Tor Open Hack Day in Berlin (for everyone)

Hello!

We are very happy to tell you that the Tor meeting in Berlin is currently underway!

During the past days we've been busy discussing the future of Tor as an organization and designing the protocols and features that we want to see in the future.

We would like to inform you that tomorrow (Thursday, October 1st) we will be
having an open day where everyone is welcome to come and discuss Tor
with us. People interested in Tor are welcome regardless of their
background or skills.

The meeting is taking place at Betahaus in Berlin all day, and you can find more information in the wiki.

Looking forward to see you here!

Thank you!

Anonymous

October 01, 2015

Permalink

that 's great but tor is a local American app.
is tor a democracy test or a weapon/tool:argument for rogues states ?
************************************************************
how could we help each other as tor users _ tor relay, free dns server, tip & tricks traveling abroad, mesh network, free secure spot wifi, hidden service, library-project outside of america (both) etc. ?
************************************************************
stack exchange is full of stupid & intolerant & absurd q/r. _ like the right answer is never accepted so it is monitored ...
it seems that updating pgpkey through tor brings some problem (desktop-app_parcimonie).
ricochet has not yet been audited.
hidden service must be more opened at underground project_ we need to know how to do a lot of things ... and create our own privacy building our project without to be concerned by the idea of 'illegal:prohibited etc".
************************************************************
about the 49 amelioration whom spoke sir snowden, what will you add on it about tor ?
a web mail has never been a conception with the idea of privacy or anonymity in mind , and free pgp support are too rare (except startmail-not audited _ i do not know another) : do you intend on help at this implementation for our free tor web mail ?
************************************************************
does exist a special tor router:isp:phone company ?
where are the boss and the elected people in this battle ?
************************************************************
thx.

Anonymous

October 01, 2015

Permalink

People who work as cyberspooks at sites like Dagger Complex are at high risk for health problems, including depression, brought on by the unethical nature of work which frequently results in the death of innocent persons including children in places like Syria. News stories such as the following two recent examples offer some hint of toll dragnet surveillance exacts upon USIC employees.

https://theintercept.com/2015/09/28/death-athens-rogue-nsa-operation/
Did a Rogue NSA Operation Cause the Death of a Greek Telecom Employee?
James Bamford
29 Sep 2015

https://theintercept.com/2015/09/25/gchq-radio-porn-spies-track-web-use…
From Radio to Porn, British Spies Track Web Users’ Online Identities
Ryan Gallagher
25 Sep 2015

Fortunately, help is at hand. A new initiative based in Darmstadt called IntelExit hopes to help spooks exit the agencies and find productive employment doing truly good deeds such as helping to resettle Syrian refugees, or using their spook skills to organize freedom highways to havens which have proven unwilling to accept their fair share. See

http://www.slate.com/blogs/future_tense/2015/09/30/intelexit_for_nsa_su…
“Listen to Your Heart, Not Private Phone Calls.”
Andy Greenberg
30 Sep 2015

"Support groups help cult and gang members break free of their former lives. Alcoholics and Narcotics Anonymous help addicts overcome their dependencies. And now one group of privacy campaigners wants to offer its target audience an escape route for what it sees as a equally insidious trap: Their jobs working for intelligence agencies like the National Security Agency."

Anonymous

October 01, 2015

Permalink

An interesting recent exchange at Tor StackExchange appears to suggest that

* a former high level NSA official, a 41 year veteran who now writes opinion pieces defending NSA surveillance, is using Tor (Orbot)
* UK's National Crime Agency is spying on said official

https://tor.stackexchange.com/users/9376/richard-george
http://www.ists.dartmouth.edu/events/careernsajuly2011.html
http://www.rsaconference.com/events/us13/agenda/sessions/290/life-as-a-…

Note

* similar interests in "information assurance" and Tor
* very different writeprints

@ Stylometrists (Rachel?): do you concur?

@ Pranksters: points for effort, but can you make a better Markov model of the real Richard George?

The StackExchange link is not to an exchange, but rather a user. Looking at that user's content, it looks like a person who knows nothing, and it appears to suggest nothing.

And who is this person I keep hearing about on these blog comments, and why is that person continually being called out by name?

