Re: [liberationtech] Bradley Manning's sentence: 35 years for exposing us to the truth
Thus spake Tom O (winterfi...@gmail.com): To be honest, this was probably the best he could have hoped for. He was facing 90. He got 35 with parole after 12. It's shit, but not as shit as the other options. If Snowden gets captured, you can bet he will be getting much much worse. This would be really unfortunate, especially since by any objective measure Snowden has been significantly more careful with what he's allowed to be revealed than Manning was. Thankfully, public opinion also seems to indicate that most people understand this effort on Snowden's part, despite the media circus. Even still, I am not in the Snowden would get a fair trial in the US camp, either. I am also worried by the fact that the lawlessness of the gangster governments that most Western democracies have devolved into has necessitated this whole insurance file business again. Let's hope at least that bit works out better this time, for everyone involved. -- Mike Perry -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] What if Firefox adopts Tor as feature?
You can't have any of these configurations without a browser to begin with, and serious support from Mozilla would make a number of things better for Tor users in any number of deployment configurations, including (and perhaps especially) high security ones. As for capacity and all of that, we've been consistently adding relays and capacity, but our userbase has not grown proportionally. My belief is that this is largely due to usability issues. In short, I am excited by this news, and I look forward to improving our communication and cooperation with Mozilla on this front. Kyle Maxwell: I've no idea about the capacity, but I will say that, in a general sense, this is a relatively insecure method of using Tor. Recent events have highlighted this, naturally, but Tor works best as network infrastructure where split tunnelling (to borrow a term from VPN architecture) is not allowed. Perhaps if it were fully sandboxed such that all communications had to go through a proxy, a la Whonix. On Thu, Aug 8, 2013 at 9:24 AM, Lazlo liberationt...@lazlo.me wrote: Firefox is flirting with idea the to adopt Tor as a feature [1,2]. This could easily multiply [3] the number of daily users on the Tor network [4]. These daily users are not likely to add new capacity to the network. Is the Tor network able to handle a sudden peak in usage (there is some overcapacity [5]) without a hassle or is there action required? [1] https://twitter.com/BrendanEich/status/364265592112414720 [2] https://bugzilla.mozilla.org/show_bug.cgi?id=901614 [3]https://en.wikipedia.org/wiki/Usage_share_of_web_browsers#Summary_table [4] https://metrics.torproject.org/users.html [5] https://metrics.torproject.org/network.html#bandwidth -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- @kylemaxwell -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Mike Perry -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] From Snowden's email provider. NSL???
It is profoundly encouraging to see that people of such courage and integrity as the Lavabit staff exist, and are willing to put everything on the line to stand up against this madness. David Johnson: https://lavabit.com/https://mail.aljazeera.net/owa/redir.aspx?C=C-JjrgIYEEuVtop4L5ekkprZkHoJaNAI1emSTsdeFmPgXa3gmIunVE-6BLYJ-qLs7Uy3YNIHo0k.URL=https%3a%2f%2flavabit.com%2f My Fellow Users, I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on--the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests. What’s going to happen now? We’ve already started preparing the paperwork needed to continue to fight for the Constitution in the Fourth Circuit Court of Appeals. A favorable decision would allow me resurrect Lavabit as an American company. This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States. Sincerely, Ladar Levison Owner and Operator, Lavabit LLC Defending the constitution is expensive! Help us by donating to the Lavabit Legal Defense Fund herehttps://mail.aljazeera.net/owa/redir.aspx?C=C-JjrgIYEEuVtop4L5ekkprZkHoJaNAI1emSTsdeFmPgXa3gmIunVE-6BLYJ-qLs7Uy3YNIHo0k.URL=https%3a%2f%2fwww.paypal.com%2fcgi-bin%2fwebscr%3fcmd%3d_s-xclick%26hosted_button_id%3d7BCR4A5W9PNN4 . -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Mike Perry -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] NSA's crypto city
James S. Tyre: Oddly, a former NSA operative I know was, while still with NSA, the Mayor of the nearby town in which he lived. Perhaps his colleagues stuffed the ballot box for him. '-) You kid, but this is not how this sort of manipulation would work. Even with E-Voting being the sham that it is, as Kennedy (I think?) said, You can steal a close race, but you can't steal a landslide. In reality, NSA operatives are more likely to use their power for destroying/manipulating political opponents by obtaining information that could be used against them. For well-documented historical examples, just look at Nixon, Hoover, etc. For a more recent example: I suspect it was more than mere coincidence that allowed the Petraeus affair to be discovered.. Even if you are disinclined to believe in conspiracy in that particular case, it serves as a textbook example for how one could take down a high-ranking political official who suddenly becomes inconvenient, using only inappropriately obtained information... -- Mike Perry -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] The Tor Project is looking for a Lead Automation Engineer
The Tor Project wants to deploy nightly builds and continuous integration for as many of our key software components and platform combinations as possible. Your job would be build and deploy the initial functional versions of a wide range of testing frameworks and continuous integration systems. This is a contract position. Candidates are expected to be capable of taking the lead in selecting, deploying, and maintaining multiple automation systems in several different programming languages. Candidates should also be capable of reproducing bugs and writing new reproduction test cases for one or more of the testing frameworks. Eventually, we hope to add additional staff to assist in this project, but to start, you will be expected to prioritize your own work such that the most important tasks get attention first, without letting any specific core component starve for attention. For more details, including information on how to apply, see the job posting: https://www.torproject.org/about/jobs-lead-automation.html.en -- Mike Perry -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] abuse control for Tor exit nodes
Tom Ritter: On 27 June 2013 05:07, Rich Kulawiec r...@gsp.org wrote: [ Okay, so I have a long-winded response to this. It's possible that eventually I'll wander somewhere near a point. ;-) ] ... ... My suggestion (and this is based on many other kinds of operations since I've never run a Tor exit node) is to do what everyone should do for every operation: use a bidirectional default-deny firewall. Then punch holes in it as necessary to permit desired traffic. Use netflows to detect and squash things like brute-force attacks. (In other words, if you observe a serious spike in outbound ssh connection attempts, then someone is using your node, and possibly others, to conduct an ssh brute-force attack. Rate-limit it. Or just block it for a while.) Another highly useful technique is rate-limiting based on passive OS fingerprinting of the source: one application is to provide severely limited SMTP bandwidth to anything fingerprinting as Windows. Another is to use the Team Cymru bogon list. And still another is to use the Spamhaus DROP list, since nothing good can happen by permitting traffic to/from those network ranges. The pf firewall in various BSD distributions is a good choice for implementing all this. It also has the useful feature of being rather resource-frugal: it's quite impressive how an old/slow box running it can gracefully handle large traffic volumes. This is a very well written argument, thank you. I'd love to see more discussion around the ethics of Should I or Shouldn't I put in (non-logging) abuse filtering on exit nodes. Someone