Always Providing You With Ongoing Information

Posts tagged ‘Tor’

New Firefox Exploit Can Expose Tor Users

coco3_001

The exploit was delivered through a Tor mailing list that when opened could unveil the MAC address and possibly even the IP address of a user running Tor Browser on Firefox. Researcher Joshua Yabut said it is “100 percent effective for remote code execution on Windows systems, versions 41 to 50 of Firefox are reportedly affected.”

A representative of Mozilla said officials are aware of the vulnerability and are working on a fix. While the vulnerability was already being actively exploited, the publication of the complete source code now puts it in the hands of a much wider base of people. Until a patch is available, Firefox users should use an alternate browser whenever possible, or disable JavaScript on as many sites as possible. People should avoid relying on Tor in cases where deanonymizing attacks could pose a significant threat. Tor users can also disable JavaScript, but turning it off goes against the official Tor recommendations.

Turkish Internet Users Running To Tor

typing4_001

Turkish internet users are flocking to Tor, the anonymizing and censorship-circumvention tool, after Turkey’s government block Twitter, Facebook, and YouTube.

Usage of Tor inside of Turkey went up from around 18,000 users to 25,000 users on Friday, when the government started blocking the popular social media networks, according to Tor’s official metrics.  The Turkish information technologies and communications authority, or BTK, ordered internet providers in the country to block Tor and several other censorship-circumvention Virtual Private Networks or VPNs, such as VPN Master, Hotspot Shield

A Warrant For A Tor User?

typing4_001

The past few months, judges, defense lawyers, and the government have been fighting over whether obtaining a Tor user’s real IP address, perhaps through hacking, counts as a search under the Fourth Amendment. The debate has serious consequences for whether law enforcement requires a warrant to break into a suspect’s computer, even if it’s only to learn the target’s IP address. US District Court Judge Robert W Pratt argued that when the FBI hacked suspected Playpen users and grabbed their IP addresses, that constituted a search.

He stated “If a defendant writes his IP address on a piece of paper and places it in a drawer in his home, there would be no question that law enforcement would need a warrant to access that piece of paper—even accepting that the defendant had no reasonable expectation of privacy in the IP address itself,” Pratt writes in his order. Judges are divided over whether obtaining the IP addresses in this way constitutes a search, and whether Tor users have a reasonable expectation of privacy around their real IP address.

Riffle- More Secure Anonymity Than TOR

Snapshotpurple_001

A team of researchers led by MIT grad student Albert Kwon (with help from EPFL) aims to leapfrog Tor’s anonymizing technique with a brand new platform called Riffle.

Tor — has prompted computer scientists to try to come up with more secure anonymity schemes. At the Privacy Enhancing Technologies Symposium in July, researchers at MIT’s Computer Science and Artificial Intelligence Laboratory and the École Polytechnique Fédérale de Lausanne will present a new anonymity scheme that provides strong security guarantees but uses bandwidth much more efficiently than its predecessors.

The system is devised by Albert Kwon and his coauthors — his advisor, Srini Devadas, the Edwin Sibley Webster Professor of Electrical Engineering and Computer Science at MIT; David Lazar, also a graduate student in electrical engineering and computer science; and Bryan Ford SM ’02 PhD ’08, an associate professor of computer and communication sciences at the École Polytechnique Fédérale de Lausanne — employs several existing cryptographic techniques but combines them in a novel manner.

The system is a series of servers called a mixnet. Each server permutes the order in which it receives messages before passing them on to the next. If, for instance, messages from senders Alice, Bob, and Carol reach the first server in the order A, B, C, that server would send them to the second server in a different order — say, C, B, A. The second server would permute them before sending them to the third, and so on. An adversary that had tracked the messages’ points of origin would have no idea which was which by the time they exited the last server. It’s this reshuffling of the messages that gives the new system its name: Riffle. Riffle also uses a technique known as onion encryption; “Tor,” for instance, is an acronym for “the onion router.” With onion encryption, the sending computer wraps each message in several layers of encryption, using a public-key encryption system like those that safeguard most financial transactions online. Each server in the mixnet removes only one layer of encryption, so that only the last server knows a message’s ultimate destination.

To thwart message tampering, Riffle uses a technique called a verifiable shuffle. Because of the onion encryption, the messages that each server forwards look nothing like the ones it receives; it has peeled off a layer of encryption. But the encryption can be done in such a way that the server can generate a mathematical proof that the messages it sends are valid manipulations of the ones it receives. Mixnets has been around for awhile, but unfortunately it’s always relied on public-key cryptography and on public-key techniques, and has been expensive. Whats different about this research is that it reveals how to  use more efficient symmetric-key techniques to accomplish the same thing. They do one expensive shuffle using known protocols, but then they bootstrap off of that to enable many subsequent shufflings.

 

There’s no plan to commercialize Riffle, either, nor will it be a replacement for Tor, even though it does some things vastly better.

Tiny New Hampshire Library Fights Government Surveillence

white sailor suit_001.png7_001

A tiny  library in New Hampshire promotes privacy and fights government surveillance—to the dismay of law enforcement.

 The Kilton Public Library in Lebanon NH, a city of 13,000, last year became the nation’s first library to use Tor, software that masks the location and identity of internet users, in a pilot project initiated by the Cambridge, Massachusetts-based Library Freedom Project. Users the world can have their searches randomly routed through the library.

Computers that have Tor loaded on them bounce internet searches through a random pathway, or series of relays, of other computers equipped with Tor. This network of virtual tunnels masks the location and internet protocol address of the person doing the search.

What makes the Kilton  Public Library unique among  other U.S. libraries, it also has a computer with a Tor exit relay, which delivers the internet query to the destination site and becomes identified as the last-known source of the query.

Founder & Director of the Library Freedom Project, said her organization chose Kilton for its pilot project because it had embraced other privacy-enhancing software the project recommended and because she knew the library had the know-how take it to the complicated exit-relay stage.

What can Tor Do?

Protect shoppers, victims of domestic violence, whistleblowers, dissidents, undercover agents—and criminals—alike. A recent routine internet search using Tor on one of Kilton’s computers was routed through Ukraine, Germany, and the Netherlands

The Tor Project is funded largely by the U.S. State Department and other federal agencies, yet the Department of Homeland Security rejects the idea of its use by civilians because it can be used to mask criminal activity.

Local police, at the behest of Homeland Security’s Boston bureau, asked the Kilton library last July to stop using Tor. Its use was suspended until the library board voted unanimously at a standing-room-only meeting in September to maintain the Tor relay.

 

Tag Cloud

%d bloggers like this: