The change, to curtail access to the Canvas API, is incremental and likely to be limited in how it is visible to regular users. However it signals some progress in a collaboration with the Tor project to incorporate code and ideas that benefit the privacy features of Firefox and Tor Browser. The Register’s write up includes a pretty good explainer on fingerprinting and why finding ways to mitigate it is important.
Read More …
Tag: Tor
2015-11-22 The Command Line Podcast
This is an episode of The Command Line Podcast.
This time, I chat about some recent news stories that caught my attention, including:
- David Cameron capitulates to terror, proposes Britain’s USA Patriot Act
- Congressman: To stop ISIS, let’s shut down websites and social media
- Carnegie Mellon Says It Was Subpoenaed-And Not Paid-For Research On Breaking Tor
- Tor is getting a major security upgrade
- The Internet Will Always Suck
- FCC Refuses To Force Websites To Adhere To ‘Do Not Track,’ And That’s A Good Thing
- How to Baffle Web Trackers by Obfuscating Your Movements Online
- BitHub, an experiment in funding privacy OSS
- Google Public Policy Blog: A Step Toward Protecting Fair Use on YouTube
You can subscribe to a feed of articles I am reading for more. You can follow my random podcast items on HuffDuffer too.
You can directly download the MP3 or Ogg Vorbis audio files. You can grab additional formats and audio source files from the Internet Archive.
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.
2015-11-15 The Command Line Podcast
This is an episode of The Command Line Podcast.
This time, I chat about some recent news stories that caught my attention, including:
- Google Just Open Sourced TensorFlow, Its Artificial Intelligence Engine
- Microsoft open sources its machine learning toolkit
- DOJ won’t help FCC fight state laws that harm municipal broadband
- Supreme Court declines to decide whether you need a warrant to get cell site data
- Sorry, MPAA, Court Rejects Your Plan For A Secret SOPA At The ITC
- Blocked!
- Beware of ads that use inaudible sound to link your phone, TV, tablet, and PC
- Did the FBI pay Carnegie Mellon $1 million to identify and attack Tor users?
You can subscribe to a feed of articles I am reading for more. You can follow my random podcast items on HuffDuffer too.
You can directly download the MP3 or Ogg Vorbis audio files. You can grab additional formats and audio source files from the Internet Archive.
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.
EFF Supports Tor with a Relay Challenge, Legal FAQ
EFF has just announced a challenge, asking all comers to consider setting up a relay for the anonymizing Tor network. Tor stands for The Onion Router referring to the layers of encryption added with each routing hop. Relays are critical to increase the capacity of the network overall as they are the nodes doing the encrypting and routing heavy lifting. Traditionally clients have far outstripped relays yielding a less than optimal experience when making use of Tor.
There is far more information at the challenge page, including both instructions and most critically a legal FAQ. If you are going to run a relay, whether or not you will do so as an exit relay, you need to be aware of the legal issues inherent in doing so. The FAQ is a good resource to that end and even links to a list of ISPs that are known tolerant of and prohibiting Tor relays around the world.
Tor Challenge, EFF
feeds | grep links > DuckDuckGo Launches Tor Hidden Service, Wikipedia Experiments with P2P for Video, and More
- DuckDuckGo search engine errects Tor hidden service
Slashdot shares news that DuckDuckGo has made it easier to use their search engine without leaving the privacy preserving penumbra of the Tor network. Previously, the search engine set up a dedicated exit node which actually allowed searchers to keep their search traffic encrypted. Tor’s hidden services eliminate the need to start on the regular, unencrypted network at all before switching over to access services via encrypted traffic. - Competition produces vandalism detection for Wikis, Slashdot
- An open response to the USPTO, Groklaw
- Samuelson’s latest call for copyright reform
Groklaw, among others, also linked to this short article at the SFGate to which Cory linked in his discussion of Boyle’s and Jenkin’s new copyright comic book. It is a very accessible explanation of why reform is needed, prompted by the disruptions digital copying has wrought and the ensuing norms. It concludes with a brief recap of suggested areas for change that Samuelson has explored more fully in her academic writing. - Meego on Android hardware, Make
- Ubuntu 9.04 approaches end of life, The H
- Pew Research Center report on trends in technology journalism, ReadWriteWeb
- Censored maps hard-wired into Chinese iPhones, ReadWriteWeb
feeds | grep links > Microsoft Grants License to NGOs, Dell Releases Streak Sources, Register of Copyrights to Retire, And More
- Microsoft issues blanket license to NGOs outside the US
As Slashdot and others are reporting, this move by the Redmond giant is in direct response to the abuse of infringement claims for the purposes of suppressing speech. This is a laudable move by a company with a traditionally dour stance on intellectual property enforcement of all kinds. - Dell releases sources for Streak, Android Spin
Via Groklaw. - Research supports notion that self-regulation has prevented commoditization of broadband, Technology Review
- Indie developer experiments with choose-your-own-price for downloadable content, Slashdot
- Appeals court guts landmark computer privacy ruling
David Kravets explains in a piece for Ars Technica how the 9th circuit caved under pressure from federal prosecutors who felt Miranda-like guidelines were crippling their investigations. I can understand how such rules can be problematic procedurally, maybe even out of proportion with the protections they are supposed to confer. Unfortunately, this is a giant step backwards, not anything that can readily be described as justifiable streamlining. - Maximizing openness of broadband data, Google