can always disguise abuse. An intelligent DoS attack on an SSL website couldn't be detected by an exit node operator. But, just as moving SSH off port 22 really honest-to-god does eliminate 99% of the crap you'd get otherwise, maybe there are similar cheap wins to be had on Exit Nodes. While there are legitimate reasons to send sqlmap through Tor, I'm currently thinking if you actually want to test something, legitimately, through Tor, using sqlmap - you should be prepared to deal with exit blocking. Exit blocking that could eliminate 50%, 80%, 95% of the crap. I'd love to see people debate this back and forth more and tease out arguments for and against. On the practical side of things, a couple questions. Blacklisting connects *to* the spamhaus list, and other known spammers (as an exit operator) would really only shut down control channels, no?. Similarly, if you're an entry node, you could block connections *from*... but if spammers on the spamhaus blocklist were actually using Tor... well, they wouldn't *be on the blocklist*. I could always be wrong, but I don't see this making big wins. Shutting down SSH brute forcing would be cool. I've joked with my friends There are so many interesting thing in the world, and I have no little time to learn them all. I have to prioritize. So I decided to skip iptables and use a wrapper (shorewall).Do you have, or know of, any simple writeups for doing that, or some of the more complicated suggestions? This argument comes up every so often on tor-relays. Censorship filters, IDS systems, and rate limiting firewalls don't belong on Tor exits anymore than they belong on the core routers of the Internet. They belong on the leaves. Censor yourself, not others. Imagine what would happen if the core routers of the Internet detected abuse with even 99% accuracy (1% false positive rate). The Internet would cease to function, due to the base rate fallacy and the relative infrequency of actual abuse: https://en.wikipedia.org/wiki/Base_rate_fallacy The same math applies to Tor exits. -- Mike Perry -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] DuckDuckGo vs Startpage
Nick: Quoth Mike Perry: Hidden service circuits require ~4X as many Tor router traversals as normal Tor exit circuits to set up, and unlike normal Tor exit circuits, they are often *not* prebuilt. Once they are set up, they still require 2X as many Tor router traversals end-to-end as normal circuits. You could easily circle the globe several times to issue a single search query. And all this is to use the Tor hidden service's 80bit-secure hash instead of an https cert, along with all of the other issues with Tor Hidden Services that have accumulated over the past decade due to the lack of time for maintenance on Tor's part? I am not convinced. This is good to know -- don't promote hidden service versions of websites (including DDG) when they have an https version, as hidden services are broken as of now. Right. However, hidden services are still useful in narrow circumstances, even as janky as they are. I think their most compelling usecase is as fully internal TCP-style application endpoints, not as authentication mechanisms for services that already exist on the surveilled Internet, and use it for their communications. But don't hidden services have the advantage that as there is no exit node, the adversary controlling the entry and exit node problem goes away? Or am I misunderstanding. I see that in this case the tor connection to the website is not likely to be the weak point anyway, but I'd be keen to know if I've got this wrong. If you're talking about attacks as strong as end-to-end correlation, then it turns out hidden services have similar weaknesses on that order. There are a number of points where the adversary can inject themselves either to observe or manipulate hidden service circuit construction. For some recent examples of that, see http://www.ieee-security.org/TC/SP2013/papers/4977a080.pdf. Some of those attacks are quite powerful indeed (and many of them allow the adversary to choose their own nodes for observation!) and it will take Tor at least a full stable release cycle or more to fix them... In terms of data confidentiality and integrity though, I think it is probably true that the Tor hidden service trust root is much stronger than the browser CA trust root, even given the 80bit name hash and RSA-1024 sized keys (which probably are roughly equivalent to each other in strength for most purposes). However, Mozilla is working on supporting cert pinning for https, which we should pick up in Tor Browser in the next few months. Basically, all we have to do after that is pin our search provider's actual leaf certificate in Tor Browser itself, and the https usecase becomes both stronger than the hidden service case in terms of data confidentiality and integrity to the actual search engine (who knows what happens after that, of course), and roughly 4X faster... Still, despite all of this, I still think hidden services have an important roll to play in Tor. The search engines of today just aren't the proper use case for them right now. -- Mike Perry -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] DuckDuckGo vs Startpage
Jacob Appelbaum: Mike Perry: In terms of data confidentiality and integrity though, I think it is probably true that the Tor hidden service trust root is much stronger than the browser CA trust root, even given the 80bit name hash and RSA-1024 sized keys (which probably are roughly equivalent to each other in strength for most purposes). I think it also changes how people might begin to start attacking a user - it is not as easy as just throwing up a Tor node, allow and exit and running some general tools. However, Mozilla is working on supporting cert pinning for https, which we should pick up in Tor Browser in the next few months. Basically, all we have to do after that is pin our search provider's actual leaf certificate in Tor Browser itself, and the https usecase becomes both stronger than the hidden service case in terms of data confidentiality and integrity to the actual search engine (who knows what happens after that, of course), and roughly 4X faster... However - Tor will not protect users after the exit node - so if there are libnss bugs, the exit or things beyond it may tamper with it. The attack surface is smaller for Tor HS users, I think. Still, despite all of this, I still think hidden services have an important roll to play in Tor. The search engines of today just aren't the proper use case for them right now. I'd like to see an omnibox search that allows people to choose - I would especially like it if that one was totally unfiltered, even for porn or other thought crime. Good points. While I am against having the default be 4X slower just for this, I will happily merge omnibox .src files for both the hidden service version of DDG and an unfiltered StartPage if anyone provides them and put them in order right after vanilla StartPage and DDG engines. -- Mike Perry -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] DuckDuckGo vs Startpage [was: Help test Tor Browser]
The Doctor: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/24/2013 09:16 PM, Daniel Sieradski wrote: Has there ever been any effort to create an open source search engine that is entirely transparent in both its software and practices? (dmoz.org doesn't count!) ...YaCY? http://yacy.de/ YaCY and other FOSS engines (in a sibling thread someone mentioned another that I already forgot) are also something that I will accept search plugins for the Omnibox, but their result quality, index depth, and crawl frequency are no match for either StartPage or DDG. -- Mike Perry -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] DuckDuckGo vs Startpage
