http://fortunascorner.com/2014/10/13/with-this-tiny-box-you-can-anonymize-everything-you-do-online-anonbox-45-open-source-router-that-essentially-serves-as-a-hardware-ditigal-condom/
WITH THIS TINY BOX, YOU CAN ANONYMIZE EVERYTHING YOU DO ONLINE — ANONBOX, $45 OPEN-SOURCE ROUTER THAT ESSENTIALLY SERVES AS A HARDWARE, DITIGAL CONDOM With This Tiny Box, You Can Anonymize Everything You Do Online — Anonbox, $45 Open-Source Router That Essentially Serves As A Hardware, Ditigal Condom Andy Greenberg, writing on this morning’s (Oct. 13, 2014) website, Wired.com, begins by noting that “no tool in existence protects your anonymity on the Web better than the software — ToR — which encrypts Internet traffic; and, bounces it through [a maze] of random computers around the world. But for anything other than Web browsing,” Mr. Greenberg writes, ToR has required a mixture of finicky, technical setup and software tweaks. Now, routing all traffic through ToR may be as simple as putting a portable hardware condom on your Ethernet cable.” “Today,” Mr. Greenberg notes, “a group of privacy-focused developers plans to launch a Kickstarter campaign for Anonabox. The $45 open-source router automatically directs all data that connects to it — by Ethernet or WiFi — through the ToR network, hiding in the user’s IP address and skirting censorship. It’s also small enough to hide two in a pack of cigarettes. Anonabox’s tiny size means users can carry the device with them anywhere, plugging it into an office’s Ethernet cable to do sensitive work; or, in a cyber café in China…to evade the Great Firewall. The result, Mr. Greenberg suggests, “if Anonabox fulfills its security promises, it that it could become significantly easier to anonymize all your ToR traffic — not just with Web browsing, but email, instant messaging, file-sharing, and all the other miscellaneous digital exhaust that your computer leaves behind online.” “Now, all your programs, no matter what you do on your computer, are routed over the ToR network,” says August Germar, one of the independent IT consultants who spent the last four years developing the Anonabox. He says it was built with the intention of making ToR easier to use; not just for the software’s Western fans, but for those who really need it [who live in countries/places] with more Internet-repressive regimes. “It was important to us that it be portable and small — something you can easily conceal, or even throw away if you have to get rid of it.” This Has Happened Before As Mr. Greenberg correctly observes, “Anonabox isn’t the first project to attempt to integrate ToR directly into a router. But, Germar argues it will strike the best balance yet of cheapness, easy size, setup, and security. ToR-in-a-box projects like ToRouter and PORTAL, for instance require the user to replace the software on a stock router. Another project called, OnionPi, is designed to be built from one kit, and costs roughly the twice as much as Anonabox.” “In terms of consumer friendliness, the closet device yet to plug-and-play Tor router has been SafePlug, a $45 variant on PogoPlug router, modified to route all traffic over ToR. But, at more than twice the size, the SafePlug isn’t nearly as portable as Anonabox. And, it’s also been criticized for security flaws; researchers at Princetonfound in September that it didn’t have any authentication on its settings page. That means a hacker could use a technique called a Cross-Site Request Forgery — to trick the user into clicking on a link that would change the router’s functions, or turn off its ToR routing altogether. It also uses an outdated version of ToR, one that had been updated even before the device was shipped last year,” Mr. Greenberg writes. “Anonabox’s security hasn’t yet been audited for those sorts of flaws. But, it’s creator points out that it will be entirely open source, so its code can be more easily scrutinized for errors, and fixed if necessary.” The Community Is Watching “The non-profit ToR project, itself is reserving judgment for now. But, its Executive Director, Andrew Lewman, told Wired.com, he’s keeping an eye on the project; and, that it “look’s promising so far.” “One of the potential vulnerabilities for ToR users, is a website they visit could run an exploit on their computer, installing malware, that “phones home,” to s server across a non-ToR connection to reveal their real IP address.” “If you’re using something like this, everything goes over ToR, so that can’t happen,” said another leading cyber security expert. “A ToR router can definitely have a big benefit in that there’s physical isolation.” “Anonabox alone, however, won’t fully protect a user’s privacy,” Mr. Greenberg wrote. “If you use the same browser for your anonymous, and normal Internet activities, for instance, websites can use “browser fingerprinting” techniques like cookies to identify you.” Some experts suggest “that even when routing traffic over ToR with Anonabox, users should use the ToR Browser, a hardened browser that avoids those fingerprinting techniques (To avoid running their traffic through ToR twice, and reducing bandwidth speeds to a crawl,” one cyber expert Mr. Greenberg interviewed “pointed to a setting in the ToR browser called “transparent tortification,” which turns off the browser’s own ToR routing).” “The Anonabox has been in the works since 2010, long enough that its developers have been able to evolve their own custom board, as well as an injection-molded case. That customization, Germar says, “means the device still packs 64 megabytes of storage and a 580 megahertz processor, easily enough to fit the ToR software; and, run it without any slowdowns.” Built For Civil Disobedience “Germar says he and his friends began thinking about the possibility for the device around the time of the Arab Spring in late 2010, and early 2011. The Anonabox is ultimately intended for users in other countries where ToR’s anti-censorship and privacy properties can help shield activitists and journalists. It can be used in a cyber café, for instance, where users can’t easily install new software on computers. And, it’s capable of so-called, “pluggable transports,” — extensions to ToR that often allow its traffic to better impersonate normal encrypted data,” Mr. Greenberg noted. “The hardware design of Anonabox is also intended to work in the most sensitive international situations: It uses a micro-USB as a power source, a common standard around the world; and, its small size is meant to allow easy concealment. Germar points out that its rounded corners means it can be stowed in a bodily orfice. And, it can be destroyed more easily than a large router.” “Maybe it’s too late and the police are already downstairs, so you smash the box with a brick; and, throw the pieces out the window,” Germar added. “Or, maybe you just crush it, by stepping on it with your shoe; and, flush the pieces down the toilet.” “Germar’s ultimate goal,” Mr. Greenberg concludes, “is to bring ToR to a new audience that has never before had access to its protections.” “This isn’t just about making things easier for people who use ToR now; but, also those who would like to use ToR…but, can’t for whatever reason. Those people are the people we want to help,” Germar said. Even Encrypted Web Traffic Can Still Reveal Sensitive Information About You Perhaps this indeed will be a step forward in ensuring privacy on the Internet; but I wonder if this technique and software is the answer. Certainly, it is probably a major step in that direction. But, going the encrypted route is no guarantee. Jeremy Kirk, writing in the June 24, 2014 website edition of TechWorld, wrote that “analyzing encrypted Web traffic can potentially reveal highly sensitive information — such as medical conditions, and sexual orientation,” according to a [new] research paper that forecasts how privacy on the Internet may erode.” “In a paper titled, “I Know Why You Went To The Clinic,” researchers showed that observing encrypted Web traffic and identifying patterns, it is possible to know what pages a person has visited on a website, giving clues to their personal life. The paper will be presented at the July 16, 2014 Privacy-Enhancing Technology Forum in Amsterdam, Netherlands.” As Mr. Kirk correctly observes, “almost all websites that exchange sensitive data rely on Secure Sockets Layer/Transport Security Layer (SSL/TSL), technology — which encrypts data exchanged between a person’s computer and a server.” “The data is unreadable,” notes Mr. Kirk, “but, the researchers developed a traffic analysis attack that makes it possible to identify what individual pages in a website a person has browsed — with about 80 percent accuracy. Previous research had shown it was possible to do such analysis, — but, the accuracy rate was just 60 percent,” Mr. Kirk wrote.” “In order to execute a [web] traffic analysis attack, an adversary would have to be able to identify the encrypted traffic patterns of a particular site; as well as, be able to observe the victim’s Web traffic. ISPs and employers would have visibility on users’ data streams,” they wrote. “One way to thwart such analysis,” adds Mr. Kirk, “is a “burst” defense, which involves modifying packet sizes — in an attempt to make traffic less