- Register of copyrights to retire
Nate Anderson at Ars Technica explains one side of why I feel so ambivalent about the outgoing Register, Marybeth Peters. He fails to give her credit for her views on the orphan works problem, though, that balances somewhat her archaic views on new forms of expression like digital remixes. I expect this issue to heat up considerably as Big Content will no doubt do everything in their power to see a successor who leans even further towards their views. The fact that the Obama administration is lousy with appointments of former industry attorneys has me more than a little concerned. - Tor working with Google to make Chrome better at protecting privacy, Tor
feeds | grep links > Distributed Computing Spots Astronomical Rarity, Search Engine Runs a Tor Enclave, and More
- Distributed computing project spots astronomical oddity
I’ve always found the idea of harnessing spare CPU cycles from home computers and applying it to really big, data intensive projects fascinating. My own computers have been enrolled in such efforts on and off over the years. John Timmer at Ars Technica has news of the discovery of a rare pulsar as part of a side project at Einstein@Home, one of the many distributed efforts using the BOINC platform. - DuckDuckGo now operates a Tor exit enclave
Via Hacker News. “I believe this fits right in line with our privacy policy. Using Tor and DDG, you can now be end to end anonymous with your searching. And if you use our encrypted homepage, you can be end to end encrypted as well.” - Recommendations for making online petitions more ethical, honest, perhaps effecting
- Company that had largest ever credit card data breach is breached again
- Open source givers and takers
I think Mike Loukides’ analysis at O’Reilly Radar of some recent stats on open source usage vs. contribution is spot on. The bargain isn’t that all people gaining from open source give back, it isn’t even necessary for projects to thrive. Recent studies around Wikipedia illustrate how the same asymmetry can still yield incredibly worthwhile results from a much small core of contributors within a larger community of more passive users or lower volume contributors. - Challenges to scaling chips below 32nm
EFF, Tor Launch Browser Add On to Increase Security
The HTTPS Everywhere add on for Firefox doesn’t encrypt your activities online itself but it does switch your connection on supported sites over to take advantage of SSL. I pay a lot more attention to services that offer encrypted connections but not all of them use it by default. And I certainly cannot keep track of all of those that offer SSL at all whether it is the default or not. I am pretty happy to see an add on that makes using more secure connections simple and automatic.
As always, even if you’re at an HTTPS page, remember that unless Firefox displays a colored address bar and an unbroken lock icon in the bottom-right corner, the page is not completely encrypted and you may still be vulnerable to various forms of eavesdropping or hacking (in many cases, HTTPS Everywhere can’t prevent this because sites incorporate insecure third-party content).
That’s a thoughtful reminder and reinforces that all this plugin does is make it easier to take advantage of a relatively more secure way of connecting to web sites than in the clear. Hopefully the add on will encourage more sites to offer a secure alternative.
TCLP 2010-06-06 News
This is news cast 215, an episode of The Command Line Podcast.
In the intro, just a pointer to my thoughts on Balticon 44 and a recap on advertising, the badge experiment, and Flattr so far.
This week’s security alerts are OS choice does not equal security and an Android rootkit.
In this week’s news Google drops Microsoft for internal use citing security reasons though some are skeptical, figuring out if Wikileaks spun up using documents intercepted from Tor with thoughts from both the Tor project and Wikileaks itself, IBM’s 40 year old Muppet sales films, and a new paper debunks certain suggested advantages of quantum computing.
Following up this week, if you are tired of Facebook then check out a Firefox extension that aims to help preserve your privacy while using it and India tries to gather opposition to ACTA.
[display_podcast]
Grab the detailed show notes with time offsets and additional links either as PDF or OPML. You can also grab the flac encoded audio from the Internet Archive.
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.
Tor on Android
In Nat Torkington’s Four Short Links on O’Reilly Radar, he links to Orbot, an Android application that allows users to proxy any or all of their network traffic through the privacy enhancing network. (Tor, or The Onion Router, works by establishing a network of relay nodes hops through which add layers of encryption, like an onion.) Reading the details, Orbot is a comparable bundle of software to what has been available on desktop OSes. It includes Tor itself, libevent and privoxy.
If I recall correctly, previously it was possible to run a browser that integrates with Tor on Android, but now Orbot makes it easier to use Tor with any application. The project page has clear instructions, made a lot simpler if your device is rooted. There are also screen shots showing the application running, the capabilities look very comparable to Vidalia, the bundle I use on OS X.
Tor is typically quite slow due to the small number of relay nodes and the overhead of the encrypting and decrypting of traffic. I would imagine that the lighter data utilization for some aspects of a smart phone may be better matched with the speed penalty Tor imposes.
The top use, the one for which Tor was originally intended, is circumventing censorship. Being able to access that same protection from a smart phone will undoubtedly by invaluable to journalists and activists in situations where getting to a computer isn’t feasible or possible.