Michael Carbone: On 06/24/2013 10:00 PM, Mike Perry wrote: IxQuick has so far successfully negotiated with Google against outright banning us. Google sees a spike in IxQuick traffic every time we increase StartPage's prominence in TBB, and this does not go unnoticed by Google. Unfortunately, Google's knee-jerk reaction to each increase so far is to argue harder in favor of banning all Tor users from both Startpage and Google, so we'll have to wait and see how this plays out... Backchannel like that (and direct-channel refusals to work with Tor) really makes you wonder about Google's commitment to privacy and the freedom of access to information. Very interesting. I don't know the backchannel relationships but I'd guess Google's decision to allow or not allow Tor users doesn't depend on the levels of traffic they get from StartPage from TBB front page. Well, that's not exactly how it works directly, but the effect is the same. I was simplifying the explanation for the purposes of brevity, and because I was basically a 3rd party to this pressure who was not present during the actual negotiation. However, near as I can tell, the actual mechanism of the pressure is both economic and service-level. Google isn't transparent about what it pays for ad revenue and what it allows for API key volume, and they simply pay less ad revenue and/or ban your API key if they don't like your query flow for whatever reason. They also call you up and start asking questions if your volume suddenly increases, and sometimes just shut off your API key at random (and when they do this, StartPage has to ban Tor users, which has happened each time we've featured them in a more easily accessible way in TBB so far). Google is also unwilling to work with us to deploy rate limiting solutions, even if Tor were to develop them for them. I've tried numerous times through multiple channels over the past 5 (five!) years now to get some level of agreement to support various alternative and less intrusive rate limiting mechanisms based on proof of work, blind signatures, and other schemes instead of SMS and Captcha, so that Tor could turn around and try to find a sponsor to build it, but the only response we can get is Abuse rate limiting is hard, and Google is the best in the world at it! You can't mess with success! It is very frustrating, but I also feel like if we stop trying to use any flavor of Google results entirely, we lose the ability to signal to them how many people care about Tor. Just trying to rationally explain it. I would not rationally use the hidden service version in lieu of https by default. As I alluded to through my questioning of the https backend link to Bing, the transit path from Tor to DDG is not the weakest link in an already-https search engine. Okay, so this seems to be the sticking point? Using the !g bang syntax they route Google requests through DDG (so you can search Google if you want, even though they don't seem to rely on Google for their own index). Is that reroute different than what Ixquick does? I don't know. For the index itself, I wasn't able to find anything on the technical connection between DDG and their index sources. g! is just a redirect. There is no privacy there. Apparently the founder of DDG is interested in getting an external audit, so this might be the type of issue that could solve? He was looking for external audit recommendations as of two days ago ( https://duck.co/topic/we-have-to-talk-about-ddgs-honesty#2846901487421 ). I'd ping him @yegg or y...@alum.mit.edu with some recs. Sure. I don't think this stuff is rocket science. There are probably several people on this list that could help him figure out how to make stuff end-to-end encrypted for front end and backend, excluding his actual servers, and help him certify and promote that claim. I am after a bigger monster, though. Further, claims that the performance is the same or similar are not rigorous. Hidden service circuits require ~4X as many Tor router traversals as normal Tor exit circuits to set up, and unlike normal Tor exit circuits, they are often *not* prebuilt. Once they are set up, they still require 2X as many Tor router traversals end-to-end as normal circuits. You could easily circle the globe several times to issue a single search query. And all this is to use the Tor hidden service's 80bit-secure hash instead of an https cert, along with all of the other issues with Tor Hidden Services that have accumulated over the past decade due to the lack of time for maintenance on Tor's part? I am not convinced. This is good to know -- don't promote hidden service versions of websites (including DDG) when they have an https version, as hidden services are broken as of now. Right. However, hidden services are still useful in narrow circumstances, even as janky as they are. I think their most compelling usecase
Re: [liberationtech] Help test the new Tor Browser!
Cooper Quintin: The default engine was Google for a while until Mike Perry and I changed it. We chose StartPage over DDG because while both being privacy aware, start page had more relevant search results. However these days I personally find that DDG's results are often more relevant than start page. I find StartPage/Google immensely superior to Duckduckgo/Bing when searching the long tail of technical material (which I do frequently). This has always been the case, and has not changed these days, or ever. One example: Try querying both engines for deterministic builds and compare what you find on the front page of each. By result 10, DuckDuckGo starts rambling about free will, philosophy, and life planning. Startpage on the other hand, actually already includes this very thread in the first page results. I am curious which types of queries people perceive DuckDuckGo/Bing to be better at. Is it only better if you're searching for hoodies, movies, video games, and other mainstream things? They also have a page that does not require cookies or JS at https://duckduckgo.com/html/ I am not aware of any JS or cookie requirement via StartPage either, and Startpage allows you to generate your own URL with the safesearch features disabled (so you do not need cookies). You can then create a keyword search for this URL. I am not sure if we want to make that our default search option, but I might be convinced to merge a third omnibox dropdown for it. -- Mike Perry -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Help test the new Tor Browser!
Jacob Appelbaum: Jillian C. York: +1 On Mon, Jun 24, 2013 at 2:38 PM, Cooper Quintin coo...@radicaldesigns.orgwrote: Start page also allows you to generate a url that has certain settings, for example this one ( https://startpage.com/do/mypage.pl?prf=c2a9ee9b20d61e980b6f6cce7026bc91 )has safe search turned off and no caching for video and image search results turned on. It could be useful to put something like this in Tor Browser to avoid search filtering. It would be great if this was the default home page. I'd certainly be happier with that as the default search engine. I don't have anything against porn, and do I strongly believe we should make it easy for people to search for whatever they want (hence right now, I like the idea of adding a Startpage (unfiltered) omnibox item rather than changing the default), but I am not sure that I like the idea of exposing people to porn who are not looking for it. I worry that changing the default *might* do this. Two things could tip the scales in my mind either way about the default: 1. Can anyone provide concrete examples where the image and/or video filters of Startpage/Google (I think Startpage just uses Google's filters) have inadvertently censored material that is not porn, and this error has persisted uncorrected for a significant period of time? I think it is important to weigh this against people being provided with porn results if they are not actually looking for porn -- which is an important issue of consent, IMO. I am sure there are many Muslim users of TBB who do not want to see porn at all, and merely want free access to information. The possibility of subjecting those people to porn potentially against their will weighs on me a bit.. 2. The converse is that making people in the Islamic world who *are* looking for porn potentially signal this via their omnibox choice isn't a great option either, since that choice can leak to disk. I don't think it is fair to allow these people to potentially subject themselves to government persecution via this choice. :/ I am open to suggestions on how to balance these concerns. -- Mike Perry -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Help test the new Tor Browser!
Mike Perry: Jacob Appelbaum: Jillian C. York: +1 On Mon, Jun 24, 2013 at 2:38 PM, Cooper Quintin coo...@radicaldesigns.orgwrote: Start page also allows you to generate a url that has certain settings, for example this one ( https://startpage.com/do/mypage.pl?prf=c2a9ee9b20d61e980b6f6cce7026bc91 )has safe search turned off and no caching for video and image search results turned on. It could be useful to put something like this in Tor Browser to avoid search filtering. It would be great if this was the default home page. I'd certainly be happier with that as the default search engine. I don't have anything against porn, and do I strongly believe we should make it easy for people to search for whatever they want (hence right now, I like the idea of adding a Startpage (unfiltered) omnibox item rather than changing the default), but I am not sure that I like the idea of exposing people to porn who are not looking for it. I worry that changing the default *might* do this. In fact it does do this. Queries for female condom help, female condom use, female condom pictures, female condom videos return increasing numbers of porn results with the query without filters. With the filters in place, they return no porn, only instructional material, diagrams, and pictures. I think it is reasonable to expect that a number of sexual education and potentially even sexual abuse topics will have similar results. Two things could tip the scales in my mind either way about the default: 1. Can anyone provide concrete examples where the image and/or video filters of Startpage/Google (I think Startpage just uses Google's filters) have inadvertently censored material that is not porn, and this error has persisted uncorrected for a significant period of time? I think it is important to weigh this against people being provided with porn results if they are not actually looking for porn -- which is an important issue of consent, IMO. I am sure there are many Muslim users of TBB who do not want to see porn at all, and merely want free access to information. The possibility of subjecting those people to porn potentially against their will weighs on me a bit.. 2. The converse is that making people in the Islamic world who *are* looking for porn potentially signal this via their omnibox choice isn't a great option either, since that choice can leak to disk. I don't think it is fair to allow these people to potentially subject themselves to government persecution via this choice. :/ I am open to suggestions on how to balance these concerns. Still am, but I also want to point out that there is also the Do Nothing option: DuckDuckGo is our second omnibox choice, and it is not hard to switch to it to get unfiltered porn results without signaling that you are looking for such material... -- Mike Perry -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] DuckDuckGo vs Startpage [was: Help test Tor Browser]
Nadim Kobeissi: I'd just like to add that I'm a DuckDuckGo user myself and that I can definitely vouch for the service. I've had a number of people tell me that they vouch for DuckDuckGo. What does this even mean? Nobody seems to be capable of rationally explaining it. Have you inspected their datacenter/server security? Have you audited their logging mechanisms? Does DuckDuckGo even have an https channel to Bing on the back end? Note that I don't vouch for StartPage. I merely think that StartPage provides superior search results to DDG. In fact, I wish both companies the best of luck business-wise, and I'm happy to have both of them at the two top positions in TBB's omnibox. This is because right now, there are only two ways to get https web search results over Tor. Microsoft allows Tor, but has officially refused to support https directly for Bing. Google regularly bans Tor nodes entirely, often without the possibility of even entering a Captcha or using a valid Gmail account (both of which are non-starters for a default engine of course, but would be better than status quo). Every time Tor tries to start a conversation with either Google or Microsoft on these two topics, they both give us a litany of excuses as to why fixing the situation is a hard problem, even after we present potential cost-effective engineering solutions to both problems. For this reason, the loss of either DDG or Startpage would scare the shit out of me, but right now, neither one has done enough for Tor to warrant the default search position**, and since StartPage tends to index more of the deep web faster, it is my opinion we should stick with them as the top position, and have DDG in second. ** Sure, DuckDuckGo runs a hidden service, and also one of the slowest Tor relays on the network (rate limited to 50KB/sec or less), but it is quite debatable as to if either of these things are actually helpful to Tor. In fact, such a slow Tor relay probably harms Tor performance more than helps (in the rare event that you actually happen to select it). -- Mike Perry -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] DuckDuckGo vs Startpage [was: Help test Tor Browser]
Michael Carbone: On 06/24/2013 08:20 PM, Mike Perry wrote: I've had a number of people tell me that they vouch for DuckDuckGo. What does this even mean? Nobody seems to be capable of rationally explaining it. Have you inspected their datacenter/server security? Have you audited their logging mechanisms? The data center thing is a non-sequitur -- no third-party service has this type of the transparency. My understanding is that you don't need to trust these service providers to use them anonymously as they are friendly to Tor and no scripts/cookies/etc -- hence the difficulties you mention later on with Bing Google. So it doesn't split either way between StartPage or DDG. They are equivalent in not allowing personal audits of their servers. I was questioning where the vouching comes from. Vouch is a pretty strong word -- it typically suggests that you are laying down your reputation on the line to support someone or something else, either by oath or by evidence. My general point is that DuckDuckGo seems to have a lot of appeal behind it, causing many people to endorse it in extreme ways without any supporting evidence. I want to understand where that support is coming from. As you point out, the two engines seem largely identical from the perspective of third party vouching/audits wrt privacy. Note that I don't vouch for StartPage. I merely think that StartPage provides superior search results to DDG. Since this is the only criterion you base your choice of search engine on, then perhaps StartPage is the way to go for you. If I were to argue for DDG, I would point to its much more friendly user interface/experience (including the html version) and the great !bang syntax. Maybe it also provides better results for mainstream things as you alluded, I don't know. But there's certainly nothing wrong with appealing to mainstream folks, this is TBB after all. I think these are the reasons why it is gaining a lot of users ( https://duckduckgo.com/traffic.html ). Either way, users will be able to choose the other search engine in the omnibox as you mention. That's great! I am glad they are succeeding, and hopefully are in no danger of going away! Every time Tor tries to start a conversation with either Google or Microsoft on these two topics, they both give us a litany of excuses as to why fixing the situation is a hard problem, even after we present potential cost-effective engineering solutions to both problems. For this reason, the loss of either DDG or Startpage would scare the shit out of