Anonymous

October 02, 2015

Permalink

Here are some article that seem to support the notion that the Internet may soon be limited / regulated / censored, or even shutdown!

Microsoft Proposes Government Licensing Internet Access
Rockefeller Wants Government to Shut Down Fox and MSNBC
Rockefeller: Internet is "Number One National Hazard"
Censoring the Internet: A Collection of Essential Links
The 19 Senators Who Voted To Censor The Internet
Lieberman Has Power To Shut Down Websites With A Phone Call
FCC Push to Sovietize Broadcast Media in America
Wave goodbye to Internet freedom
AT&T´s broadband data caps start today
EU signs ACTA, global internet censorship treaty
March 1st (2012) Google & You Tube Changes Affect YOU
ACTA is worse than SOPA, here´s what you need to know
Senate cybersecurity bill mirrors Russian Internet agenda
Is Obama´s Cybersecurity Executive Order Imminent
Tech Guru Warns Of Internet "Disaster"
DARPA Wants a Searchable Database of All Your Conversations
Russian Cyberspace Head Calls For Internet Kill Switch

It's worse.

Driver’s licenses for the Internet
http://business.time.com/2010/01/30/drivers-licenses-for-the-internet/

"I can hear the worldwide scream go up: “But we’re entitled to anonymity on the Internet!” Really? Are you? Why do you think that?"

The National Strategy for Trusted Identities in Cyberspace
https://www.whitehouse.gov/sites/default/files/rss_viewer/NSTICstrategy…

"The public and private sector will use awareness and education programs to encourage demand for the Identity Ecosystem"

"Objective 3.2: Identify other means to drive widespread adoption of the Identity Ecosystem.

All levels of government can assist the private sector by helping to jumpstart the adoption of the Identity Ecosystem, ensuring that it becomes widespread enough to be self-sustaining In order to provide this jumpstart, all levels of government should work with the private sector to help identify economic incentives to encourage private-sector adoption of the Identity Ecosystem The Federal Government will also align identity solution requirements in existing programs against the Identity Ecosystem Finally, the Federal Government will evaluate regulatory changes as necessary."

Your Internet Driver's License
http://blog.codinghorror.com/your-internet-drivers-license/

"Personally, I prefer to be the change I want to see. So for us, on Stack Overflow and the Stack Exchange network, that means aggressively promoting the concept of the Internet Driver's License. Including educating users as necessary."

Call It Your Online Driver’s License
http://www.nytimes.com/2011/09/18/business/online-id-verification-plan-…

"The Open Identity Exchange, a group of companies including AT&T, Google, Paypal, Symantec and Verizon, is helping to develop certification standards for online identity authentication; it believes that industry can address privacy issues through self-regulation."

The White House Wants to Issue You an Online ID
http://motherboard.vice.com/read/the-white-house-wants-to-issue-you-an-…

"you have to wonder how much longer people are going to put up with standing in line at the DMV for four hours to hand a teller (with a taxpayer-paid salary) a copy of your birth certificate and piece of mail to prove you are you."

Are You Ready for a Driver’s License for the Internet?
http://www.govtech.com/security/Drivers-License-for-the-Internet.html

Rob Enderle said, "There have to be some penalties involved for not doing it. I think after a couple major breaches where the liability is passed to the organization that didn’t properly assure the identities of the people that were accessing it, that motivation will probably drop into place."

"Proposed legislation in the United Kingdom shows that the market is demanding better authentication online, not just to curtail fraud, but to restrict access to certain content."

US Government Begins Rollout Of Its 'Driver's License For The Internet'
https://www.techdirt.com/articles/20140503/04264427106/us-government-be…

"Unlike corporations, citizens won't be allowed the luxury of opting out. This "internet driver's license" may be the only option the public has to do things like renew actual driver's licenses or file taxes or complete paperwork that keeps them on the right side of federal law."

There is definitely a push on to strip the last vestiges of internet anonymity from us.

Creepy Facebook is one of the organisations at the forefront of this assault on our privacy.

Anti-privacy Facebook demands 'Real ID'. You will also find that more and more sites are using Facebook for on-line 'verification'. On some sites you don't register with the site; you register through Facebook.

It's is amazing that anyone is still using Facebook - as creepy as it comes!

Anonymous

October 02, 2015

Permalink

I am an atheist and secular bloger from Iran.
mor thanks for Tor developers.
viva freedom.

Anonymous

October 02, 2015

Permalink

Please help! How can i open an facebook account without phone nr. over the TOR-Browser? Best Regards, John

Anonymous

October 04, 2015

Permalink

Would love to see work done toward's making Tor easier for people in first world nations to use. Then hopefully popularity would rise, then infastructure would soon also increase.

Also would love to see implementations on creating bridges between the Tor network and other anonymity networks like I2P.

Anonymous

October 04, 2015

Permalink

The Tor Project should have a plan on what to due in the event of new legislation banning traddional tool that pirates use, occurs. This action would end up creating a flood of new Tor users using the service for torrenting. Torrenting cannot be banned by Tor for various reasons like how for some activists that's the only way they can share and receive content, so maybe some new system inside the Toe protocals should be setup for more resource intensive Tor usage?

BitTorrent isn't anonymous over Tor because the BitTorrent protocol announces users' IP addresses.

If things got to the point where peer-to-peer networks were criminalized, that would be a sign that he people no longer had anything resembling political freedom.

Anonymous

October 05, 2015

Permalink

> People who work as cyberspooks at sites like Dagger Complex are at high risk for health problems, including depression, brought on by the unethical nature of work which frequently results in the death of innocent persons including children in places like Syria.

In a tragic but not unexpected development, the USG has dramatically underscored its increasing antipathy for human rights work and medical aid work in impoverished war-torn regions by bombing a MSF (DWB) charity hospital in Kunduz, Afghanistan, killing 7 patients, including 3 children and 5 patients in the ICU who were burned alive in their beds. The strike also killed 9 medical staff and injured 19 (five critically), and injured 18 patients and visiting family members.

http://www.msf.org.uk/article/afghanistan-msf-staff-killed-and-hospital…
Afghanistan: MSF staff killed and hospital partially destroyed in Kunduz

http://www.slate.com/blogs/the_slatest/2015/10/03/u_s_airstrike_on_afgh…
U.S. Airstrike on Doctors Without Borders Hospital in Afghanistan Kills at Least 19
Daniel Politi
3 Oct 2015

https://theintercept.com/2015/10/03/one-day-after-warning-russia-of-civ…
One Day After Warning Russia of Civilian Casualties, the U.S. Bombs a Hospital in Afghanistan
Glenn Greenwald
3 Oct 2015

http://www.slate.com/blogs/the_slatest/2015/10/04/doctors_without_borde…
Doctors Without Borders Says U.S. May Have Committed War Crime
Daniel Politi
4 Oct 2015

http://www.reuters.com/article/2015/10/04/us-afghanistan-attack
U.S. investigating air strike near Afghan hospital that killed 19
Hamid Shalizi and Andrew MacAskill
3 Oct 2015

Perhaps the most tragic consequence in the short term is that MSF has been forced to close what remains of this hospital, depriving residents of the only advanced medical facility in the area.

The Dagger Complex is deeply involved in aerial targeting by the US military and its allies, although it is not yet clear whether analysts there played any role in the Kunduz hospital strike.

In the context of the Congressional debate over "information sharing", a key point about this event is that MSF did everything in its power to inform the US military about the precise location of its hospital, but either this information was not shared with the person who ordered the strike (reinforcing the impression that information sharing is designed only to harm ordinary people, never to help them), or else the USAF knowingly bombed an active hospital.

Retired USAF Gen. Dunlop has rushed to attack MSF supporters who have characterized the bombing as war crime, which it certainly is. Two choices: war crime by criminal negligence, or war crime by intentional targeting of a fully functioning hospital. But it is easy to guess that no US court martials will result from this tragedy. Perhaps it is time for the Hague to contemplate a little extraordinary rendition of its own?

http://thehill.com/blogs/pundits-blog/defense/255927-lets-get-facts-on-…
October 05, 2015, 12:01 pm
Let's get facts on Afghan hospital incident before declaring a war crime
Charles J. Dunlap Jr.

Dunlop should have used his bully pulpit in The Hill to acknowledge that only TRUE heroes in the early twenty-first century are the medical aid workers and human rights workers who put their own lives at great risk in order to assist trapped populations in some of the most dangerous regions of the world. They receive neither praise nor medals nor injury compensation from their governments--- those perks are reserved for the bombers and targeters.

Meanwhile Pres. Putin, Pres. Assad, and ISIL all appear to be vying with Pres. Obama for the title of "Leader of the GWOP" (Global War on People):

http://www.theguardian.com/world/2015/oct/02/people-are-angry-and-boili…
'People are angry and boiling': Syrians tell of Russian airstrikes
Terrorised for years by crude barrel bombs launched by Assad regime, those in rebel-held territories now face more precise, but destructive Russian weapons
Kareem Shaheen
2 Oct 2015

As suitable artistic commentary, we suggest Prokofiev's bitter Sixth Symphony.

Anonymous

October 05, 2015

Permalink

> Senate cybersecurity bill mirrors Russian Internet agenda

It is instructive to compare SORM and CISA in detail. They might have been authored by the same people. And in a sense they were. CISA was written by corporate lobbyists who recently benefited (think USBs stuffed with cryptocurrency) from the recent visit of a huge Chinese delegation.

The current global conflict is between People everywhere and the spooks who have captured governments everywhere, or rather the point oh oh one per cent whose interests are served by the spooks.

The concept of "nation-state" and "rule of law" only applies to the 99%: the people who write the laws work for the point oh oh one per cent, who recognize neither nations nor laws.

Back in June, the AP confirmed what privacy advocates have long alleged: that the FBI operates a huge fleet of spy planes throughout the US, which sometimes carry DRT boxes (those are NSA's supercharged IMSI catchers, Stingrays on steroids). And the Hacking Team leak revealed that Boeing subsidiary Insitu is planning to sell to US police a new generation of surveillance and targeting drones equipped with similar malware-serving capabilities to NSA drones used in countries such as Norway, Syria and Afghanistan to infect the phones of virtually every citizen.

As a striking illustration of the utter corruption of governments everywhere, with USG blessing, it has been quietly announced that China is now outfitting its own fleet of spy planes in the USA. It is not clear where these will be used, but the Chinese government already operates SIGINT planes based in US civilian airports, apparently with the blessing of the USG.

There could be no better illustration of the fact that US spooks are continuing to turn a blind eye to Chinese snooping, in order to divert the attention of the People from the fact that they are busy doing exactly the same things. The true nature of the recent US-China "cybersecurity agreement": you spy on your dissidents wherever you can find them, and we'll do the same. The only beneficiaries: the one percent, who are terrified by dissent. whether the one percenters formally hold Chinese or US citizenship is immaterial.

Listen for the latest buzzword: "resiliency". This is a code word for an issue of great concern to the one percent: how to convert the restless masses into happy serfs content with their subservient and degraded status. DARPA is even speculating about genetic modifications to attain this goal.

It is becoming increasingly difficult to deny the essential truth of the stark warning issued some years ago by ethicist T. J. Kaczynski (the only American philospher of any importance): technology will be the death of us.

> Microsoft Proposes Government Licensing Internet Access

Also exactly what Russia and China have done.

> DARPA Wants a Searchable Database of All Your Conversations

This is a typical illustration of the inappropriateness of the Tor Project accepting funds tied to DARPA.

See also GCHQ's "SAMUEL PEPYS" database, which has been operational for years. That focuses on "diarizing" all internet activity by anyone who ever ventures online, but DARPA is working hard to extend this to all conversations, including conversations conducted in the "privacy" of our homes.

Own or rent a set-top cable box? Digital Signal Technologies, the NSA company which makes the DRT box, also makes an extensive range of equipment which can silently turn many set-top cable boxes into in home audio-video surveillance bugs. They are hard at work on traducing the Internet of Things for similar applications. Google and friends are not happy about this, but recent experience strongly suggests they will be unable to foil the latest spookery.

The long cherished spook dream of completely eradicating privacy, even inside American homes, may be close to realization. Thanks to NSA.

A warning from the American Founding Fathers, which has long since been forgotten by the US political leadership: a Constitution is only as good as the strength and determination with which citizens defend it.

Anonymous

October 05, 2015

Permalink

A company called Norse, with a Viking themed product line, might be expected to promote piracy and cyber-raids on defenseless civilians, but it seems they actually try to oppose such actions. And they have hired former Tor Project director Andrew Lewman.

One can only hope that in his new position, Lewman will somehow be able to help combat bad torrents while not tearing down Tor.

> A company called Norse, with a Viking themed product line, might be expected to promote piracy and cyber-raids on defenseless civilians

No, nobody would expect such a thing.

Anonymous

October 05, 2015

Permalink

somebody told me that using a tor browser is illegal in the USA and that just by connecting to TOR your ISP can potentially flag you to authorities. I believe this to be false, however, nothing is shocking. i am a casual user that values privacy and believes in an uncensored network.

actually, the net (will be ?) is divided in 5 or 6 pieces :
a for maintenance (1% ? automatic ?),
b for security (5 ? military infrastructure).
c for users (7% ? uncensored/privacy),
d for survey( 15% in/out ?) ,
e for commercial purpose (70% ?),
f for (unknown )

No using TOR is definitely not illegal in the USA. However, your ISP can detect if you're using TOR, if you want to prevent this, enable a VPN connection before connecting to TOR. That way your ISP can only detect that you're using VPN traffic.

This is ridiculous! They are trying to brainwash you to get you on their surveillance agenda. There is nothing illegal as long as you do not injure or harm someone. Unless you are licensed, which you have to abide by the rules set forth by the license guidelines.

Anonymous

October 06, 2015

Permalink

The Guardian Project hasn’t steered us wrong yet, so it’s hard not to go back to it for a web browser solution like Orweb. Available for Android, Orweb claims to be the “most private and anonymous web browser,” and we have no reason to doubt them. In case you do, though, the app does have the Electronic Frontier Foundation (EFF) stamp of approval. The app circumvents network restrictions, defeats censorship attempts, and encrypts your activity while sending it through computers across the world rather than connecting directly or through a proxy. There’s a near endless amount of options for disguising your browsing with Orweb, as you can do everything from mask the device you’re using and trick a site into thinking your visiting via a different platform, to taking control over cookies. Orweb blocks Flash threats, and keeps no history, among other security measures.
OnionBrowser

To accompany Orweb, you’ll need to also install Orbot. The importance behind this app is that it empowers Orweb to use Tor, the free network for online anonymity. Tor can occasionally be associated with some negative things thanks to what can occur on the hidden web that Tor unlocks, but it’s quite possibly the most important tool for creating privacy on the web.

Orfox is coming...

Anonymous

October 06, 2015

Permalink

> somebody told me that using a tor browser is illegal in the USA

Because the USG has (unconstitutionally) implemented numerous secret laws, it is impossible to be sure, but on the basis of openly published laws, as of 6 Oct 2015, I believe that this is false. Should CISA pass both houses of the US Congress (it is expected to come up for a vote in the Senata early next week), this may change.

Generally, it appears that the secret laws are mainly invoked to gather evidence against someone the government dislikes, after which they can be charged under published laws and prosecuted in open court without undue fear of revealing the secret laws. Such "fishing" would be rigorously proscribed by any government which is sincerely respectful of the Rule of Law.

One point to bear in mind, which has been emphasized by privacy-minded cryptographers such as Bruce Schneier, is that the "Western democracies" are increasingly using a nasty repression stratagem which was formerly restricted to the worst authoritarian regimes, in which someone the government dislikes is arrested and confronted with evidence of previous activity which was not illegal or even seen as particularly "suspicious" at the time, but which later became illegal or came to be considered dangerously "deviant".

For example, unforeseen shifts in the US political winds might lead to future prosecution of members of the Unitarian Church who are currently involved in (currently legal) assistance to undocumented aliens, or people performing human rights monitoring in a country which is currently regarded as friendly or neutral, but next year might be under ISIL control. The USG interpretation of very broadly worded laws is also subject to change without notice. In particular, human rights and medical aid workers in Syria, Iraq, and Afghanistan must accept the risk that a local social services group they work with today might next month be unexpectedly designated as a "terror group".