vulnerable to pattern recognition,” according to the research paper. On the other hand, “a “linear” defense pads packet sizes up to multiples of 128; while an “exponential” defense pads the packet sizes up to the power of two. Another approach is to randomly fragment packets, which offers the advantage of not generating additional data.” “The burst defense offers greater protection,” according to the research paper, “operating between the TCP layer and application layer — to pad contiguous bursts of traffic — up to pre-defined thresholds — uniquely [tailored] determined for each website. The Burst defense allows for a natural tradeoff between performance and cost, as fewer thresholds will result in greater privacy — but, at the expense of increased padding,’ the paper said. How To Anonymize Everything You Do On The Internet New York Times writer, Somini Sengupta, had an article in the July 18, 2013 edition of her newspaper wrote that, “with no fail-safe technological tricks to minimize your digital footprint, a cottage industry of sorts is emerging — with a variety of sophisticated “tools” to hide your identity as well as what you are accessing and emailing.” Password managers are now storing this information in an encrypted safe, “to which only you (the customer) has the key.” Ms. Sengupta notes that DashLane, LastPass, and RoboForm all have digital tools available in this area. Apple’s new operating system, iOS7, includes a so-called Password Generator that can produce “a unique, hard-to-guess password,” as well as “remember it for you.” Two-step authentication/authorization is another safeguard that is becoming more the norm than the exception — with Google, Yahoo, and LinkedIn — among others — offering this option. Tracker blocking tools let you see the companies/people tracking your activities on the Web and then blocks them if you wish. How foolproof this technology really is and whether or not the company/person attempting to track you — can employ their own cyber “cloak device,” was left unanswered. I suspect these techniques work against 80% of the “problem,” but for the sophisticated hackers and Nation-States — I suspect they have the technical knowhow to eventually penetrate this cyber “maginot line.” Some of the most popular tracker blocking tools include Ghostery, Disconnect, and Abine. Silent Circle, offers encrypted phone, text messaging, encrypted file transfer and encrypted video chat services. OffTheRecord offers an encrypted instant messaging service while RedPhone encrypts calls from end-to-end and keeps no data on itself — meaning no cell phone carrier can keep a record of the conversation nor, comply with a wiretap order or law enforcement inquiry. KoolSpan and Secrypt both offer downloadable encrypted apps that prevents snooping or accessing your cell phone data; but, as with all of these tools — nothing is perfect and there are also the laws of unintended consequences. Bad guys can employ these same tools and, when using an encrypted phone — law enforcement would have to go through the company in order to break the encryption — in any kind of timely fashion. Thus, if you were in a situation where you needed 911 assistance — you better hope you are capable of telling the first responder where you are — they won’t be able to ping your phone. Perhaps in time there will be a 911 over-ride; but for now, you have to weigh the pros and cons for all the above. Also remember, unless you live in a cave and/or operate totally disconnected from the net — it is very difficult to stay hidden — if someone with deep enough “pockets” wants you to be found. V/R, RCP. While not totally accurate — about 80 percent — this kind of technique — identifying and analyzing web traffic and patterns, etc. — is good enough to help law enforcement, the Intelligence Community, the Private Investigator community, etc., in piecing together/link-analysis-type investigations. But, at a minimum, it shows that using encrypted email is not guarantee for the determined and sophisticated cyber sleuths. Page 1 WITH THIS TINY BOX, YOU CAN ANONYMIZE EVERYTHING YOU DO ONLINE — ANONBOX, $45 OPEN-SOURCE ROUTER THAT ESSENTIALLY SERVES AS A HARDWARE, DITIGAL CONDOM With This Tiny Box, You Can Anonymize Everything You Do Online — Anonbox, $45 Open-Source Router That Essentially Serves As A Hardware, Ditigal Condom Andy Greenberg, writing on this morning’s (Oct. 13, 2014) website, Wired.com, begins by noting that “no tool in existence protects your anonymity on the Web better than the software — ToR — which encrypts Internet traffic; and, bounces it through [a maze] of random computers around the