Tag: tor

Fact-checking Pando’s smears against Tor

Posted December 11, 2014 in drama tor

If you’ve been able to ignore Pando Daily’s 100% non-technical smear campaign against the Tor Project and its developers and supporters, you’re lucky, and you may wish to stop reading now. Otherwise, read on, and perhaps prepare to lose a few brain cells.

Yasha Levine’s “investigation” against Tor unveiled what’s already prominently displayed on Tor’s website: that it was designed by the Navy and that it receives a lot of federal funding, the bulk of which comes from the Department of Defense.

Continue reading →

Using Tor Browser Launcher in Qubes

Posted May 9, 2014 in tor qubes

I maintain a piece of software called Tor Browser Launcher. It takes care of downloading Tor Browser Bundle for you, verifying the gpg signature, making sure you’re always using the latest version of Tor Browser, and making it easier to launch.

I originally only made Tor Browser Launcher work in Debian-based distributions, but since the default templates in Qubes are based on Fedora, I recently ported it to RPM-based distributions as well. Here’s how to set it up.

Continue reading →

Two really simple things Microsoft can do to make Windows more secure against NSA

Posted December 29, 2013 in crypto spies security tor

Thanks to Edward Snowden and journalists at Der Spiegel, today we learned about Tailored Access Operations (TAO), NSA’s world-class hacking team. There was a lot of interesting information in that article (like how they divert shipping of electronics to a secret warehouse where they can modify it to install backdoors!).

But I’m just going to talk about how they use Microsoft error reports to gather private information about Windows computers that can be used to compromise their security — a problem that’s trivially easy for Microsoft to fix.

Continue reading →

sudo apt-get install torbrowser

Posted April 9, 2013 in tor crypto security

TL;DR: I wrote a piece of software called Tor Browser Launcher that downloads and auto-updates Tor Browser Bundle for you, in your language and for your architecture, and verifies signatures. I’d like help finding bugs before the initial release.

Over the years, Tor Project has done an amazing job at making Tor more user-friendly. In the past if you wanted anonymity you had to download and install Tor, maybe hand-edit your torrc file, and configure your browser to use a proxy server. You had to make sure that you didn’t have browser plugins like Flash or Java enabled that would compromise your anonymity. Eventually, this got easier when you could install the TorButton Firefox add-on, but even then you had to keep manually separate your own identity and your anonymous browsing.

Continue reading →

How to Get a Tor Project T-Shirt For Less Than $65

Posted March 19, 2013 in tor

The Tor Project is awesome. It’s a network of volunteer proxy servers that make it possible for people to use the internet anonymously.

I decided to contribute to the Tor network by running my own exit node called gollum. I’m paying Gandi $16/month for a VPS in Paris, France. As of this writing the uptime on my Tor server is 69 days, 12 hours.

Continue reading →

Bradley Manning's statement shows that US intelligence analysts are trained in using Tor

Posted March 12, 2013 in tor leaks

This morning I had the opportunity to help Freedom of the Press Foundation publish the full, previously unreleased audio recording of Bradley Manning’s statement to the military court in Ft. Meade about his motivations for leaking over 700,000 government documents to WikiLeaks.

In his statement Bradley Manning not only explains his motivation for leaking documents to WikiLeaks (he contacted the Washington Post and the New York Times first), but also technically how he went about doing it, including the software and protocols he used.

Continue reading →

Mobile Location Anonymity: Proxying Twitter, IM, and Email through Tor on Android

Posted February 1, 2013 in crypto mobile tor

Each time your computer makes a connection to a server on the internet, you tell the remote server, as well as your ISP and every router in between, your IP address. If you’re using the internet on your phone you might be disclosing the IP of your 3G or 4G connection, or the IP of the wifi network you’re connected to.

If your phone checks for new emails or tweets every couple minutes, or keeps up a consistent connection to your instant messenger server, any of those services is almost definitely logging a history of your IP addresses.

This IP address data could be used to figure out your physical location over time. This is the information that New York City subpoenaed Twitter for, to get the private messages and IP addresses (read: location data) of Occupy protester Malcolm Harris.

Continue reading →