A related issue involves "mission creep", in which terms such as "terrorist group", "material assistance", "cyberattack" and "weapon of mass destruction" have been steadily extended by US federal prosecutors, often to the point of absurdity. For example, Congress clearly intended that "WMD" denote things like nuclear weapons, but in the past five years this term has been steadily degraded to include such things as hand grenades and sawed-off shotguns. For example, it seems quite possible that hobbyist drone operators doing sketchy things which are legal today (but probably shouldn't be) may be retrospectively prosecuted using novel interpretations of current laws, especially in the event of such foreseeable tragedies as careless operation of a hobby drone resulting in a mid-air collision and causing the crash of a wildfire-fighting aircraft.

Schneier and friends are not of course suggesting that anyone engaged in relief work cease their humanitarian activities out of an abundance of caution, but are rather attempting to explain why the "collect it all and store it forever" mentality of agencies like NSA is so poisonous for any democratic society.

> and that just by connecting to TOR your ISP can potentially flag you to authorities

Published Snowden leaks confirm that NSA attempts to use its global surveillance machine to record every connection to the Tor network, or more precisely to the Tor Directory Authorities. This means the bad guys know that someone using a computer with a certain external IP address was using Tor on a certain date, give or take about 60 minutes. They also confirm that NSA attempts to save indefinitely any encrypted packets, which would include all Tor data streams because Tor uses TLS. The so-far published leaks also show that NSA attempts to record any attempt to obtain the IP of a bridge (a special node which helps people in places like Iran, China, and Australia evade government blocking of normal access to the Tor network). See

https://blog.torproject.org/blog/being-targeted-nsa
phobos
3 July 2014

> Tor's anonymity is based on distributed trust, so observing traffic at one place in the Tor network, even a directory authority, isn't enough to break it. Tor has gone mainstream in the past few years, and its wide diversity of users -- from civic-minded individuals and ordinary consumers to activists, law enforcement, and companies -- is part of its security. Just learning that somebody visited the Tor or Tails website does not't tell you whether that person is a journalist source, someone concerned that her Internet Service Provider will learn about her health conditions, or just someone irked that cat videos are blocked in her location.
>
> Trying to make a list of Tor's millions of daily users certainly counts as widescale collection. Their attack on the bridge address distribution service shows their "collect all the things" mentality -- it's worth emphasizing that we designed bridges for users in countries like China and Iran, and here we are finding out about attacks by our own country. Does reading the contents of those mails violate the wiretap act? Now I understand how the Google engineers felt when they learned about the attacks on their infrastructure.

One crucial role which Directory Authorities play is in eliminating from the network any nodes which are "known bad", typically because they have been seized by police. For example, in autumn 2014, Europol seized numerous Tor nodes in connection with an attempt to take down some hidden services. See

https://blog.torproject.org/blog/thoughts-and-concerns-about-operation-…
Thoughts and Concerns about Operation Onymous
phobos
9 Nov 2014

> If your relay was seized, please also tell us its identity so that we can request that the directory authorities reject it from the network.

It is widely suspected that NSA or another intelligence agency may have been behind an incident in which someone compromised some Directory Authorities, fortunately narrowly missing their presumed goal of compromising enough to take over the entire Tor network. See

https://blog.torproject.org/blog/tor-project-infrastructure-updates
phobos
22 Jan 2010

> In early January we discovered that two of the seven servers that run directory authorities were compromised (moria1 and gabelmoo), along with metrics.torproject.org, a new server we'd recently set up to serve metrics data and graphs. The three servers have since been reinstalled with service migrated to other servers.

Ironically, the Snowden leaks reveal that JTRIG (the "effects" unit of GCHQ which attacks dissidents with malware and psyops) itself uses Tor and operates its own hidden services. It is virtually certain that NSA does the same. Because the cyberspooks mostly understand that breaking into networks always creates opportunities for other attackers (because breaking into networks always carries the risk of unforeseen consequences), it seems implausible that FVEY would attack a resource it relies upon for daily operations. If so, heavy-handed operations like Operation Onymous which seize Tor nodes, or cyberwar actions which attempt to compromise Directory Authorities, may suggest conflict between police agencies like Europol/FBI and intelligence agencies like NSA/GCHQ/CIA and military partners which use Tor for their own purposes, and need the rest of us so that they can "hide in the noise" our own Tor use provides.

Anonymous

October 07, 2015

Permalink

@ Tor devs: comments?

http://www.theregister.co.uk/2015/10/06/fast_wireless_access_to_tor_jus…
Fast, wireless access to Tor? Just maybe
Watch blocked programs while recharging your phone – is this for real?
Kieren McCarthy
6 Oct 2015

> the Invizbox Go offers:

> Faster Tor access through a "premium pricing" model that connects you to fast, private bridges (and so, presumably, relays not run by the NSA) for a monthly fee: €4 ($5) a month
> WiFi extender – spread your signal a little further
> USB charging – when your phone is low
> Proxy selection – so you can decide which country's IP address you want to appear to come from
> An ad blocker
> A Tor/VPN combination so you can use one or the other or both
>
> It also claims a five-hour battery life based on continuous use. As for size, it is roughly the same of the iPhone 6

One thing which worries me: if AdBlock Plus is the adblocker, some ads will get through--- and those will be targeted by spooks worldwide when they want to infect Tor users via malicious adware vectors.

Anonymous

October 24, 2015

In reply to by Anonymous (not verified)

Permalink

I'm not a core Tor dev, although I have contributed to the software. I would highly, highly recommend you do NOT buy this Invizbox thing. A few reasons:

- "Anonymizing hardware" is utterly infamous for security holes. The only one which I would have even an ounce of faith in is Grugq's design, based on OpenWrt and configured pretty well. However, even it has problems.

- Using "private bridges" is actually damaging to your anonymity, because it reduces your anonymity set. Basically, it reduces the crowd you are hiding in. In fact, selecting bridges randomly is far better, especially if you get a large bridge used by many people. The truth is, bridges do nothing for your anonymity, and can actually harm it. The only reason bridges are useful is to evade ISPs that block Tor in places like China.

- Having an anonymizing device uses the same Tor circuit for everything, meaning that if you connect to one site, then another, it will use the same exit node. This is bad for anonymity, and makes tracking and targeted malware deployment far easier.

- Selecting from different proxies reduces your anonymity set considerably.

TL;DR anonymizing hardware is BAD. It is rarely designed well. I would bet a considerable sum of money that if I bought that device, I would find a way to break it. And that's saying something, because I'm not even clever enough to exploit firefox. :P

Seriously, if you just want to watch blocked TV programs, use a simple VPN. VPNs are good for anonymity if your adversary is the MPAA or something similar, so in this case, it'd be perfect for your needs.

As for the "one thing that worries you", you shouldn't be worried about that. :P It is incredibly easy to break your browser even if ads are blocked. Put it this way: there is already a reliable exploit which works against TBB which does not require javascript (uses HTML/CSS) and is highly reliable. I don't know if it has been patched yet. (yet another of the fun 0days Gorlob drops over at ##security on Freenode). So yeah, ads should not be part of your threat model. (Just since it wouldn't be fair to mention this with no mitigations, one way to limit the damage is to use Tails, which sandboxes the browser). And Tails is significantly more solid than any anonymizing hardware!

Anonymous

October 07, 2015

Permalink

Question about Tor Browser Bundle:

When I surf to certain websites, a tiny green icon appears in the search pane. As far as I can tell, this has something to do with the default search engine, and I guess it indicates that my websurfing is somehow being copied to the default search engine company, or to a large adware company. That sounds dangerous for users who do not want to be tracked. Especially because our most lethal enemies are known to abuse both search logs and cookies.

Does anyone know what is going on?

Tor Browser recognizes a potential search "engine" on the website and is offering you to import that one. E.g. if you visit our bugtracker you'll see such a green "+". If you click on it Tor Browser lets you add a search plugin for trac on the fly to your search engines already installed. There is no copying of your websurfing to anybody involved.

Anonymous

October 07, 2015

Permalink

Is this part of NSA's strategy to partially placate FBI's insane demand for easy warrant-less back-door access to every smart phone?

http://arstechnica.com/security/2015/10/verizons-zombie-cookie-gets-new…
Verizon’s zombie cookie gets new life
Verizon's tracking supercookie joins up with AOL’s ad tracking network.
Julia Angwin and Jeff Larson
7 Oct 2015

> Verizon said in a little-noticed announcement that it will soon begin sharing the profiles with AOL's ad network, which in turn monitors users across a large swath of the Internet.
>
> That means AOL's ad network will be able to match millions of Internet users to their real-world details gathered by Verizon, including "your gender, age range and interests." AOL's network is on 40 percent of websites, including on ProPublica.

Could TBB and Tails users be infected if they surf to ProPublica? People who read ProPublica are precisely the kind of people whom agencies like FBI wish to monitor.

This detail is probably yet another example of how NSA "shapes" the internet to make things absurdly easy for its snooping:

> Privacy advocates say that Verizon and AOL's use of the identifier is problematic for two reasons: not only is the invasive tracking enabled by default, but it also sends the information unencrypted, so that it can easily be intercepted.

> Verizon, which has 135 million wireless customers, says it will share the identifier with "a very limited number of other partners and they will only be able to use it for Verizon and AOL purposes," said Karen Zacharia, chief privacy officer at Verizon.

But it is un-encrypted! Who do these clowns think they are fooling?

Just about everyone who doesn't read Ars Technica, I suppose. Censorship and propaganda, unfortunately, work.

> In order for the tracking to work, Verizon needs to repeatedly insert the identifier into users' Internet traffic. The identifier can't be inserted when the traffic is encrypted, such as when a user logs into their bank account.

China and Russia make extensive use of such packet insertion. Yet another illustration of how the "Western democracies" are moving closer and closer to Asian authoritarianism.

Anonymous

October 07, 2015

Permalink

Tails is a modified version of Debian stable. Which now yields control of the computer to systemd. Which was developed under the influence of Red Hat Enterprise Linux. Whose biggest customer is the USIC. This may be cause for concern. Open source code is in principle examinable, but we lack sufficiently many experts to examine all that code. And the drivers we need to make our computers actually work are often NOT open source or easily examined or updated, and we know maliciously altered drivers are extensively exploited by our enemies to harm us.

http://thehill.com/policy/cybersecurity/256020-snowden-us-uk-spies-want…
Snowden: US, UK spies 'want to own your phone'
Cory Bennett
6 Oct 2015

> "Nosey Smurf is the 'hot mic' tool,” he continued. “For example if it's in your pocket, [GCHQ] can turn the microphone on and listen to everything that's going on around you — even if your phone is switched off because they've got the other tools for turning it on.”

Current Tails includes pulseaudio, which is seemingly inextricably entwined with systemd and which appears to establish three 65M files in /dev/shm which appear to contain a short identifying string. Is this cause for concern? Could the fact that pulseaudio uses shared memory be exploited by our enemies?

Same question for TBB running under any other Linux distro which has adopted systemd (all the major distros have done so, I believe).

Anonymous

October 10, 2015

Permalink

How to verify Tor....there is an explanation on the Tor site, GPG, I tried it and could not do it, please write a much better instruction, including pics or better vids. Otherwise one can easily install a fake Tor.

Anonymous

October 10, 2015

Permalink

Three points PZ should have made more clearly:

* thanks to NSA policies, EVERYONE everywhere in the world is now a target; no life is too boring, no target too small, no child too innocent, no protocol too obscure, no information too private, no politics too friendly (towards the USA); even high level NSA retirees like Richard George now admit this,

* one consequence of NSA "crossing the Rubicon" (as Michael Hayden put it) is that all other nations/actors now feel entitled to attempt similar feats of cyberespionage, cyberattacks, and "collect it all" global surveillance; devices like BlackPhone probably offer excellent protection against these second and third tier threats, and may be more effective than we fear even against the Fort Meade axis of evil, particularly if widely adopted,

* telecoms, smart phone vendors, managed medical care providers, and other over-empowered corporations have adopted the same "collect it all" mentality as NSA; they insist that consumer "data exhaust" is theirs for the taking; unlike the US government, companies like Google, Verizon, AOL might not kill you or imprison you if they dislike the way you want to lead your life, but they will discriminate against you, harass you, spy on you, and oppress you in less obvious ways; these corporations consider consumers to be the "data-prey" that powers their business model, but devices like BlackPhone can help us to partially redress the balance of power between the corporate oligarchs and their data-prey.

Anonymous

October 10, 2015

Permalink

Shin Bet and Mossad can and do trace and capture originating ip addresses anywhere and anytime throughout the TOR network

Anonymous

October 11, 2015

Permalink

Почему не приходят мосты? неоднократно посылал запрос на получение мостов и не получил никакого ответа!