me, but right now, neither one has done enough for Tor to warrant the default search position**, and since StartPage tends to index more of the deep web faster, it is my opinion we should stick with them as the top position, and have DDG in second. ** Sure, DuckDuckGo runs a hidden service, and also one of the slowest Tor relays on the network (rate limited to 50KB/sec or less), but it is quite debatable as to if either of these things are actually helpful to Tor. In fact, such a slow Tor relay probably harms Tor performance more than helps (in the rare event that you actually happen to select it). The hidden service is a plus, no? They seem to be trying at least, does Ixquick have either? Maybe it'd be good to reach out to DDG about their relay. IxQuick has so far successfully negotiated with Google against outright banning us. Google sees a spike in IxQuick traffic every time we increase StartPage's prominence in TBB, and this does not go unnoticed by Google. Unfortunately, Google's knee-jerk reaction to each increase so far is to argue harder in favor of banning all Tor users from both Startpage and Google, so we'll have to wait and see how this plays out... Backchannel like that (and direct-channel refusals to work with Tor) really makes you wonder about Google's commitment to privacy and the freedom of access to information. Just trying to rationally explain it. I would not rationally use the hidden service version in lieu of https by default. As I alluded to through my questioning of the https backend link to Bing, the transit path from Tor to DDG is not the weakest link in an already-https search engine. Further, claims that the performance is the same or similar are not rigorous. Hidden service circuits require ~4X as many Tor router traversals as normal Tor exit circuits to set up, and unlike normal Tor exit circuits, they are often *not* prebuilt. Once they are set up, they still require 2X as many Tor router traversals end-to-end as normal circuits. You could easily circle the globe several times to issue a single search query. And all this is to use the Tor hidden service's 80bit-secure hash instead of an https cert, along with all of the other issues with Tor Hidden Services that have accumulated over the past decade due to the lack of time for maintenance on Tor's part? I am not convinced. Sorry if all
Re: [liberationtech] NSA is very likely storing all encrypted communications it is intercepting
and foreign information stink, it gives them carte blanche to review those communications for evidence of crimes that are unrelated to espionage and terrorism,” says Kevin Bankston, a director of the Free Expression Project at the Center For Democracy and Technology. “If they don’t know where you are, they assume you’re not a US person. The default is that your communicatons are unprotected.” All of those exceptions seem to counter recent statements made by NSA and FBI officials who have argued that any collection of Americans’ data they perform is strictly limited by the Foreign Intelligence Surveillance Act (FISA) Court, a special judiciary body assigned to oversea the National Security Agency. “We get great oversight by all branches of government,” NSA director Alexander said in an on-stage interview at the Aspen Institute last year. “You know I must have been bad when I was a kid. We get supervised by the Defense Departmnet, the Justice Department the White House, by Congress… and by the [FISA] Court. So all branches of government can see that what we’re doing is correct.” But the latest leaked document bolsters a claim made by Edward Snowden, the 29-year-old Booz Allen contractor who has leaked a series of top secret NSA documents to the media after taking refuge in Hong Kong. In a live QA with the public Monday he argued that NSA analysts often make independent decisions about surveillance of Americans not subject to judicial review. “The reality is that…Americans’ communications are collected and viewed on a daily basis on the certification of an analyst rather than a warrant,” Snowden wrote. “They excuse this as ‘incidental’ collection, but at the end of the day, someone at NSA still has the content of your communications.” However, the leaked document doesn’t exactly paint Snowden’s picture of a random NSA analyst determining who is surveilled. The guidelines do state that exceptions have to be “specifically” approved by the “Director (or Acting Director) of NSA…in writing.” Just how much actual surveillance the NSA’s exception for Americans’ encrypted data allows also remains unclear. The Center for Democracy and Technology’s Kevin Bankston points out that a previously leaked slide from an NSA presentation makes reference to programs called FAIRVIEW and BLARNEY, which are described as “collection of communications on fiber cables and infrastructure as data flows past.” If the NSA is in fact tapping the Internet’s network infrastructure, Thursday’s leaked guidelines suggest it might be allowed to collect and retain all data protected with the common Web encryption Secure Sockets Layer, (SSL) used for run-of-the-mill private communications like the Web email offered by Google and Microsoft, social networking services like Twitter and Facebook, and online banking sites. “If they’re tapping at the [network] switches and they take full allowance of this ability to retain data, that could mean they’re storing an enormous amount of SSL traffic, including things like Gmail traffic,” Bankston says. In other words, privacy advocates may be facing a nasty Catch-22: Fail to encrypt your communications, and they’re vulnerable to any eavesdropper’s surveillance. But encrypt them, and they become legally subject to eavesdropping by the most powerful surveillance agency in the world. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Joseph Lorenzo Hall Senior Staff Technologist Center for Democracy Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 202-407-8825 (f) 202-637-0968 j...@cdt.org PGP: https://josephhall.org/gpg-key fingerprint: BE7E A889 7742 8773 301B 4FA1 C0E2 6D90 F257 77F8 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Mike Perry -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Bush-Era Whistleblower Claims NSA Ordered Wiretap Of Barack Obama In 2004
phryk: I have to admit, I find that rather amusing. I wonder if this is actually true and if it might change Obamas opinion on the surveillance machine. And if it does, how will he try to hide the obvious hypocrisy? I used to think there was a possibility that surveillance would capture our politicians through blackmail/etc. After seeing more and more of these releases, I am becoming convinced that this *already happened*. If they didn't capture Obama in this 2004 operation, capturing him later wouldn't be terribly difficult. NSA: You're the first black US President, and you want to *dismantle* the domestic surveillance operation that might prevent an assassination attempt on you or your family by some moron redneck lunatic? Sure would be a shame if something were to happen to you after that... I sure can understand his hesitance in the face of such a threat. I don't envy him, that's for sure :/. Actually I have to say that I'm beginning to see the whole phenomenon developing around Snowdens leaks with a good dose of gallows humor. It's kind of slapstick-y that every time someone of the US government tries to justify all the surveillance, there seem to be three new stories popping up that elaborate on all the stuff they actually do; some of which even directly contradicts what those apologists claim. I have noticed this pattern too. I think Snowden and his handlers at the Guardian have a far more sophisticated PR and release timing strategy than anyone has given them credit for (I'm referring to various rumblings about their release of material at the end of the week, questioning the value of the release of intel on US hacking, etc). If there is to be a journalistic award for this work, it should not be for any one story. The whole arc is magnificently directed. -- Mike Perry -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Deterministic builds and software trust
