P users to communicate amongst themselves without surveillance. IOW, get people you know to install it.
This is the IGT concept -- Intelligent Grouping Transportation -- that was advocated in the UK many years ago.
I think you're right. Americans only try new things if they directly heighten our tendency to become self-absorbed (or otherwise distracted or entertained).
Which email providers offer IMAP without using SSL?
Or does the NSA perform MitM extensively (it would be easy to detect - just keep copies of the certificates forever and create a white-list of proven certificates)
Recent revelations show the NSA can perform mitm against PKI at will. Within that context they can decrypt SSL traffic. You would have to implement SSL so that the key exchange does not rely on PKI for validation.
For one thing, your email domain is unlikely to be taken seriously by existing email providers if you run a server from your home (and consumer ISP plans won't let you do this anyway); running it from a hosting provider would hardly improve privacy even with encryption. The call to "encrypt everything" would, for email, imply using PGP which leaves the 'who' and subject parts of the messages unencrypted.
If you want to run something really effective against corporate-state mass surveillance, then go for this. Everything is encrypted end-to-end by default, and its designed to carry everything from P2P like bittorrent to decentralized email based on DHT. It even runs on Android!
Hypervisor desktop employing some of the more powerful hardware VM features found in newer processors to create a substantially more secure environment.
Keep in mind that if they decide your node IS worthy of being attacked, you won't have the resources to defend against every known and currently-unknown exploit, so you should assume you've already been compromised and mitigate accordingly.
If they think your node is worthy of attack, even a moderate defense will simply cause them to take it down or busy it up, such that users of interest move to another node.
That could ultimately be the thing that finally sends the rest of Tor's users to I2P: With Tor's opt-in relays, a P2P ethic does not take hold. With I2P there is more spreading of the network load, and someone wanting to DOS a node would have to at least contribute a lot more bandwidth back to the rest of the network (which has the side-effect of freeing up bandwidth for the node being attacked). Not contributing bandwith back creates the risk that other nodes will stonewall you... its not unlike bittorrent in that respect (and is the main reason why bittorrent works fully on I2P).
IMO, its all about the future leaks. With years of 1024bit weakly-encrypted Tor traffic stored in NSA data centers, you can be sure that a very large cover will be blown off past Tor activity. The fact that Tor remains somewhat centralized will contribute to the crypanalysis effort against it, probably causing Tor to lose credibility sooner than people think. Tor is switching to 2048bit encryption (which I2P moved to long ago), though I can't imagine the old data will last more than another 5 years.
What I see now is a disturbing trend of irresponsible lawbreaking, under the banner of "protesting".
Copyright infringement was only recently criminalized. Now its like the war on drugs only with 10X the potential for persecution.
Bradley Manning could have released his information in small quantities to human rights advocates.
Small is a relative term, especially in view of the gargantuan apetite government and large corporations developed for our personal information. And anyway, Manning approached papers like the New York times but they weren't interested in handling the info until there was a whipping boy (Wikileaks) between them and the federal government.
Mandrake was an excellent France-based distrubution many years ago. But the users ran to Ubuntu when the distro were sued over the "Mandrake" name and changed it to the unsexy "Mandriva". Ubuntu had naked people in their marketing at the time.
With modern Linux distributions you don't have to ever touch a terminal anymore than you do on a Mac - which for me is a lot because I'm a nerd but you catch my drift. Systems "just work" and installing software is no more difficult than looking for what you need in an "app store" just like on a phone.
I use Ubuntu and OSX every day and take exception to this. For 5 months, Ubuntu 13.04 lost the ability to accept external USB keyboard input on the unlock screen after waking from sleep on a laptop... I had to keep opening the laptop to use the built-in keyboard, or change to the user-switching screen to get back to the desktop.
Sh!t like that never breaks on OSX and Windows. Those OS's respect that the user needs the basic IO of the user interface (graphics, keyboard, mouse, audio) to stay rock solid. On Linux, only the wired NIC stays rock solid... a stark reminder its still a server OS with server-room priorities.
Audio is still problematic for Linux users from time to time, and bluetooth audio is still a complete mess... barely usable and requiring periodic system restarts to keep it working.
A fresh non-OEM install of either Windows or Ubuntu on a random PC will usually result in slightly more features working in Ubuntu than Windows. But the remedy in Ubuntu for the non-working stuff involves CLI work, whereas in Windows you can go to the system mfg website and download and install needed drivers using the mouse. OSX and Windows both let you get add-on hardware working by downloading drivers from each peripheral mfg website and install using a mouse. Also, some of the stuff that "just works" will not work correctly because the driver's default values aren't correct for the particular implementation of the chip family in question... more CLI work.
