I ran across Tor servers in a recent Google search I did on proxy servers. Tor is a cross between a proxy server and an anonymizer. I have several observations about this technology:
Regardless of the route my trafic takes across the 'net, I always leave traces of my presence. For example, after I save this text, the resulting text will be saved several places - on the server this data lives on, on my own PC if I look at the page, on a local proxy server, and at any number of places in between all these PCs. I can't reliably identify each and every place this text is stored and cached. Even if that text is overwritten by some munitions-grade shredding program, a lot of time has been spent making magnetic media very, very reliable. So there is always a chance to recover data by forensic means.
The only way around this is to put magnetic media beyond use through physical destruction. I do this by taking media (floppy disks, Zip disks, mag tape) apart. I remove magnetizable parts, degause them, then run media through a shredder, sometimes more than once. Then I take it to the dump. Its a good way to comply with HIPAA. Even this may not be sufficient. Truly wary will want to have the shredded media re-shredded to powder and then burned.
My second observation is that, even if a communications channel is secure, if at any point a message is sent or received in plaintext you could be in trouble. If I use a unique identifer adjacent to content of interest, a unique combination of data is created. The key use of "unique" is "statistically improbable." Things that are statistically improbably are by definition hard to mask as they are not random. Given enough sensors in enough places, Internet traffic in the form of a bitstream could simply be captured, stored and analyzed at leisure. Isn't this part of what is euphemistically called "national technical means of verification?"
This leads to my third and last observation: look at the Tor website and see who paid for this research: the Electronic Frontier Foundation and the Office of Naval Research. Check that last part.
The only secure computer is no computer. The only secure Internet use is no internet use. The only secure communication is no communication. If this is not possible find yourself a copy of "Khan on Codes" and read about one-time pads. And for heaven's sake don't use a computer.
Discussion on:
View:
Show:
Reading your post reminded me of many times that I've discussed security with other people. In many cases people think that my beliefs about the proper disposal of information storage media are insane. They just don't understand that a hard disk that was used in a business can contain very sensitive information and there will be some people who will make the effort to retrieve that information. And most people don't care all that much about it until they are caught leaking personal information about their customers or employees due to insecure hard disk disposal.
Although I don't dismantle hard disks and grind the platters to dust I make an effort to obscure the information on disk. I have been using encrypted file systems for a little while. This way if you have a hardware service contract and a hard disk is replaced by a technician who keeps the old disk then the data on that disk is encrypted. Floppy disks, tapes, and similar media gets the deGaussing treatment before disposal.
Grinding the disk platters to dust, as you suggest, may be the only really secure way to dispose of information storage media. Unfortunately it is not really practical. As I mentioned above some hardware service contracts require that the old broken equipment is returned to the contract provider when they replace something that is under a maintenance agreement. Shredding floppy disks and tapes is a good idea but I usually don't have the time.
So I settle for the next best level of security. Encrypting data on the media and deGaussing removable media whenever possible is pretty easy to do.
Although I don't dismantle hard disks and grind the platters to dust I make an effort to obscure the information on disk. I have been using encrypted file systems for a little while. This way if you have a hardware service contract and a hard disk is replaced by a technician who keeps the old disk then the data on that disk is encrypted. Floppy disks, tapes, and similar media gets the deGaussing treatment before disposal.
Grinding the disk platters to dust, as you suggest, may be the only really secure way to dispose of information storage media. Unfortunately it is not really practical. As I mentioned above some hardware service contracts require that the old broken equipment is returned to the contract provider when they replace something that is under a maintenance agreement. Shredding floppy disks and tapes is a good idea but I usually don't have the time.
So I settle for the next best level of security. Encrypting data on the media and deGaussing removable media whenever possible is pretty easy to do.
What's he up to ?
First way to keep a secret don't give anyone the impression you have one.
People who sneak about have something to hide, whether that's a legitimate something or not is besides the point to the curious.
After all if I said this post had something secret in it how many people would go past the obvious and start running it through a code breaker.
LOL
First way to keep a secret don't give anyone the impression you have one.
People who sneak about have something to hide, whether that's a legitimate something or not is besides the point to the curious.
After all if I said this post had something secret in it how many people would go past the obvious and start running it through a code breaker.
LOL
As a computer user since 1968, then big as a barn and now tiny and capable of carrying unpty-ump amounts of information from that date, not to mention so much easier. I know of only one way to keep anything secret. Tell no one, no one ever. Tor might do as good a job as possible, especially since it is part of the Naval Research Team, yet it is impossible to keep an IP number secret. All one has to do is backtrace each server, not a difficult thing if a person knows how to use a computer well. The anonomity, especially since it is open-source, is no guarantee of same. It might make it more difficult, as does 512 or higher encryption, but not impossible to take apart and then rebuild. I plan to download it as a safety measure, but it is really no different than a firewall, albeit a stronger one. Open- source, at least in this persons opinion, is worthless. Buggy to say the least, more than IE, Mozilla or any of the other carriers out there. Bah.
I think it's time for a Brave New Bush World version of Godwin's law: "As any discussion of privacy grows longer, the probability of the phrase '{could, might, can} be used by terrorists' approaches 1." I humbly name this law after myself, and call it "Larry's Law of Leave-Me-Alone".
The best way to stop terrorists from attacking is to remove all freedom and expectation of privacy, thus turning it into the same totalitarian regime that they live under. After all, how many times has the United States been attacked after the Patriot Act was created? Zero. It's no fun for them anymore because the freedom they used to hate us for no longer exists.
If the only people who have something to hide are those who are doing something wrong, then why buy a cordless or cellular phone that has privacy features like encryption, spread-spectrum, etc. After all, if you've got nothing to hide, then having the whole neighborhood listen in on your phone calls is no problem, is it? Why not have a big-screen television in your front yard that is always on and shows what you're watching on TV at any moment? Why not have a marquee on your house that says "I am currently reading the book _Foo for Dummies_." Only terrorists and criminals have something to hide, so wanting a little privacy is unpatriotic.
The best way to stop terrorists from attacking is to remove all freedom and expectation of privacy, thus turning it into the same totalitarian regime that they live under. After all, how many times has the United States been attacked after the Patriot Act was created? Zero. It's no fun for them anymore because the freedom they used to hate us for no longer exists.
If the only people who have something to hide are those who are doing something wrong, then why buy a cordless or cellular phone that has privacy features like encryption, spread-spectrum, etc. After all, if you've got nothing to hide, then having the whole neighborhood listen in on your phone calls is no problem, is it? Why not have a big-screen television in your front yard that is always on and shows what you're watching on TV at any moment? Why not have a marquee on your house that says "I am currently reading the book _Foo for Dummies_." Only terrorists and criminals have something to hide, so wanting a little privacy is unpatriotic.
If the ONR is on the project, then I would not assume your notes will go through unnoticed. Call me paranoid if you want, but I seriously doubt they are letting traffic be anonymous and unlogged.
As far as malicious use, you know it will be used for that purpose.
On the destruction of media, you got it right. Last I knew, they could read 7 writes deep on some media, it just depends on the persistence of the material magnetically. This is where solid state media is better.
As far as malicious use, you know it will be used for that purpose.
On the destruction of media, you got it right. Last I knew, they could read 7 writes deep on some media, it just depends on the persistence of the material magnetically. This is where solid state media is better.
I first heard about Tor about two weeks ago. Although the idea of obscuring the origin and destination of network traffic seems like a good idea it didn't take me long to see some weaknesses in the idea.
First I'll say that the idea seems like a good one just because of privacy. Any hurdle that you can put in place to mask your activities will be one more step that a nosy person will have to overcome in order to spy on you. The fact that Tor isn't a total solution doesn't make it useless. Privacy and security don't exist but as you increase the layers of protection that you have you make it increasingly difficult for others to spy on you. The theory is that as spying becomes more difficult there will be fewer people willing to make the effort. It's just like the locks on your home. Anyone can get into your home but the more difficult it is the fewer people will make the effort to succeed.
You may ask why anyone would want to obscure their net traffic. I believe that any steps that you can take to increase security and privacy the better. I would like to see ALL web sites use SSL on all of their pages for instance.
One problem that I see with Tor is that the project is asking for volunteers to run Tor servers. Although the people who would be willing to do this would probably also include people who use their private equipment to provide mirror sites to open source projects there is also the chance that some of these servers will be set up by people who want to monitor the traffic. These could become a kind of honeypot. A Tor server could be set up by a bad guy to log traffic. A Tor server could be set up by police. You don't know what the people that run a Tor server will do with the traffic logs. You could be shooting yourself in the foot trying to obscure your network traffic by using a Tor server that is set up by bad guys to gather information. This potential problem is true about any kind of anonymising service.
Although the Tor idea seems like a good idea I wouldn't trust the people running the server.
First I'll say that the idea seems like a good one just because of privacy. Any hurdle that you can put in place to mask your activities will be one more step that a nosy person will have to overcome in order to spy on you. The fact that Tor isn't a total solution doesn't make it useless. Privacy and security don't exist but as you increase the layers of protection that you have you make it increasingly difficult for others to spy on you. The theory is that as spying becomes more difficult there will be fewer people willing to make the effort. It's just like the locks on your home. Anyone can get into your home but the more difficult it is the fewer people will make the effort to succeed.
You may ask why anyone would want to obscure their net traffic. I believe that any steps that you can take to increase security and privacy the better. I would like to see ALL web sites use SSL on all of their pages for instance.
One problem that I see with Tor is that the project is asking for volunteers to run Tor servers. Although the people who would be willing to do this would probably also include people who use their private equipment to provide mirror sites to open source projects there is also the chance that some of these servers will be set up by people who want to monitor the traffic. These could become a kind of honeypot. A Tor server could be set up by a bad guy to log traffic. A Tor server could be set up by police. You don't know what the people that run a Tor server will do with the traffic logs. You could be shooting yourself in the foot trying to obscure your network traffic by using a Tor server that is set up by bad guys to gather information. This potential problem is true about any kind of anonymising service.
Although the Tor idea seems like a good idea I wouldn't trust the people running the server.
I met Roger Dingledine at DefCon last year. In spite of working for the ONR, his T-Shirt read something about "Criminal Anarchist".
Anyhow, the point he made early in his talk is that the driving force for Tor was the fact that the US Navy uses the Internet too, and they don't want potential enemies/attackers to have too easy a time finding out what the US Navy is doing on the Internet. It would be trivial for them to setup their own set of anonymous proxies, but then all USN traffic would pop out at the same set of IP addresses all the time.
The solution to this is to share your anonymizing network with others, so your traffic can't be sorted against the others.
The concern about trusting the folks running the servers is perfectly valid, but then, how do you know if your ISP is sniffing all of the traffic on the port on their router that goes to you? As others have said, if you want absolute security, get off the network.
Check the Tor FAQ (particulary 6.1) at http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#head-5e18f8a8f98fa9e69ffac725e96f39641bec7ac1
Anyhow, the point he made early in his talk is that the driving force for Tor was the fact that the US Navy uses the Internet too, and they don't want potential enemies/attackers to have too easy a time finding out what the US Navy is doing on the Internet. It would be trivial for them to setup their own set of anonymous proxies, but then all USN traffic would pop out at the same set of IP addresses all the time.
The solution to this is to share your anonymizing network with others, so your traffic can't be sorted against the others.
The concern about trusting the folks running the servers is perfectly valid, but then, how do you know if your ISP is sniffing all of the traffic on the port on their router that goes to you? As others have said, if you want absolute security, get off the network.
Check the Tor FAQ (particulary 6.1) at http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#head-5e18f8a8f98fa9e69ffac725e96f39641bec7ac1
Hate to nitpick, but when you point out that it truly isn't
anonymous due to evidence of communication, what you are
really saying is that it is not truly UNDETECTABLE or INVISIBLE,
but it is Anonymous. To wit: The only truly unavoidable things in
life are death and taxes- Anonymous
Now, by your use of the word, we would not have the evidence
(in this case, the quote) that the poster made any statement at
all, but in fact the poster is anonymous as his identity cannot be
confirmed or inferred.
So, my point is you CAN be truly anonymous on the interent with
TOR, but not invisible.
anonymous due to evidence of communication, what you are
really saying is that it is not truly UNDETECTABLE or INVISIBLE,
but it is Anonymous. To wit: The only truly unavoidable things in
life are death and taxes- Anonymous
Now, by your use of the word, we would not have the evidence
(in this case, the quote) that the poster made any statement at
all, but in fact the poster is anonymous as his identity cannot be
confirmed or inferred.
So, my point is you CAN be truly anonymous on the interent with
TOR, but not invisible.
I think what the author was saying was that IP packets have source IP addresses in them which ultimately can be linked to your PC which ultimately can be linked to you.
To extend your analogy of the quote about death and taxes, suppose that the quote was on an unsigned letter, but still in the envelope with both recipient and return address shown. The fact that the letter is unsigned provides little anonymity since the return address is available for all to see.
Although Tor decouples the recipient and return addresses to obscure this relationship, an eavesdropper can still know that you sent something to Tor, that an onion server sent something to another onion server, and that an onion server sent something to a destination. However, the eavesdropper may not be able to "connect the dots" to determine the path or destination of your message. This is where Tor provides some anonymity.
That you sent something that you did not want disclosed to the general public would be indisputable though. This is where Tor may be unable to provide total anonymity.
Maybe the answer is for we the users to encrypt and anonymize everything. It would then be nothing unusual or noteworthy. Let the bad guys spend their time sorting through mundane traffic instead of giving them a hint of where the secrets are.
To extend your analogy of the quote about death and taxes, suppose that the quote was on an unsigned letter, but still in the envelope with both recipient and return address shown. The fact that the letter is unsigned provides little anonymity since the return address is available for all to see.
Although Tor decouples the recipient and return addresses to obscure this relationship, an eavesdropper can still know that you sent something to Tor, that an onion server sent something to another onion server, and that an onion server sent something to a destination. However, the eavesdropper may not be able to "connect the dots" to determine the path or destination of your message. This is where Tor provides some anonymity.
That you sent something that you did not want disclosed to the general public would be indisputable though. This is where Tor may be unable to provide total anonymity.
Maybe the answer is for we the users to encrypt and anonymize everything. It would then be nothing unusual or noteworthy. Let the bad guys spend their time sorting through mundane traffic instead of giving them a hint of where the secrets are.
An excellent point!
Anonymity implies that you can blend in, just be another one of the faceless crowd. BUT, if you're the only one sending secret messages, then you stand out, even if its not directly traceable to you - and that invites investigation - by whoever for whatever reason and motivation.
Making anonimity the standard is the only way to keep from standing out in the crowd.
Then again, maybe that's the point of the publicity...
Me, I wonder if it isn't just a nice way to get some surfers to let their guard down while the government tracks them, thinking they are "safe". If I was the Navy, I know I wouldn't be inviting everyone and anyone to do what they please behind a mask - though I would let them think they were.
Just some thoughts - and again Great Point Mr. E!
SQLJoe
Anonymity implies that you can blend in, just be another one of the faceless crowd. BUT, if you're the only one sending secret messages, then you stand out, even if its not directly traceable to you - and that invites investigation - by whoever for whatever reason and motivation.
Making anonimity the standard is the only way to keep from standing out in the crowd.
Then again, maybe that's the point of the publicity...
Me, I wonder if it isn't just a nice way to get some surfers to let their guard down while the government tracks them, thinking they are "safe". If I was the Navy, I know I wouldn't be inviting everyone and anyone to do what they please behind a mask - though I would let them think they were.
Just some thoughts - and again Great Point Mr. E!
SQLJoe
My gut instinct warns me that government or Armed Force involvement with any project that deems to make your communication "anon" is a falsehood. Freedom of speech and civil rights are completely unconnected to this issue, and anonymity is not required for honesty and integrity, so therefore is only required to conduct underhand business. Who are we hiding from? The answer is easy: Ourselves!
Bad people, bad places and bad things require tools such as these; to hide their dealings. No body needs this kind of security to send an email to their Grandma or publish a normal website! Why are people not focusing their considerable talents on defeating the people who do these "bad" things instead of protecting their interests further?
I am curious, if this facility was used to further the interests of Terrorist organisations or plan a NineEleven Type attack, do you really think that their anonymity would be preserved? Would the people who facilitated this be preserved? And more to the point, would we want them to be?
"Power is nothing without control!"
Bad people, bad places and bad things require tools such as these; to hide their dealings. No body needs this kind of security to send an email to their Grandma or publish a normal website! Why are people not focusing their considerable talents on defeating the people who do these "bad" things instead of protecting their interests further?
I am curious, if this facility was used to further the interests of Terrorist organisations or plan a NineEleven Type attack, do you really think that their anonymity would be preserved? Would the people who facilitated this be preserved? And more to the point, would we want them to be?
"Power is nothing without control!"
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