Jonathan Wilkes: From: Mike Perry mikepe...@torproject.org [...] This is where deterministic builds come in: any individual can use our anonymity network to download our source code, verify it against public signed, audited, and mirrored git repositories, and reproduce our builds exactly, without being subject to such targeted attacks. If they notice any differences, they can alert the public builders/signers, hopefully using a pseudonym or our anonymous trac account. This also will eventually allow us to create a number of auxiliary authentication mechanisms for our packages, beyond just trusting the offline build machine and the gpg key integrity. Interesting. Questions: 1) I'd imagine in your case that a large portion of users aren't going to want to compile the software, and it seems at least like they could still be good citizens by verifying the binaries they download against what a random sampling of mirrors say they should look like. Is there a tool out there they can use to do this? Right. First, let me say just to make this fully clear: not everybody needs to compile their own bundles to protect against attack. This isn't security-through-self-compilation a-la Gentoo. You only need to compile a bundle if you suspect either nobody else in the world is privately verifying the bundles (and right now, you might be correct), *or* if you suspect the GPG keys are compromised and you specifically are being fed targeted, fake-signed bundles that none of the private verifiers actually see. However, I would still like to mitigate even these targeted attacks. Here's my thoughts so far: The immediate plan is to publish the full set of detached GPG signatures for all of the matching public builds to start, so that we at least require multikey compromise to mount the targeted fake bundle+fake signature attack. Hopefully at least one of the builders will use a hardware GPG signing token, to make such theft harder. (It's on my TODO list to figure that out for my own keys..) Later, as I alluded to in that next paragraph, we can do defense-in-depth things like place a URL that lists the approved official bundle hashes along with a SHA256SUM for that URL's contents in the Tor Consensus document (which is also a multikey signed document using offline keys and yearly signing key rotation). We can also verify the consensus document hash itself (including the package URL+hash) with a double Ben Laurie multipath+notary and/or multisigned hashtree check... I would like to do all of these things (especially the double Ben Laurie backup Tor Consensus verification, because I don't really think we should trust the consensus keys fully as we do now), but there's also a lot of other things to do at Tor first. Who knows what shiny new explosion of doom will distract me next. It's an exciting place to work! 2) Do you use Tor's git version id (the hash) for the release as the random seed string? Seems like that would be a good precedent to set in case other projects start using this method, too. Not sure exactly what you're asking here. For GCC's -frandom-seed, we just use tor as the string. I'm not aware of any reason why that seed needs to ever change (my understanding is that it is only used for symbol mangling to avoid static/namespace collisions). We also include the full set of git hashes, version tags, and input source hashes in the bundles themselves, so you know exactly what went into your bundle if you want to try to match it at a later date... -- Mike Perry -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Deterministic builds and software trust [was: Help test Tor Browser!]
Jacob Appelbaum: Hi, I'm really excited to say that Tor Browser has had some really important changes. Mike Perry has really outdone himself - from deterministic builds that allow us to verify that he is honest to actually having serious usability improvements. First, thanks for the praise, Jake! But: I've been meaning to clarify this honesty point for a few days now, and Cooper's similar statement in another thread about security being all about trust reminded me of it. I actually disagree with the underlying assumptions of both points. I didn't spend six agonizing weeks (and counting) getting deterministic builds to work for Tor Browser to prove that I was honest or trustworthy. I did it because I don't believe that software development models based on single party trust can actually be secure against serious adversaries anymore, given the current trends in computer security and cyberwar. For the past several years, we've been seeing a steady increase in the weaponization, stockpiling, and the use of exploits by multiple governments, and by multiple *areas* of multiple governments. This includes weaponized exploits specifically designed to bridge the air gap, by attacking software/hardware USB stacks, disconnected Bluetooth interfaces, disconnected Wifi interfaces, etc. Even if these exploits themselves don't leak (ha!), the fact that they are known to exist means that other parties can begin looking for them. In this brave new world, without the benefit of anonymity to protect oneself from such targeted attacks, I don't believe it is possible to keep a software-based GPG key secure anymore, nor do I believe it is possible to keep even an offline build machine secure from malware injection anymore, especially against the types of adversaries that Tor has to contend with. This means that software development has to evolve beyond the simple models of Trust my gpg-signed apt archive from my trusted build machine, or even projects like Debian going to end up distributing state-sponsored malware in short order. This is where deterministic builds come in: any individual can use our anonymity network to download our source code, verify it against public signed, audited, and mirrored git repositories, and reproduce our builds exactly, without being subject to such targeted attacks. If they notice any differences, they can alert the public builders/signers, hopefully using a pseudonym or our anonymous trac account. This also will eventually allow us to create a number of auxiliary authentication mechanisms for our packages, beyond just trusting the offline build machine and the gpg key integrity. I believe it is important for Tor to set an example on this point, and I hope that the Linux distributions will follow in making deterministic packaging the norm. (Don't despair: it probably won't take 6 weeks per package. Firefox is just a bitch). Otherwise, I really don't think we'll have working computers left in 5-10 years from now :/. I hope to write a longer blog post about this topic on the Tor Blog in the next couple weeks, discussing the dangers of exploit weaponization and the threats it poses to software engineering and software distribution. I'm still mulling over the exact focus and if I should split the two ideas apart, or combine them into one post... Ideas and comments welcome! -- Mike Perry -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Help test the new Tor Browser!