What has changed for the better since Ubuntu's introduction is graphics stability... after many years they finally got graphics to stop mysteriously disappering. Audio is marginally better than it used to be. IMO, that's insufficient progress.
BTW, Gnome 3 (actually, the loss of Gnome 2) was THE reason I had to move a couple users back to Windows. You should have those pom-poms bronzed, cheerleader.
Such modding cowardice. I don't know why I expect better...
Ha ha ha... USA is "policeman to the world". The rules that apply to the US government allow the US to spy on Irish citizens. Perhaps you think that is no concern in Ireland, but you would be a fool to think so.
Plenty has changed. Its possible, with an IP replacement like I2P, to have a network of strong identitities that, nevertheless, start out as anonymous unknowns.
The identity/address cannot be subverted (without breaking into the user's system) and the user can then reveal personal details according to their need or comfort level. They can even do full 'out of band' verification, if its desirable to do so, only with people the user chooses to trust.
I2P-Bote: Decentralized / anonymized email based on DHT
Tahoe-LAFS on I2P: Decentralized and anonymous file storage
Syndie on I2P: Decentralized and anon blog
and
I2P itself: A general replacement for IP. Like a cross between Tor and bittorrent, where everyone is expected to contibute to bandwidth and so reduce the centralization (and opportunity for attacks) as much as possible and expand the approved uses to anything (instead of just web browsing).
Take away the centralized power of the ISP and government to monitor and control every aspect of your online life.
Slashdot Mirror
If, however, there was an equal exploit that could be triggered on a Qubes user (ability to execute code on the local machine), exactly what protections are in place to prevent gathering their real external IP, MAC, and forwarding it off to the attacker?
Under Qubes, the Tor Browser (actually, all browsers) operates within its own hardware-enforced (both VT-x and VT-d) virtual machine ensuring that even privilege-escalated code would have no way to access the Internet except through Tor itself. It would have no access to real system settings or personal info, etc., unless for some odd reason you put them into that VM.
The system architecture is a series of VMs that have varying levels of risk assigned to them. Even the firewall, IP stack and X11 graphics (with attendant hardware drivers) run in their own separate VMs under Qubes, booted from a non-writeable system template.
The hypervisor itself is a desktop GUI disconnected from any networking devices.
We get a long list of complicated half-measures from 10 years ago, especially the idea of using Tor to access commercial email providers that like to capriciously ban Tor users.
If email metadata is such a concern (because metadata=data), then does it help all that much to have people try to adjust to using PGP? I don't think it does. Giving the wiretappers the Who and When (and even Subject) of our communications doesn't jibe with the underlying goal of stopping surveillance.
The only really good encryption in this environment is the kind that effectively encrypts the Who, When and everything else... and doesn't limit you to Web browsing the way Tor normally does. TAILS already recognized the value of using I2P for comprehensive privacy, which is why they started including it in their distro years ago. The "downside" is that the other end has to use I2P as well (but that ensures end-to-end encryption, so its also a big plus).
Tor is outdated and dangerous to use because it encourages illusions like: a) 1024bit encryption is 'enough'; b) an elect group of core nodes can provide cover for everyone else (I2P makes everyone a router); c) the insecurities of the whole everyday Internet and PCs can be rectified by installing a small app, and you don't have to make technical demands on people you're communicating with.
In short: Use I2P for communications (it has a DHT-based email system, and you can even torrent fully over it) and use it with an OS built for privacy and security like TAILS or Qubes. If the recent exploits against the Tor Browser had occurred against a Qubes user, there is no way they could have discovered the user's real address or other info. That, plus put a secure open source firmware on your routers (its been revealed that the NSA breaks into routers more than anything else; garden variety crooks will probably be following suit).
Its the threat that they can decide to make you "special" when and if it suits their cronies' prejudices and career prospects.
Do you think you are special?
We heard this kneejerk rejoinder all through the 2000s-- an attempt to stop critical thinking because it causes people like you too much cognitive dissonance. But that's the cop-out BS which landed us in the situation we have now.
Chickenshit apologists, take a backseat.
Really? It's not like the US and UK export all that many products. Boycotts are almost always a waste of time.
Um, we're not talking about washing machines here. Ever hear of Cisco?
You confuse "Linux for the Desktop" and "Desktops for Morons". A predictable result of your condition.
Harsh? Only if you believe it's not moronic to target "Desktop" as the sole purpose of Linux.
What a stupid response. Its a logical fallacy to suggest that I meant 'Linux' must be devoted solely to the Desktop.
Google had the right idea: Make necessary changes to the software stack, drilling all the way down into the kernel to make necessary changes. Then if the kernel folks refuse to see the value of the changes, threaten to fork the codebase. It worked for Android, and the sysadmins and tinkerers were no worse off.
But it *did* take a threat to get there.
And I'll go as far as to say Linus is a "Desktop Idiot". Like the kernel devs at any Microsoft or Apple, he hasn't a clue what it really takes to make a decent desktop platform. The rest of the folks at the Linux Foundation seem to struggle with the question in a manner that is both half-hearted and hamfisted.
The first rule for them should be not to shove piles of 'packages' bereft of vertical integration (and unifying design) at consumers... Do not throw the products of server-room culture at them and expect that to be more than good enough. Second, do not automatically defer to "upstream" when something needs to be fixed... take responsibility. Third, don't wait 8 years to offer a coherent SDK to app developers (yes... we know it took 8 years because it never occurred to LF for a long time, but from that we can conclude they're out of their depth). Fourth, do not expect a putsch to coat the above 'mis-givings' with candy-inspired graphics to solve the underlying problems.
Finally (because this is as far as I'll go right now), don't look to DRM schemes as a way to advance Linux within personal computing.
What to do:
* Feature-stability for both app developers (APIs) and consumers (GUI); Holistic design vertically integrating both, because your #1 job is to bring software authors and users together on the same predictable platform.
* Make consumers feel like the GUI provides ultimate control over their hardware, even if that's not what they want to do most of the time.
* Enable consumers to get software directly from whomever they want.
* Run a hardware certification program with a logo that vendors can license.
Its garbage like this, and Apple's willingness to let the NSA spy on their customers 24/7 that has turned me away from OS X.
So what evidence is there that Apple has been willing to let the NSA spy on their customers _ever_?
Here: http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/images/prism-slide-5.jpg ...from http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/
No it is not. It's the other way around. Apple does not allow you access to the upgrade program and security fixes unless you give them personal information. They want their computer hacked, or they wouldn't place this huge and unnecessary barrier to upgrades. They know most people buy a new Mac when their old one becomes unusable so by not allowing security upgrades, they greatly increased the stream of people that will stand in long lines to give them cash.
Its garbage like this, and Apple's willingness to let the NSA spy on their customers 24/7 that has turned me away from OS X. Apple have gotten WAY too controlling to the point of being a menace to society.
I haven't read the review yet, but I'm going to bet that the issue of privacy was not covered more than glancingly (and zero references to mass surveillance).
You're right... the 'friends' element doesn't work at all for the applications they are supporting. The spies know the who + when of the packet delivery, which is most of the metadata they would collect anyway.
I2P makes everyone a router by default: A P2P principle which not only curbs the impulse to abuse other nodes, but attracts the widest background of re-routed packets in which to mix your own packets. Its got the best-available resistance against traffic analysis attacks, IMHO. And if VPN-like performance is desired for some applications, you can trade some anonymity for speed according to your comfort level.
The point isn't to interface with traditional email, but for I2P users to communicate amongst themselves without surveillance. IOW, get people you know to install it.
This is the IGT concept -- Intelligent Grouping Transportation -- that was advocated in the UK many years ago.
I think you're right. Americans only try new things if they directly heighten our tendency to become self-absorbed (or otherwise distracted or entertained).
Which email providers offer IMAP without using SSL?
Or does the NSA perform MitM extensively (it would be easy to detect - just keep copies of the certificates forever and create a white-list of proven certificates)
Recent revelations show the NSA can perform mitm against PKI at will. Within that context they can decrypt SSL traffic. You would have to implement SSL so that the key exchange does not rely on PKI for validation.
For one thing, your email domain is unlikely to be taken seriously by existing email providers if you run a server from your home (and consumer ISP plans won't let you do this anyway); running it from a hosting provider would hardly improve privacy even with encryption. The call to "encrypt everything" would, for email, imply using PGP which leaves the 'who' and subject parts of the messages unencrypted.
If you want to run something really effective against corporate-state mass surveillance, then go for this. Everything is encrypted end-to-end by default, and its designed to carry everything from P2P like bittorrent to decentralized email based on DHT. It even runs on Android!
Hypervisor desktop employing some of the more powerful hardware VM features found in newer processors to create a substantially more secure environment.
Keep in mind that if they decide your node IS worthy of being attacked, you won't have the resources to defend against every known and currently-unknown exploit, so you should assume you've already been compromised and mitigate accordingly.
If they think your node is worthy of attack, even a moderate defense will simply cause them to take it down or busy it up, such that users of interest move to another node.
