Firefox adopts technique from Tor to blunt browser fingerprinting

The change, to curtail access to the Canvas API, is incremental and likely to be limited in how it is visible to regular users. However it signals some progress in a collaboration with the Tor project to incorporate code and ideas that benefit the privacy features of Firefox and Tor Browser. The Register’s write up includes a pretty good explainer on fingerprinting and why finding ways to mitigate it is important.
Read More …

2015-11-22 The Command Line Podcast

newspapers-444447_1920This is an episode of The Command Line Podcast.

This time, I chat about some recent news stories that caught my attention, including:

You can subscribe to a feed of articles I am reading for more. You can follow my random podcast items on HuffDuffer too.

You can directly download the MP3 or Ogg Vorbis audio files. You can grab additional formats and audio source files from the Internet Archive.

Creative Commons License

This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.

2015-11-15 The Command Line Podcast

old-newspaper-350376_1280This is an episode of The Command Line Podcast.

This time, I chat about some recent news stories that caught my attention, including:

You can subscribe to a feed of articles I am reading for more. You can follow my random podcast items on HuffDuffer too.

You can directly download the MP3 or Ogg Vorbis audio files. You can grab additional formats and audio source files from the Internet Archive.

Creative Commons License

This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.

EFF Supports Tor with a Relay Challenge, Legal FAQ

EFF has just announced a challenge, asking all comers to consider setting up a relay for the anonymizing Tor network. Tor stands for The Onion Router referring to the layers of encryption added with each routing hop. Relays are critical to increase the capacity of the network overall as they are the nodes doing the encrypting and routing heavy lifting. Traditionally clients have far outstripped relays yielding a less than optimal experience when making use of Tor.

There is far more information at the challenge page, including both instructions and most critically a legal FAQ. If you are going to run a relay, whether or not you will do so as an exit relay, you need to be aware of the legal issues inherent in doing so. The FAQ is a good resource to that end and even links to a list of ISPs that are known tolerant of and prohibiting Tor relays around the world.

Tor Challenge, EFF

feeds | grep links > DuckDuckGo Launches Tor Hidden Service, Wikipedia Experiments with P2P for Video, and More

feeds | grep links > Microsoft Grants License to NGOs, Dell Releases Streak Sources, Register of Copyrights to Retire, And More

feeds | grep links > Distributed Computing Spots Astronomical Rarity, Search Engine Runs a Tor Enclave, and More

EFF, Tor Launch Browser Add On to Increase Security

The HTTPS Everywhere add on for Firefox doesn’t encrypt your activities online itself but it does switch your connection on supported sites over to take advantage of SSL. I pay a lot more attention to services that offer encrypted connections but not all of them use it by default. And I certainly cannot keep track of all of those that offer SSL at all whether it is the default or not. I am pretty happy to see an add on that makes using more secure connections simple and automatic.

As always, even if you’re at an HTTPS page, remember that unless Firefox displays a colored address bar and an unbroken lock icon in the bottom-right corner, the page is not completely encrypted and you may still be vulnerable to various forms of eavesdropping or hacking (in many cases, HTTPS Everywhere can’t prevent this because sites incorporate insecure third-party content).

That’s a thoughtful reminder and reinforces that all this plugin does is make it easier to take advantage of a relatively more secure way of connecting to web sites than in the clear. Hopefully the add on will encourage more sites to offer a secure alternative.

TCLP 2010-06-06 News

This is news cast 215, an episode of The Command Line Podcast.

In the intro, just a pointer to my thoughts on Balticon 44 and a recap on advertising, the badge experiment, and Flattr so far.

This week’s security alerts are OS choice does not equal security and an Android rootkit.

In this week’s news Google drops Microsoft for internal use citing security reasons though some are skeptical, figuring out if Wikileaks spun up using documents intercepted from Tor with thoughts from both the Tor project and Wikileaks itself, IBM’s 40 year old Muppet sales films, and a new paper debunks certain suggested advantages of quantum computing.

Following up this week, if you are tired of Facebook then check out a Firefox extension that aims to help preserve your privacy while using it and India tries to gather opposition to ACTA.

[display_podcast]

Grab the detailed show notes with time offsets and additional links either as PDF or OPML. You can also grab the flac encoded audio from the Internet Archive.

Creative Commons License

This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.

Tor on Android

In Nat Torkington’s Four Short Links on O’Reilly Radar, he links to Orbot, an Android application that allows users to proxy any or all of their network traffic through the privacy enhancing network. (Tor, or The Onion Router, works by establishing a network of relay nodes hops through which add layers of encryption, like an onion.) Reading the details, Orbot is a comparable bundle of software to what has been available on desktop OSes. It includes Tor itself, libevent and privoxy.

If I recall correctly, previously it was possible to run a browser that integrates with Tor on Android, but now Orbot makes it easier to use Tor with any application. The project page has clear instructions, made a lot simpler if your device is rooted. There are also screen shots showing the application running, the capabilities look very comparable to Vidalia, the bundle I use on OS X.

Tor is typically quite slow due to the small number of relay nodes and the overhead of the encrypting and decrypting of traffic.  I would imagine that the lighter data utilization for some aspects of a smart phone may be better matched with the speed penalty Tor imposes.

The top use, the one for which Tor was originally intended, is circumventing censorship. Being able to access that same protection from a smart phone will undoubtedly by invaluable to journalists and activists in situations where getting to a computer isn’t feasible or possible.