privacy

Transparency, openness, and our 2012 financial docs

After completing the standard audit, our 2012 state and federal tax filings are available. Our 2012 Annual Report is also available. We publish all of our related tax documents because we believe in transparency. All US non-profit organizations are required by law to make their tax filings available to the public on request by US citizens. We want to make them available for all.

Part of our transparency is simply publishing the tax documents for your review. The other part is publishing what we're working on in detail. We hope you'll join us in furthering our mission (a) to develop, improve and distribute free, publicly available tools and programs that promote free speech, free expression, civic engagement and privacy rights online; (b) to conduct scientific research regarding, and to promote the use of and knowledge about, such tools, programs and related issues around the world; (c) to educate the general public around the world about privacy rights and anonymity issues connected to Internet use.

All of this means you can look through our source code, including our design documents, and all open tasks, enhancements, and bugs available on our tracking system. Our research reports are available as well. From a technical perspective, all of this free software, documentation, and code allows you and others to assess the safety and trustworthiness of our research and development. On another level, we have a 10 year track record of doing high quality work, saying what we're going to do, and doing what we said.

Internet privacy and anonymity is more important and rare than ever. Please help keep us going through getting involved, donations, or advocating for a free Internet with privacy, anonymity, and keeping control of your identity.

Transparency, openness, and our 2011 financial docs

After our standard audit, our 2011 state and federal tax filings are available. We publish all of our related tax documents because we believe in transparency. All US non-profit organizations are required by law to make their tax filings available to the public on request by US citizens. We want to make them available for all.

Part of our transparency is simply publishing the tax documents for your review. The other part is publishing what we're working on in detail. We hope you'll join us in furthering our mission (a) to develop, improve and distribute free, publicly available tools and programs that promote free speech, free expression, civic engagement and privacy rights online; (b) to conduct scientific research regarding, and to promote the use of and knowledge about, such tools, programs and related issues around the world; (c) to educate the general public around the world about privacy rights and anonymity issues connected to Internet use.

All of this means you can look through all of our source code, including our design documents, and all open tasks, enhancements, and bugs available on our tracking system. Our research reports are available as well. From a technical perspective, all of this free software, documentation, and code allows you and others to assess the safety and trustworthiness of our research and development. On another level, we have a 10 year track record of doing high quality work, saying what we're going to do, and doing what we said.

The world is moving towards new norms for reduced personal privacy and control. This makes anonymity all that more rare and valuable. Please help keep us going through getting involved, donations, or advocating for a free Internet with privacy, anonymity, and keeping control of your identity.

Activists in Iran and Syria targeted with malicious computer software

In February 2012 we learned that activists in Iran and Syria were targeted with two different types of malicious computer software. We received a copy of each malware, and Jonathan Tomek from ThreatGRID helped with the analysis.

How you get infected

The malicious software is spread as email attachments, and as files sent via Instant Messaging and Skype. The software looks like two completely harmless files; a Microsoft PowerPoint slide show and an image file. The malicious software will silently install itself on your computer when you open one of the files.

Malicious software, such as the two copies we analyzed, is normally designed to gather sensitive information and gain unauthorized access to a computer system. The seemingly harmless PowerPoint slide show turned out to be a keylogger, while the image file was really a backdoor, providing the attacker with full access to the system.

Both the keylogger and the backdoor will transfer data to www(dot)meroo(dot)no-ip(dot)org, on port 778. This domain name used to point to a server at a government-owned telecommunications company in Syria, but was later updated to point to a Linode server in London, UK. No-IP have since pointed the domain name to an invalid IP address (0.0.0.0).

Most anti-virus software will be able to detect and remove both the keylogger and the backdoor. You may try updating your anti-virus software, running it, and using it to remove the malware if anything pops up. However, the safest course of action is to re-install the operating system on your computer.

The EFF wrote a blog post called How to Find and Protect Yourself Against the Pro-Syrian-Government Malware on Your Computer. In the post, they recommend "that you take steps to protect yourself from being infected by not running any software received through e-mail, not installing software at all except over HTTPS, and not installing software from unfamiliar sources even if recommended by a pop-up ad or a casual recommendation from a friend.".

PowerPoint slide show: keylogger

When you first try to open the PowerPoint slide show, you will get a security warning asking if you really want to allow this file to run. The Name field points to the following executable file: C:\Program Files\Common Files\VMConvert32\wmccds.exe

If you ignore the warning and click Run, a self-extracting rar file will install the malware (the wmccds executable) onto your computer. The PowerPoint slide show will then open and you will see a series of images and some text in Farsi. The malware will not activate until you reboot your computer.

The first time you reboot, the malware will activate and start logging your keystrokes. If you are running Windows 7, you will see the same warning as mentioned above, and you have to click Run before the malware is actually activated. Older versions of Windows will not display this warning when you reboot.

The malware will modify the Windows startup script to ensure that the keylogger is always running when you are using the computer. The keylogger will affect your whole system, and it will even send the contents of your clipboard to the attacker. The Tor Browser Bundle does not protect you if you have a keylogger on your system.

Windows screen saver: backdoor

The Windows screen saver contains a type of malware that is a bit more complex than the one described above. When you run the Windows screen saver, it will start an image program and show you a picture (we saw a picture of a rifle, but that is not always the case). Meanwhile, the malicious software installs a backdoor onto your computer and opens a connection to www(dot)meroo(dot)no-ip(dot)org, using port 778.

The backdoor (1122333.exe in the Documents and Settings folder), which is similar to the DarkComet Remote Administration Tool, allows the attacker to connect to your computer and do anything that he or she wants, including logging keystrokes and acting as the system administrator. The malware will modify the Windows startup script to ensure that the connection is always open.

GSoC 2011: Metadata Anonymisation Toolkit

This is a guest blog from one of our 2011 Google summer of code students, jvoisin.

It's the end of the GSoC. It was a really nice experience, I learned a lot, met a lot of nice people on irc, and earned some money.

My project was to create a Metadata Anonymisation Toolkit (MAT), to improve privacy of online file publications. First, I heavily based my code on hachoir (a nice, but a slightly complex library), but now, must of the formats that the MAT supports do not use hachoir.
Despite several code restructuring and re-factorizations, silly ideas, re-implementations, and re-writing/... the MAT is living !

I made two big mistakes. The first being using python2.7, and pygobject. Neither of these were in Debian stable/tails, so I had to rewrite those parts.

MAP consists of a modular API (feel free to add support for other formats !), a command line interface, and a graphic user interface (powered by pygtk).

It was my first "serious" project in python, and I was the first surprised about the ~3000 lines of code I produced. I'm pretty proud of the "pdf processing part", and I'm sad about the setup.py/packaging part (that are the most ugly/dirty/painful things that I ever touched/coded ).

I'm still unhappy with my code/piece of software, so I'll continue to improve it, so expect great work in the future, such as an exiftool binding, watermark counter-measures, ..

Thank you mikeperry for being my mentor, thank you google for the amazing GSoC project, thank to every user that gave me feedback (and even more stuff to fix!), and special thanks to haypo, Mc2`, Kiri, intrigeri, bertagaz, Lunar^ and all #tails/#tor-dev !

Hope to see you next year.

Reading links, 15 April

Google Chrome Incognito Mode, Tor, and Fingerprinting

A few months back, I posted that we have been in discussion with Mozilla about improving their Private Browsing mode to resist fingerprinting and the network adversary. As I mentioned there, we have also been doing the same thing with Google for Google Chrome. Google has taken the same approach as Firefox for their Incognito mode, which means that it provides little to no protections against a network adversary.

This means that Chrome Incognito mode is not safe to use with Tor. read more »

Firefox Private Browsing Mode, Torbutton, and Fingerprinting

Last week, Peter Eckersley and I met with the Mozilla team in Mountain view to discuss web fingerprinting, privacy and Torbutton. I gave an updated version of my Torbutton Design talk, and Peter discussed Panopticlick. Mozilla was primarily interested in hearing about these projects in the context of their Private Browsing Mode, which they unveiled in Firefox 3.5. read more »

HTTPS Everywhere Firefox addon helps you encrypt web traffic

Today the EFF and the Tor Project are launching a public beta of a new Firefox extension called HTTPS Everywhere.

This Firefox extension was inspired by the launch of Google's encrypted search option. We wanted a way to ensure that every search our browsers sent was encrypted, including the search box and URL bar features. At the same time, we were also able to encrypt most or all of the browser's communications with other popular sites that support SSL, but don't provide it by default.

Our approach is based on the NoScript STS implementation, but is more expressive in the manner in which HTTPS-enforcing rules are written. read more »

EFF's Panopticlick and Torbutton

The EFF has recently released a browser fingerprinting test suite that they call Panopticlick. The idea is that in normal operation, your browser leaks a lot of information about its configuration which can be used to uniquely fingerprint you independent of your cookies.

Because of how EFF's testing tool functions, it has created some confusion and concern among Tor users, so I wanted to make a few comments to try to clear things up. read more »

Poland, Internet Censorship, and Tor

Over the past month I've been working with a few people from Poland. We are discussing how we can improve the impression of Tor in country. It seems a few people want to make all anonymity and privacy tools illegal; and tor is a well-known scapegoat. Thanks to the efforts of Paweł Wilk for writing a few sane articles about online privacy and Tor in particular.

Sywlia Presley of Global Voices writes up a great overview of the situation at http://globalvoicesonline.org/2010/01/10/poland-discussions-of-tor-and-i.... read more »

Syndicate content Syndicate content