Kody Leonard: I get the same error on Windows 7 Ultimate 64-bit. It will run when Windows XP is selected under Compatibility mode. I had the same issue with other languages. This is logged in the event viewer when it doesn't run as-is: Faulting application name: firefox.exe, version: 17.0.6.0 Faulting module name: d2d1.dll, version: 6.2.9200.16492 Exception code: 0xc005 Faulting application path: C:\XX\Tor Browser\FirefoxPortable\App\Firefox\firefox.exe Faulting module path: C:\Windows\system32\d2d1.dll Do you happen to have an Nvidia video card by any chance? This crash seems to be happening on only a select number of x64 Win7 installs (and none of them are developer machines -- which are also x64 Win7), and I am trying to figure out what the common denominator is. Kody On Mon, Jun 17, 2013 at 6:14 PM, Masayuki Hatta mha...@gmail.com wrote: Hi, I tried torbrowser-install-3.0-alpha-1_en-US.exe on Windows 7 Home Premium 64bit (Japan edition), but it doesn't run at all. Installation went well, but double-clicking on Start Tor Browser icon doesn't start things off, nothing happens (seems trying something for a while, but crashes silently). Is this known problem or am I the only one? I have two 64bit Win7 machines, and suffer from the same problem. Things from the current tor-browser-2.3.25-8_en-US.exe is working nicely for a long time, so I guess something wrong in the new Tor Browser Launcher... Please let me know if there's something I can try. Best regards, MH 2013/6/17 Jacob Appelbaum ja...@appelbaum.net Hi, I'm really excited to say that Tor Browser has had some really important changes. Mike Perry has really outdone himself - from deterministic builds that allow us to verify that he is honest to actually having serious usability improvements. I really mean it - the new TBB is actually awesome. It is blazing fast, it no longer has the sometimes confusing Vidalia UI, it is now fast to start, it now has a really nice splash screen, it has a setup wizard - you name it - nearly everything that people found difficult has been removed, replaced or improved. Hooray for Mike Perry and all that helped him! Here is Mike's email: https://lists.torproject.org/pipermail/tor-talk/2013-June/028440.html Here is the place to download it: https://people.torproject.org/~mikeperry/tbb-3.0alpha1-builds/official/ Please test it and please please tell us how we might improve it! All the best, Jacob -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Masayuki Hatta Assistant Professor, Faculty of Economics and Management, Surugadai University, Japan http://about.me/mhatta mha...@gnu.org / mha...@debian.org / mha...@opensource.jp / hatta.masay...@surugadai.ac.jp -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Mike Perry -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Help test the new Tor Browser!
Mike Perry: Kody Leonard: I get the same error on Windows 7 Ultimate 64-bit. It will run when Windows XP is selected under Compatibility mode. I had the same issue with other languages. This is logged in the event viewer when it doesn't run as-is: Faulting application name: firefox.exe, version: 17.0.6.0 Faulting module name: d2d1.dll, version: 6.2.9200.16492 Exception code: 0xc005 Faulting application path: C:\XX\Tor Browser\FirefoxPortable\App\Firefox\firefox.exe Faulting module path: C:\Windows\system32\d2d1.dll Do you happen to have an Nvidia video card by any chance? This crash seems to be happening on only a select number of x64 Win7 installs (and none of them are developer machines -- which are also x64 Win7), and I am trying to figure out what the common denominator is. Another option is to run cmd.exe as Administrator (right click) and run 'sfc /verifyonly' to check if any of your dlls (including d2d1.dll) are out of date/damaged/replaced by alternate vendor versions. -- Mike Perry -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Help test the new Tor Browser!
It looks like Mozilla hit a similar bug some years ago: https://bugzilla.mozilla.org/show_bug.cgi?id=595364 While in compatibility mode, can you try setting one or both of these to 'true' in about:config: gfx.direct2d.disabled layers.acceleration.disabled Then try without XP compatibility mode, and see if one or both allow you to run without crashes? Masayuki Hatta: Hi, Some findings on this issue. 0) Setting compatibility mode to Windows XP (Service Pack 3) makes it work! 1) I tried it on two machines, both don't have NVidia.(both have Intel HD Graphics 4000) 2) sfc /verifyonly couldn't find any discrepancy. Hope it helps. Best regards, MH 2013/6/18 Mike Perry mikepe...@torproject.org Mike Perry: Kody Leonard: I get the same error on Windows 7 Ultimate 64-bit. It will run when Windows XP is selected under Compatibility mode. I had the same issue with other languages. This is logged in the event viewer when it doesn't run as-is: Faulting application name: firefox.exe, version: 17.0.6.0 Faulting module name: d2d1.dll, version: 6.2.9200.16492 Exception code: 0xc005 Faulting application path: C:\XX\Tor Browser\FirefoxPortable\App\Firefox\firefox.exe Faulting module path: C:\Windows\system32\d2d1.dll Do you happen to have an Nvidia video card by any chance? This crash seems to be happening on only a select number of x64 Win7 installs (and none of them are developer machines -- which are also x64 Win7), and I am trying to figure out what the common denominator is. Another option is to run cmd.exe as Administrator (right click) and run 'sfc /verifyonly' to check if any of your dlls (including d2d1.dll) are out of date/damaged/replaced by alternate vendor versions. -- Mike Perry -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Masayuki Hatta Assistant Professor, Faculty of Economics and Management, Surugadai University, Japan http://about.me/mhatta mha...@gnu.org / mha...@debian.org / mha...@opensource.jp / hatta.masay...@surugadai.ac.jp -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Mike Perry -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] FT: Companies scramble for consumer data (personal data are so cheap... why bother to protect them)
Does all this really mean that if we can just create a system for privately paying parties ~$0.25, their services will actually be *more* profitable to run than in the current age of dataveilance? The major problem is of course that micropayment is currently neither private nor seamless... So in addition to your money, you also *still* have to pay with your PII *and* your time.. P.S. Amusingly I couldn't actually read the article below because of a paywall + give us your PII signup click-through. Yosem Companys: From: Toon Vanagt toon.van...@casius.com I stumbled on this FT article with 'volume pricing' for personal data and a convenient estimation tool: http://www.ft.com/cms/s/0/f0b6edc0-d342-11e2-b3ff-00144feab7de.html#axzz2W5QWgUuR Basically, if you're a millionaire, your personal data is worth about $ 0.123 (if you're not, you start at: $ 0.007). The FT has build an interactive data value estimation tool. For example by adding ADHD to my profile I gained a stunning $ 0.200. Consider it extra money for 'salting data set' :) 3 Quick thoughts: The Financial Times will not collect, store or share the data users input into the calculator. Despite this disclaimer I wonder what the FT really does with the harvested data on its web servers or considered the risk of 'leaking logs'? At the end of their 'game', I'm invited to share my private 'data worth' on Twitter, which exposes how much Marketers would pay approximately for your data: and conveniently allows third parties to identify me... When linked with their identifiable FT subscriber profile, there's no need for a tweet to link the results to a person. Check https://twitter.com/search?q=%23FTdataworthsrc=typd - public search result. Great for marketeers. Also has the potential to reverse engineer profiles.. Prices in the article calculator seem very low and suggest that your 'personal data' are not really valuable to companies in a consumer society That is if you're not obese, don't subscribe to a gym, don't own a plane... Due to competition the broker prices are said to trending towards 'worthless'.. Data brokers seem to suggest we should not bother to protect something of so little economic value... Let me know if my reading between the lines is wrong. Does anybody know about a personal data value calculator that is not based on broker volume pricing, but reveals how much companies pay for qualified leads in different industries (mortgage, insurance, cruise travel, fitness, car test drive, hotel booking,...) The outcome of such an 'intent cast valuator' would be much higher and more of an economic incentive to raise awareness of data value. Cheers, @Toon -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Mike Perry -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] New Anonymity Network for Short Messages
Steve Weis: Comments inline... On Tue, Jun 11, 2013 at 10:47 AM, Sean Cassidy sean.a.cass...@gmail.comwrote: - Any specific reason you picked CTR? CTR is widely recommended. Cryptography Engineering specifically recommends it. I was puzzled by this recommendation. CTR has several bad propeties that can surprise you, and have bitten Tor as well. The reason I ask is that this makes your IV-generation more critical than, say, CBC, XTS, or other modes. If you have an IV collision, you'll leak some message bits. Additionally to this, CTR allows bit-level maleability of the cleartext: a bit flipped in a CTR cipherstream translates into a bit flipped in the cleartext. In fact, if there are regions of known cleartext (such as zeroes) the adversary can do things like encode the originating IP in the cleartext simply by XORing it into the cipherstream. This property can cause problems if you perform any operations before checking the MAC (like evaluating a weak CRC to decide to forward the message or not). CBC on the other hand causes a single ciphertext bitflip to scramble a block of cleartext (16 or 32 bytes for 128bit vs 256bit) in an unpredictable and key-dependent way. -- Mike Perry -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Crypho
zooko: On Tue, Mar 26, 2013 at 09:24:13AM +0100, Yiorgis Gozadinos wrote: Assuming there is a point of reference for js code, some published instance of the code, that can be audited and verified by others that it does not leak. The point then becomes: Is the js I am running in my browser the same as the js that everybody else is?. Like you said, it comes down to the trust one can put in the verifier. A first step could be say for instance a browser extension, that compares a hash of the js with a trusted authority. The simplest version of that would be a comparison of a hash with a hash of the code on a repo. Another (better) idea, would be if browser vendors would take up the task (say Mozilla for instance) and act as the trusted authority and built-in verifier. Developers would sign their code and the browser would verify. Finally, I want to think there must be a way for users to broadcast some property of the js they received. Say for example the color of a hash. Then when I see blue when everyone else is seeing pink, I know there is something fishy. There might be a way to even do that in a decentralised way, without having to trust a central authority. Dear Yiorgis: I think this is a promising avenue for investigation. I think the problem is that people like you, authors of user-facing apps, know what the problem is that you want to solve, but you can't solve it without help from someone else, namely the authors of web browsers. With help from the web browser, this problem would be at least partly solvable. There is no reason why this problem is more impossible to solve for apps written in Javascript and executed by a web browser than for apps written in a language like C# and executed by an operating system like Windows. Perhaps the next step is to explain concisely to the makers of web browsers what we want. Ben Laurie has published a related idea: http://www.links.org/?p=1262 Now this is interesting. Had not seen that link before. I wonder how that above 2012 Ben Laurie would get along with this slightly more vintage 2011 Ben Laurie, who discounts not only the hashtree concept, but any attempt to secure it with computation as well: http://www.links.org/?p=1183 The problem is, 2012 Ben Laurie's system is obviously quite easy to censor and manipulate if the adversary has any sort of active traffic capabilities in terms of showing custom extensions of the hash chain (ie malware) to targeted individuals. 2011 Ben Laurie's Efficient Distributed Currency, on the other hand, suggests a Tor-like multiparty signing protocol to avoid these issues: http://www.links.org/files/distributed-currency.pdf But if we assume the worst, the 2011 model Ben Laurie is weak to an adversary such as the NSA that might compromise his datacenter computers (or keys) behind his back. However, 2012 Ben Laurie could detect this compromise by the NSA if it was reasonably hard to add new, fake entries to the hash tree, if clients kept history, and if he had multiple authenticated network perspectives on the hash tree (ie notaries). Can't both Ben Laurie's just get along? ;) To bring us back to Earth: The core problem with the website-as-an-app JS model is that *every* JS code download from the server is not only authenticated only by the abysmal CA trust root, but that insecure/malicious versions of the software can also be easily targeted *specifically* to your account by the webserver (or by the CA mafia) at any time without informing you in any way. But, the really scary situation we now face is that many of us have accounts on app stores capable of delivering updates *right now* that have the same type of targeted capabilities. In fact, in my opinion, all app stores that exist today are just as unsafe for delivering crypto software as website-based solutions are :/. I think I still agree that the takeaway is that it's better to create situations where you only have to do a heavyweight double Ben Laurie PKI+notary+hashtree+PoW all-in-one-check *once* upon initial download, to establish a trust root with the software provider themselves, rather than regularly trusting an intermediary appstore, webserver, and/or CA trust root. Once that initial strong check is done (and you've either run the malware or you haven't), then the software can update using its own strong signature authentication. In the case of paid/proprietary software, proof of purchase from the client should be based upon blind-signatures/ZKPs instead of unique account credentials. But like, really nobody in the world is doing any of this, are they? -- Mike Perry -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] The Tor Project has funding for a Firefox developer
The Tor Project is looking for a Firefox developer as a contractor position likely starting in October and going through Q1 2013, with the possibility of later in 2013 and beyond. There may also be a possibility for part-time work prior to October. This would be a telecommuting position, with collaboration happening primarily over IRC and email. The purpose of our browser is to build a private-by-design reference implementation of Do Not Track, but through the alteration of browser behavior and without the need for regulation or begging: https://www.torproject.org/projects/torbrowser/design/#privacy https://blog.torproject.org/blog/improving-private-browsing-modes-do-not-track-vs-real-privacy-design Your job would be to work on that Firefox-based browser as a developer. This includes triaging, diagnosing, and fixing bugs; looking for and resolving web privacy issues; responding on short notice to security issues; and working collaboratively with coworkers and volunteers on implementing new features and web behavior changes. You'd also be reviewing other people's code, designs, and academic research papers, and looking for ways to improve upon them. For information on how to apply and what to send in with your application, please see the job posting: https://www.torproject.org/about/jobs-browserhacker.html.en -- Mike Perry ___ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click yes (once you click above) next to would you like to receive list mail batched in a daily digest? You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech
