from the now-wouldn't-that-be-a-fun-lawsuit dept
Either way, another randomly amusing tidbit in the midst of all of this.
by Mike Masnick
Fri, Oct 4th 2013 4:05pm
Wed, Dec 4th 2013 8:50am
Closes: 24 Dec 2013, 11:59PM PT
We've all seen the digital panic that ensues when a massive service like Gmail or Facebook goes down for even a small portion of users. Smaller versions of the same thing take place every day with services that are less widely adopted but just as important to the people who rely on them. It doesn't even take an outage to cause problems — frequent slowdowns and interruptions can quickly cause a massive productivity traffic jam. With the degree to which we live our lives and do our work online, service problems are much more than a minor inconvenience, and at the wrong moment can be a disaster.
So we want to know: how does this impact the way you use the web? Are you prepared for interruptions in the online apps and services you use most? Have you ever abandoned an app for spotty performance, or adopted one specifically for its reliability? We're looking for everything in the way of insights, anecdotes and ideas about performance issues online.
You can share your responses on the Insight Community. Remember, if you have a Techdirt account, then you're already a member and can head on over to the case page to submit your insights.
One best response chosen by New Relic and the Techdirt editorial team will receive a free one-year Watercooler subscription on Techdirt (regular price $50). The subscription includes access to the Crystal Ball and the Insider Chat, plus five monthly First Word/Last Word credits, and can be applied to your own Techdirt account or gifted to someone else.
The case will be open for four weeks, with the best response announced shortly afterwards. We look forward to your insights!
by Mike Masnick
Fri, Oct 4th 2013 3:00pm
The articles accurately point out that the Intelligence Community seeks to understand how these tools work and the kind of information being concealed.In other words: we decimate your privacy, because we care. Sorry, Clapper, we're just not feeling that caring spirit out here in the public. It sure seems like you're a creepy big brother, using any and all methods to distort this discussion and debate, while seeking to collect any and all information you can get your hands on "just because" it might possibly be useful someday -- and with little to no concern for how that impacts everyone else.
However, the articles fail to make clear that the Intelligence Community’s interest in online anonymity services and other online communication and networking tools is based on the undeniable fact that these are the tools our adversaries use to communicate and coordinate attacks against the United States and our allies.
by Mike Masnick
Fri, Oct 4th 2013 12:01pm
Schneier also notes that this is basically the same technique the Chinese have used for their Great Firewall. In other words, the complicit nature of the telcos in basically giving the NSA and GCHQ incredibly privileged access to the backbone is part of what allows them to conduct those kinds of man-in-the-middle attacks. It still amazes me that there isn't more outrage over the role of the major telcos in all of this.
To trick targets into visiting a FoxAcid server, the NSA relies on its secret partnerships with US telecoms companies. As part of the Turmoil system, the NSA places secret servers, codenamed Quantum, at key places on the internet backbone. This placement ensures that they can react faster than other websites can. By exploiting that speed difference, these servers can impersonate a visited website to the target before the legitimate website can respond, thereby tricking the target's browser to visit a Foxacid server.
In the academic literature, these are called "man-on-the-middle" attacks, and have been known to the commercial and academic security communities. More specifically, they are examples of "man-on-the-side" attacks.
They are hard for any organization other than the NSA to reliably execute, because they require the attacker to have a privileged position on the internet backbone, and exploit a "race condition" between the NSA server and the legitimate website. This top-secret NSA diagram, made public last month, shows a Quantum server impersonating Google in this type of attack.
The NSA uses these fast Quantum servers to execute a packet injection attack, which surreptitiously redirects the target to the FoxAcid server. An article in the German magazine Spiegel, based on additional top secret Snowden documents, mentions an NSA developed attack technology with the name of QuantumInsert that performs redirection attacks. Another top-secret Tor presentation provided by Snowden mentions QuantumCookie to force cookies onto target browsers, and another Quantum program to "degrade/deny/disrupt Tor access".
by Mike Masnick
Fri, Oct 4th 2013 11:00am
In response to all of this the NSA put out one of its typically bland and empty statements about how what it does is "authorized by law" and it should be no surprise that it's seeking information on bad people.