world. But for anything other than Web browsing,” Mr. Greenberg writes, ToR has required a mixture of finicky, technical setup and software tweaks. Now, routing all traffic through ToR may be as simple as putting a portable hardware condom on your Ethernet cable.” “Today,” Mr. Greenberg notes, “a group of privacy-focused developers plans to launch a Kickstarter campaign for Anonabox. The $45 open-source router automatically directs all data that connects to it — by Ethernet or WiFi — through the ToR network, hiding in the user’s IP address and skirting censorship. It’s also small enough to hide two in a pack of cigarettes. Anonabox’s tiny size means users can carry the device with them anywhere, plugging it into an office’s Ethernet cable to do sensitive work; or, in a cyber café in China…to evade the Great Firewall. The result, Mr. Greenberg suggests, “if Anonabox fulfills its security promises, it that it could become significantly easier to anonymize all your ToR traffic — not just with Web browsing, but email, instant messaging, file-sharing, and all the other miscellaneous digital exhaust that your computer leaves behind online.” “Now, all your programs, no matter what you do on your computer, are routed over the ToR network,” says August Germar, one of the independent IT consultants who spent the last four years developing the Anonabox. He says it was built with the intention of making ToR easier to use; not just for the software’s Western fans, but for those who really need it [who live in countries/places] with more Internet-repressive regimes. “It was important to us that it be portable and small — something you can easily conceal, or even throw away if you have to get rid of it.” This Has Happened Before As Mr. Greenberg correctly observes, “Anonabox isn’t the first project to attempt to integrate ToR directly into a router. But, Germar argues it will strike the best balance yet of cheapness, easy size, setup, and security. ToR-in-a-box projects like ToRouter and PORTAL, for instance require the user to replace the software on a stock router. Another project called, OnionPi, is designed to be built from one kit, and costs roughly the twice as much as Anonabox.” “In terms of consumer friendliness, the closet device yet to plug-and-play Tor router has been SafePlug, a $45 variant on PogoPlug router, modified to route all traffic over ToR. But, at more than twice the size, the SafePlug isn’t nearly as portable as Anonabox. And, it’s also been criticized for security flaws; researchers at Princetonfound in September that it didn’t have any authentication on its settings page. That means a hacker could use a technique called a Cross-Site Request Forgery — to trick the user into clicking on a link that would change the router’s functions, or turn off its ToR routing altogether. It also uses an outdated version of ToR, one that had been updated even before the device was shipped last year,” Mr. Greenberg writes. “Anonabox’s security hasn’t yet been audited for those sorts of flaws. But, it’s creator points out that it will be entirely open source, so its code can be more easily scrutinized for errors, and fixed if necessary.” The Community Is Watching “The non-profit ToR project, itself is reserving judgment for now. But, its Executive Director, Andrew Lewman, told Wired.com, he’s keeping an eye on the project; and, that it “look’s promising so far.” “One of the potential vulnerabilities for ToR users, is a website they visit could run an exploit on their computer, installing malware, that “phones home,” to s server across a non-ToR connection to reveal their real IP address.” “If you’re using something like this, everything goes over ToR, so that can’t happen,” said another leading cyber security expert. “A ToR router can definitely have a big benefit in that there’s physical isolation.” “Anonabox alone, however, won’t fully protect a user’s privacy,” Mr. Greenberg wrote. “If you use the same browser for your anonymous, and normal Internet activities, for instance, websites can use “browser fingerprinting” techniques like cookies to identify you.” Some experts suggest “that even when routing traffic over ToR with Anonabox, users should use the ToR Browser, a hardened browser that avoids those fingerprinting techniques (To avoid running their traffic through ToR twice, and reducing bandwidth speeds to a crawl,” one cyber expert Mr. Greenberg interviewed “pointed to a setting in the ToR browser called “transparent tortification,” which turns off the browser’s own ToR routing).” “The Anonabox has been in the works since 2010, long enough that its developers have been able to evolve their own custom board, as well as an injection-molded case. That customization, Germar says, “means the device still packs 64 megabytes of storage and a 580 megahertz processor, easily enough to fit the ToR software; and, run it without any slowdowns.” Built For Civil Disobedience “Germar says he and his friends began thinking about the possibility for the device around the time of the Arab Spring in late 2010, and early 2011. The Anonabox is ultimately intended for users in other countries where ToR’s anti-censorship and privacy properties can help shield activitists and journalists. It can be used in a cyber café, for instance, where users can’t easily install new software on computers. And, it’s capable of so-called, “pluggable transports,” — extensions to ToR that often allow its traffic to better impersonate normal encrypted data,” Mr. Greenberg noted. “The hardware design of Anonabox is also intended to work in the most sensitive international situations: It uses a micro-USB as a power source, a common standard around the world; and, its small size is meant to allow easy concealment. Germar points out that its rounded corners means it can be stowed in a bodily orfice. And, it can be destroyed more easily than a large router.” “Maybe it’s too late and the police are already downstairs, so you smash the box with a brick; and, throw the pieces out the window,” Germar added. “Or, maybe you just crush it, by stepping on it with your shoe; and, flush the pieces down the toilet.” “Germar’s ultimate goal,” Mr. Greenberg concludes, “is to bring ToR to a new audience that has never before had access to its protections.” “This isn’t just about making things easier for people who use ToR now; but, also those who would like to use ToR…but, can’t for whatever reason. Those people are the people we want to help,” Germar said. Even Encrypted Web Traffic Can Still Reveal Sensitive Information About You Perhaps this indeed will be a step forward in ensuring privacy on the Internet; but I wonder if this technique and software is the answer. Certainly, it is probably a major step in that direction. But, going the encrypted route is no guarantee. Jeremy Kirk, writing in the June 24, 2014 website edition of TechWorld, wrote that “analyzing encrypted Web traffic can potentially reveal highly sensitive information — such as medical conditions, and sexual orientation,” according to a [new] research paper that forecasts how privacy on the Internet may erode.” “In a paper titled, “I Know Why You Went To The Clinic,” researchers showed that observing encrypted Web traffic and identifying patterns, it is possible to know what pages a person has visited on a website, giving clues to their personal life. The paper will be presented at the July 16, 2014 Privacy-Enhancing Technology Forum in Amsterdam, Netherlands.” As Mr. Kirk correctly observes, “almost all websites that exchange sensitive data rely on Secure Sockets Layer/Transport Security Layer (SSL/TSL), technology — which encrypts data exchanged between a person’s computer and a server.” “The data is unreadable,” notes Mr. Kirk, “but, the researchers developed a traffic analysis attack that makes it possible to identify what individual pages in a website a person has browsed — with about 80 percent accuracy. Previous research had shown it was possible to do such analysis, — but, the accuracy rate was just 60 percent,” Mr. Kirk wrote.” “In order to execute a [web] traffic analysis attack, an adversary would have to be able to identify the encrypted traffic patterns of a particular site; as well as, be able to observe the victim’s Web traffic. ISPs and employers would have visibility on users’ data streams,” they wrote. “One way to thwart such analysis,” adds Mr. Kirk, “is a “burst” defense, which involves modifying packet sizes — in an attempt to make traffic less vulnerable to pattern recognition,” according to the research paper. On the other hand, “a “linear” defense pads packet sizes up to multiples of 128; while an “exponential” defense pads the packet sizes up to the power of two. Another approach is to randomly fragment packets, which offers the advantage of not generating additional data.” “The burst defense offers greater protection,” according to the research paper, “operating between the TCP layer and application layer — to pad contiguous bursts of traffic — up to pre-defined thresholds — uniquely [tailored] determined for each website. The Burst defense allows for a natural tradeoff between performance and cost, as fewer thresholds will result in greater privacy — but, at the expense of increased padding,’ the