EFF Supports Tor with a Relay Challenge, Legal FAQ

EFF has just announced a challenge, asking all comers to consider setting up a relay for the anonymizing Tor network. Tor stands for The Onion Router referring to the layers of encryption added with each routing hop. Relays are critical to increase the capacity of the network overall as they are the nodes doing the encrypting and routing heavy lifting. Traditionally clients have far outstripped relays yielding a less than optimal experience when making use of Tor.

There is far more information at the challenge page, including both instructions and most critically a legal FAQ. If you are going to run a relay, whether or not you will do so as an exit relay, you need to be aware of the legal issues inherent in doing so. The FAQ is a good resource to that end and even links to a list of ISPs that are known tolerant of and prohibiting Tor relays around the world.

Tor Challenge, EFF

feeds | grep links > DuckDuckGo Launches Tor Hidden Service, Wikipedia Experiments with P2P for Video, and More

feeds | grep links > Microsoft Grants License to NGOs, Dell Releases Streak Sources, Register of Copyrights to Retire, And More

feeds | grep links > Distributed Computing Spots Astronomical Rarity, Search Engine Runs a Tor Enclave, and More

EFF, Tor Launch Browser Add On to Increase Security

The HTTPS Everywhere add on for Firefox doesn’t encrypt your activities online itself but it does switch your connection on supported sites over to take advantage of SSL. I pay a lot more attention to services that offer encrypted connections but not all of them use it by default. And I certainly cannot keep track of all of those that offer SSL at all whether it is the default or not. I am pretty happy to see an add on that makes using more secure connections simple and automatic.

As always, even if you’re at an HTTPS page, remember that unless Firefox displays a colored address bar and an unbroken lock icon in the bottom-right corner, the page is not completely encrypted and you may still be vulnerable to various forms of eavesdropping or hacking (in many cases, HTTPS Everywhere can’t prevent this because sites incorporate insecure third-party content).

That’s a thoughtful reminder and reinforces that all this plugin does is make it easier to take advantage of a relatively more secure way of connecting to web sites than in the clear. Hopefully the add on will encourage more sites to offer a secure alternative.

TCLP 2010-06-06 News

This is news cast 215, an episode of The Command Line Podcast.

In the intro, just a pointer to my thoughts on Balticon 44 and a recap on advertising, the badge experiment, and Flattr so far.

This week’s security alerts are OS choice does not equal security and an Android rootkit.

In this week’s news Google drops Microsoft for internal use citing security reasons though some are skeptical, figuring out if Wikileaks spun up using documents intercepted from Tor with thoughts from both the Tor project and Wikileaks itself, IBM’s 40 year old Muppet sales films, and a new paper debunks certain suggested advantages of quantum computing.

Following up this week, if you are tired of Facebook then check out a Firefox extension that aims to help preserve your privacy while using it and India tries to gather opposition to ACTA.

Grab the detailed show notes with time offsets and additional links either as PDF or OPML. You can also grab the flac encoded audio from the Internet Archive.

Creative Commons License

This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.

Tor on Android

In Nat Torkington’s Four Short Links on O’Reilly Radar, he links to Orbot, an Android application that allows users to proxy any or all of their network traffic through the privacy enhancing network. (Tor, or The Onion Router, works by establishing a network of relay nodes hops through which add layers of encryption, like an onion.) Reading the details, Orbot is a comparable bundle of software to what has been available on desktop OSes. It includes Tor itself, libevent and privoxy.

If I recall correctly, previously it was possible to run a browser that integrates with Tor on Android, but now Orbot makes it easier to use Tor with any application. The project page has clear instructions, made a lot simpler if your device is rooted. There are also screen shots showing the application running, the capabilities look very comparable to Vidalia, the bundle I use on OS X.

Tor is typically quite slow due to the small number of relay nodes and the overhead of the encrypting and decrypting of traffic.  I would imagine that the lighter data utilization for some aspects of a smart phone may be better matched with the speed penalty Tor imposes.

The top use, the one for which Tor was originally intended, is circumventing censorship. Being able to access that same protection from a smart phone will undoubtedly by invaluable to journalists and activists in situations where getting to a computer isn’t feasible or possible.

Google and Tor

Google’s open source blog has a post about their contributions, through the Summer of Code program primarily, to the Tor project and much more on why Tor and tools like it are important. Tor is a tool useful for circumventing censorship by layering encryption and routing through relays like the layers of an onion (hence T.O.R. == The Onion Router).

I am glad that Google is supporting development of Tor but I’d be happier still if they would contribute some servers and bandwidth to the network of relays that is key to its operation. The biggest complaint that I have with Tor, a common gripe from its fans and users, is that it is slow as dirt. There simply are never enough relays in the network to make it usable for any but the most critical needs.

If you’ll indulge me, I’d also like to share another petty criticism of this post. It reads as a little self serving to me. More than once it trots out this rhetorical line that runs to the sentiment of: “Tor is useful for dealing with services that don’t respect your privacy, unlike Google who totally respects your privacy and lets you opt-out and stuff.” Don’t get me wrong, the bulk of the post focuses on some very important issues that Tor is tackling and Google supports, I just don’t see the need for Google to emphasize its own non-evilness. Especially in a post where they are supporting such an excellent tool for evading evil intentions.

This post also made me think back to Ethan Zuckerman’s recent post suggesting circumvention alone is not enough to foil censorship. Worth bearing in mind as we read up on the latest news about such tools.

Quick Security Alerts for Week Ending 1/24/2010

The Intriguing Merits of the Timezone File, Tor Ported Natively to Android, and One More

Just three more stories on the cusp of last week and this coming week, ones I could not hold off on until tomorrow.

  • White House deploys Drupal
    This story looks as simple as it appears on cursory inspection. Even the White House gets to some degree the benefits around freeing themselves from vendor lock and being able to leverage the crowd driven innovation of an open tool like Drupal. Best of all, they have risen above FUD on this particular case to focus more on constructive opportunities.
  • The literary and scholarly merits of the timezone file
    Cory’s post on BB has me tempted to crack this file on one of my systems, too, to observe the noteworthy marginalia first hand. Having worked on systems not just subject to the whims of time zone changes but utterly dependent on them, I find this post even more compelling. I can totally grok the need for this sort of digital archeology and commentary.
  • Tor port for the Android platform
    This is fantastic news and the fact that it is a native, C port means it should run much slower than it does on desktops. I have to admit to being down on many of the so-called open phone platforms, lately, but this is clearly a huge win enabled by them.