Top-secret NSA documents, disclosed by whistleblower Edward Snowden, reveal that the agency's current successes against Tor rely on identifying users and then attacking vulnerable software on their computers. One technique developed by the agency targeted the Firefox web browser used with Tor, giving the agency full control over targets' computers, including access to files, all keystrokes and all online activity.
But the documents suggest that the fundamental security of the Tor service remains intact. One top-secret presentation, titled 'Tor Stinks', states: "We will never be able to de-anonymize all Tor users all the time." It continues: "With manual analysis we can de-anonymize a very small fraction of Tor users," and says the agency has had "no success de-anonymizing a user in response" to a specific request.
Another top-secret presentation calls Tor "the king of high-secure, low-latency internet anonymity".
by Mike Masnick
Fri, Sep 13th 2013 5:34pm
by Glyn Moody
Wed, Aug 21st 2013 4:18am
As more and more countries start introducing Web blocks, some people console themselves with the "at least there's always Tor" argument. Politicians may be slow, but they are not all completely stupid, and they are beginning to get the message that Tor and other anonymous services potentially render their Web blocks moot. It's then not a huge leap for them to move on to the next stage -- banning or blocking Tor -- as Russia now seems to be contemplating, according to this article on Russia Today:
The head of the Federal Security Service (FSB) has personally ordered preparations for laws that would block the Tor anonymity network from the entire Russian sector of the Internet, a Russian newspaper reported.
In fact, according to the Izvestia story (original in Russian), along with Tor, all anonymizing proxy services would be banned too.
No prizes for guessing what's behind the latest move:
FSB director Aleksandr Bortnikov announced the initiative at a recent session of the National Anti-Terrorism Committee, saying that his agency would develop the legislative drafts together with other Russian law enforcement and security bodies, the widely circulated daily Izvestia reported.
The news was disclosed after the Russian civil movement 'Head Hunters' wrote a letter to the FSB with a request to block Tor, as it is one of the favorite software tools for distributors and users of child pornography. The FSB replied that the request was directed to the wrong body, as crimes against public health and morals fall under the Interior Ministry's jurisdiction.
However, the FSB graciously decided to get involved anyway:
The FSB official said that the agency initiated the move as internet anonymizers were used by weapon traffickers, drug dealers and credit card fraudsters, giving the FSB an obvious interest in limiting the use of such software.
In other words, banning Tor and anonymizers is a real crowd-pleaser, since politicians can point to lots of bad people that use them. Just like they use the Internet, or postal service: and just as there are lots of good uses of the postal service and the Internet, so Tor and anonymizers are also vital for a wide range of non-evil people, notably activists and political dissidents, both of whom are already under pressure in Russia. But what is a bug for some is a feature for others: blocking Tor -- "for the children" -- would also have the knock-on effect of making it even harder for dissidents and political groups to access information and organize in secret.
Assuming that the proposed law is passed, as seems likely, the worry has to be that other countries will take note and start to think about following suit, probably playing the same populist card of fighting child pornography that Russia's 'Head Hunters' are now employing.
by Mike Masnick
Mon, Aug 5th 2013 1:11pm
Shortly after Marques' arrest last week, all of the hidden service sites hosted by Freedom Hosting began displaying a “Down for Maintenance” message. That included websites that had nothing to do with child pornography, such as the secure email provider TorMail.So why do people think the feds are involved? The bit of malware scoops up various identifying information -- MAC address and Windows hostname -- and then sends it to a server in Virginia to find the real IP address of the computer in question. The Virginia server is controlled by the infamous contractor SAIC, who works with numerous government agencies.
By midday Sunday, the code was being circulated and dissected all over the net. Mozilla confirmed the code exploits a critical memory management vulnerability in Firefox that was publicly reported on June 25, and is fixed in the latest version of the browser.