That could ultimately be the thing that finally sends the rest of Tor's users to I2P: With Tor's opt-in relays, a P2P ethic does not take hold. With I2P there is more spreading of the network load, and someone wanting to DOS a node would have to at least contribute a lot more bandwidth back to the rest of the network (which has the side-effect of freeing up bandwidth for the node being attacked). Not contributing bandwith back creates the risk that other nodes will stonewall you... its not unlike bittorrent in that respect (and is the main reason why bittorrent works fully on I2P).
IMO, its all about the future leaks. With years of 1024bit weakly-encrypted Tor traffic stored in NSA data centers, you can be sure that a very large cover will be blown off past Tor activity. The fact that Tor remains somewhat centralized will contribute to the crypanalysis effort against it, probably causing Tor to lose credibility sooner than people think. Tor is switching to 2048bit encryption (which I2P moved to long ago), though I can't imagine the old data will last more than another 5 years.
And that's putting it gently.
What I see now is a disturbing trend of irresponsible lawbreaking, under the banner of "protesting".
Copyright infringement was only recently criminalized. Now its like the war on drugs only with 10X the potential for persecution.
Bradley Manning could have released his information in small quantities to human rights advocates.
Small is a relative term, especially in view of the gargantuan apetite government and large corporations developed for our personal information. And anyway, Manning approached papers like the New York times but they weren't interested in handling the info until there was a whipping boy (Wikileaks) between them and the federal government.
Its self-defeating if people don't know about it or use it.
Mandrake was an excellent France-based distrubution many years ago. But the users ran to Ubuntu when the distro were sued over the "Mandrake" name and changed it to the unsexy "Mandriva". Ubuntu had naked people in their marketing at the time.
With modern Linux distributions you don't have to ever touch a terminal anymore than you do on a Mac - which for me is a lot because I'm a nerd but you catch my drift. Systems "just work" and installing software is no more difficult than looking for what you need in an "app store" just like on a phone.
I use Ubuntu and OSX every day and take exception to this. For 5 months, Ubuntu 13.04 lost the ability to accept external USB keyboard input on the unlock screen after waking from sleep on a laptop... I had to keep opening the laptop to use the built-in keyboard, or change to the user-switching screen to get back to the desktop.
Sh!t like that never breaks on OSX and Windows. Those OS's respect that the user needs the basic IO of the user interface (graphics, keyboard, mouse, audio) to stay rock solid. On Linux, only the wired NIC stays rock solid... a stark reminder its still a server OS with server-room priorities.
Audio is still problematic for Linux users from time to time, and bluetooth audio is still a complete mess... barely usable and requiring periodic system restarts to keep it working.
A fresh non-OEM install of either Windows or Ubuntu on a random PC will usually result in slightly more features working in Ubuntu than Windows. But the remedy in Ubuntu for the non-working stuff involves CLI work, whereas in Windows you can go to the system mfg website and download and install needed drivers using the mouse. OSX and Windows both let you get add-on hardware working by downloading drivers from each peripheral mfg website and install using a mouse. Also, some of the stuff that "just works" will not work correctly because the driver's default values aren't correct for the particular implementation of the chip family in question... more CLI work.
What has changed for the better since Ubuntu's introduction is graphics stability... after many years they finally got graphics to stop mysteriously disappering. Audio is marginally better than it used to be. IMO, that's insufficient progress.
BTW, Gnome 3 (actually, the loss of Gnome 2) was THE reason I had to move a couple users back to Windows. You should have those pom-poms bronzed, cheerleader.
Such modding cowardice. I don't know why I expect better...
Ssshhh! Don't you know the first rule of i2p?
The first rule of I2P is the more people use it, the more secure they are.
Ha ha ha... USA is "policeman to the world". The rules that apply to the US government allow the US to spy on Irish citizens. Perhaps you think that is no concern in Ireland, but you would be a fool to think so.
This is so beyond the USSR or East Germany.
Plenty has changed. Its possible, with an IP replacement like I2P, to have a network of strong identitities that, nevertheless, start out as anonymous unknowns.
The identity/address cannot be subverted (without breaking into the user's system) and the user can then reveal personal details according to their need or comfort level. They can even do full 'out of band' verification, if its desirable to do so, only with people the user chooses to trust.
Use I2P. Then its all just encrypted P2P traffic.
It should come with I2P like TAILS does:
I2P-Bote: Decentralized / anonymized email based on DHT
Tahoe-LAFS on I2P: Decentralized and anonymous file storage
Syndie on I2P: Decentralized and anon blog
and
I2P itself: A general replacement for IP. Like a cross between Tor and bittorrent, where everyone is expected to contibute to bandwidth and so reduce the centralization (and opportunity for attacks) as much as possible and expand the approved uses to anything (instead of just web browsing).
Take away the centralized power of the ISP and government to monitor and control every aspect of your online life.