paper said. How To Anonymize Everything You Do On The Internet New York Times writer, Somini Sengupta, had an article in the July 18, 2013 edition of her newspaper wrote that, “with no fail-safe technological tricks to minimize your digital footprint, a cottage industry of sorts is emerging — with a variety of sophisticated “tools” to hide your identity as well as what you are accessing and emailing.” Password managers are now storing this information in an encrypted safe, “to which only you (the customer) has the key.” Ms. Sengupta notes that DashLane, LastPass, and RoboForm all have digital tools available in this area. Apple’s new operating system, iOS7, includes a so-called Password Generator that can produce “a unique, hard-to-guess password,” as well as “remember it for you.” Two-step authentication/authorization is another safeguard that is becoming more the norm than the exception — with Google, Yahoo, and LinkedIn — among others — offering this option. Tracker blocking tools let you see the companies/people tracking your activities on the Web and then blocks them if you wish. How foolproof this technology really is and whether or not the company/person attempting to track you — can employ their own cyber “cloak device,” was left unanswered. I suspect these techniques work against 80% of the “problem,” but for the sophisticated hackers and Nation-States — I suspect they have the technical knowhow to eventually penetrate this cyber “maginot line.” Some of the most popular tracker blocking tools include Ghostery, Disconnect, and Abine. Silent Circle, offers encrypted phone, text messaging, encrypted file transfer and encrypted video chat services. OffTheRecord offers an encrypted instant messaging service while RedPhone encrypts calls from end-to-end and keeps no data on itself — meaning no cell phone carrier can keep a record of the conversation nor, comply with a wiretap order or law enforcement inquiry. KoolSpan and Secrypt both offer downloadable encrypted apps that prevents snooping or accessing your cell phone data; but, as with all of these tools — nothing is perfect and there are also the laws of unintended consequences. Bad guys can employ these same tools and, when using an encrypted phone — law enforcement would have to go through the company in order to break the encryption — in any kind of timely fashion. Thus, if you were in a situation where you needed 911 assistance — you better hope you are capable of telling the first responder where you are — they won’t be able to ping your phone. Perhaps in time there will be a 911 over-ride; but for now, you have to weigh the pros and cons for all the above. Also remember, unless you live in a cave and/or operate totally disconnected from the net — it is very difficult to stay hidden — if someone with deep enough “pockets” wants you to be found. V/R, RCP. While not totally accurate — about 80 percent — this kind of technique — identifying and analyzing web traffic and patterns, etc. — is good enough to help law enforcement, the Intelligence Community, the Private Investigator community, etc., in piecing together/link-analysis-type investigations. But, at a minimum, it shows that using encrypted email is not guarantee for the determined and sophisticated cyber sleuths. __._,_.___ ------------------------------ Posted by: "Beowulf" <[email protected]> ------------------------------ Visit Your Group <https://groups.yahoo.com/neo/groups/grendelreport/info;_ylc=X3oDMTJmZGkwYXBkBF9TAzk3MzU5NzE0BGdycElkAzIwMTk0ODA2BGdycHNwSWQDMTcwNTMyMzY2NwRzZWMDdnRsBHNsawN2Z2hwBHN0aW1lAzE0MTMzMjYxMDg-> - New Members <https://groups.yahoo.com/neo/groups/grendelreport/members/all;_ylc=X3oDMTJncjhqZXVuBF9TAzk3MzU5NzE0BGdycElkAzIwMTk0ODA2BGdycHNwSWQDMTcwNTMyMzY2NwRzZWMDdnRsBHNsawN2bWJycwRzdGltZQMxNDEzMzI2MTA4> 1 [image: Yahoo! Groups] <https://groups.yahoo.com/neo;_ylc=X3oDMTJlc3UzZDRmBF9TAzk3NDc2NTkwBGdycElkAzIwMTk0ODA2BGdycHNwSWQDMTcwNTMyMzY2NwRzZWMDZnRyBHNsawNnZnAEc3RpbWUDMTQxMzMyNjEwOA--> • Privacy <https://info.yahoo.com/privacy/us/yahoo/groups/details.html> • Unsubscribe <[email protected]?subject=Unsubscribe> • Terms of Use <https://info.yahoo.com/legal/us/yahoo/utos/terms/> __,_._,___ -- -- Thanks for being part of "PoliticalForum" at Google Groups. For options & help see http://groups.google.com/group/PoliticalForum * Visit our other community at http://www.PoliticalForum.com/ * It's active and moderated. Register and vote in our polls. * Read the latest breaking news, and more. --- You received this message because you are subscribed to the Google Groups "PoliticalForum" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