Though many older revisions of Firefox are vulnerable to that bug, the malware only targets Firefox 17 ESR, the version of Firefox that forms the basis of the Tor Browser Bundle – the easiest, most user-friendly package for using the Tor anonymity network.
by Glyn Moody
Fri, May 31st 2013 12:33pm
One of the key flaws with the data retention schemes being proposed by the UK and elsewhere, supposedly to catch terrorists and serious criminals, is that they won't work. It is trivially easy to avoid surveillance by using encrypted connections, for example those provided by The Onion Router (Tor). This means that the only people who are likely to end up being spied on are innocent members of the public.
According to this article in Crikey, the secret services in Australia have apparently woken up to this fact; but rather than convince their government that data retention is therefore an expensive and intrusive waste of time, they have decided to take the damage to the next level:
In a major admission, the Attorney-General's Department has revealed Australia's intelligence and law enforcement agencies are seeking the legal power to break into internet routing encryption services such as Tor, after admitting the centerpiece of its proposed national security reforms, data retention, will be "trivially easy" to defeat.
This is, of course, an incredibly stupid idea, for reasons that one of Tor's developers, Jacob Appelbaum, explains well in the Crikey piece:
"If they wish to break such [encrypted] services, they ensure that when they use such services, they will also be insecure -- this ensures again that only criminals will have privacy, regular people -- including the police fighting crime -- they will be left out of having strong privacy. This opens business people up to industrial and economic espionage. It also promotes the idea that to make ourselves more secure, we should weaken our networks and add the very backdoors that most attackers work day and night to create," he said.
The plan to create detailed, centralized stores of high-value information about people's Internet and telephone usage already exposes the public to an elevated risk of having personal information accessed and misused. Moving beyond that to break key encrypted Internet services like Tor and virtual private networks (VPNs) would deal another serious blow to online privacy and business confidentiality.
An expert panel to the NPA, which was looking into measures to combat crimes abusing the Tor system, compiled a report on April 18 stating that blocking online communications at the discretion of site administrators will be effective in preventing such crimes. Based on the recommendation, the NPA will urge the Internet provider industry and other entities to make voluntary efforts to that effect.This is an extreme and dangerous overreaction. Yes, some people abuse the anonymity of Tor to do illegal things. Just as some people abuse the anonymity of cash to do bad things. But we don't then outlaw cash because of this. There are many, many reasons why people have good reason to seek out an anonymizing tool like Tor to protect their identity. What if they're whistle blowing on organized crime or corruption (say) in the police force? As for the fear that it's being used for criminal activity, that doesn't mean that police cannot identify them through other means. We've seen time and time again people leave digital tracks in other ways when they're committing crimes. Yes, it makes life more difficult for police, and it means they have to do actual detective work, but that's what their job is.
by Mike Masnick
Fri, Nov 30th 2012 12:40pm
Seven LKA officers, two police offers, and a court-appointed expert witness started a search of the flat, without respecting my privacy or property whatsoever. Paper documents in a cupboard were read, and no care was taken of my cat (who I was allowed to lock into another room later). My storage cubes (HP MicroServers) were confiscated without any regard for the hardware – the power cords were simply ripped out / hard shutdown, instead of properly shutting them down by the operating system. My main PC was shut down normally, as far as i could determine. After finishing the search in my living room, they continued in my bedroom, where they confiscated my legal firearms, as well as my cable TV receiver, and my Xbox 360. Despite my statement that all firearms and ammunition were legally owned and registered, having passed all background checks, this was doubted by one of the LKA officers due to the caliber.He indicates later that there was at least some knowledge of tor, so hopefully this gets sorted out:
After this, I had them show me the offending IP address, which I identified as belonging to me in the specified timeframe. I explained that this was a TOR exit node under my control at this time. I attempted to explain what TOR is, and they appeared to be familiar with it, as the atmosphere suddenly became more friendly. They probably understood that it was very unlikely they had a child pornographer sitting in their office.Obviously, there are reasons to investigate possible child porn distribution, but it still seems ridiculous that law enforcement still seems skeptical of tor exit nodes and assumes that they must be used for nefarious intent. This isn't the first time of course. Last year, here in the US, ICE seized a tor exit node as well. While it eventually returned the equipment, it warned the guy that "this could happen again." And, of course, just this week, we wrote about a German case where a court actually held someone responsible for the transmission of encrypted traffic on a tor-like system.
Some questions about my motives followed, which I attempted to answer – but this seemingly failed. I could not make them understand why I would “waste” resources and bandwidth (translating into money) to run a TOR node. I informed them that I was already contacted by the Polish police in May about this IP, regarding hacking attempts originating from it. Back then I had already explained to Polish police that this was a TOR exit node, and that no logfiles were held. After the report of hacking attempts, I shut down the TOR node on this server, but apparently this was too late and they were investigating (and/or wiretapping) already.
Explore some core concepts:
|7:46am:||Twitter Hashtag Inventor Explains Why Patenting It Would Have Been The Wrong Thing To Do (23)|
|5:39am:||US Works Its Way Up To The Middle Of The Pack In Broadband Speed (20)|
|3:39am:||NSA FOIA Response Claims Data On Vendor Contracts 'Unsearchable' (12)|
|11:53pm:||TPP And TAFTA/TTIP Done Right: The Alternative Trade Mandate (6)|
|7:53pm:||MPAA 'Settles' Another 'Victory' Against Hotfile For $80 Million That No Artists Will Ever See (69)|
|5:00pm:||DailyDirt: Solar System Factoids (4)|
|3:27pm:||Canadian Government Rolls Out National Cyberbullying Legislation And, No Surprise, It's Problematic (29)|
|2:32pm:||An Important Week To Speak Up To Protect Innovation And Privacy (3)|
|1:35pm:||Lindsay Lohan Is Reportedly Asking Her Lawyers About Going After GTA5 For Non-Portrayal (21)|
|12:42pm:||UK Parliament Makes A Mockery Of Itself Interrogating Guardian Editor (37)|
|11:33am:||Anti-Net Neutrality Advocates Back To Making Bogus Arguments (24)|
|10:33am:||Another Questionable Study By Brad Bushman Claims Violent Video Games Are Bad For Children (25)|
|9:37am:||Lawsuit Claims ICE Officers Shot At, Arrested Wrong Man (43)|
|8:31am:||A Tour Through The Bizarre Mind Of An NSA Defender: Discrediting Activists By Using Their Porn Surfing Is Just Like Journalism! (28)|
|7:32am:||Lawyer For Cop Charged In Beating Death Of Homeless Man Claims Officer Didn't Use ENOUGH Force (62)|
|5:33am:||NSA Gave Employees Ridiculous 'Talking Points' To Spread Among Friends And Family Over The Holidays (23)|
|3:29am:||South Korean Politicians Want Video Games Placed Alongside Drugs And Alcohol In Legislation For Addiction (21)|
|12:08am:||Italy Attempting To Have Copyright Enforced By Regulators, Not Courts (22)|
|8:11pm:||TAFTA/TTIP: What Price Transparency? (14)|
|5:00pm:||DailyDirt: Smart Primates (7)|
|4:22pm:||Trademarks, Beer, Vampires, Zombies... And Lawyers (9)|
|3:33pm:||Cartoonist Donna Barstow Reappears To Generate More Negative Press While Attempting To Stifle Year-Old Negative Press (10)|
|2:33pm:||Hollywood Studio Bosses Ask Obama To Help Improve Relationship With Silicon Valley... While Pressing TPP That Will Harm Silicon Valley (32)|
|1:30pm:||Patenting University Research Has Been A Dismal Failure, Enabling Patent Trolling. It's Time To Stop (15)|
|12:30pm:||Without Anyone Paying Attention, Canada Is About To Change Its Laws To Support ACTA (29)|
|11:30am:||US Hypocrisy: Pushing For Maximum Damages For Infringement, While Settling Its Own Piracy Bill For Less (35)|
|10:30am:||Lobbyist Insists His Meeting About 'TPP IP Issues' Wasn't About TPP IP Issues (16)|
|9:41am:||German Court Tells Wikimedia Foundation That It's Liable For Things Users Write (57)|
|8:40am:||Facebook Needs To Learn It Can't Teach Tolerance By Acting As An Overzealous Censor (33)|
|7:39am:||Feinstein And Rogers Try To Scare Americans With Ooga Booga Terrorism Threats (79)|