Tor Needs Exit Nodes - Help Them Out!

It is no surprise that Tor needs more exit nodes. It is also not surprising that few people volunteer to host one. When you hear stories of people getting raided by the police for hosting a Tor exit you are bound to think twice. I’ve been wondering if there was a way to help facilitate more exit nodes without having to host one myself. I thought it would be nice if those of us who support Tor could make donations to help those that are willing and able to run the nodes. It turns out that we can do that very thing. The Tor Project refers people to four charities that run nodes. They need donations to keep going. The four are: (Germany)

Noisebridge (San Francisco)

Nos-Oignons  (France)

DFRI  (Sweden)

Check them out and make a donation if you can. I did. Remember, every little bit helps.  If you have other ideas on good ways to help please leave a comment.



Government Case Blurs Line Between National Security Investigation and Ordinary Crime

The Washington Post has run a good story showing how easy it can be to blur the lines between national security and ordinary criminal investigations. It seems the FBI obtained a secret search warrant on national security grounds to search the home of Keith Gartenlaub, a Boeing employee. The FBI suspected him of spying for the Chinese in an effort to get China information on the C-17 military transport plane. In the process of searching for evidence of spying the agents found child pornography on four hard drives. Spying charges were never brought, but the pornography charges were used instead. The net result is that Mr. Gartenlaub has been convicted of a crime without proper due process as afforded by the fourth amendment to the Constitution. He was not allowed to see the warrant against him and challenge its validity. Any other defendant would have had that right. What makes this even more disturbing is the apparent weakness of the government’s case. A forensic expert said there was no credible evidence the pornography was ever viewed by anyone using the computer. Another forensic expert said there was no evidence of the illegal material ever being downloaded to the computer leading to speculation it was copied there - but no one can say for sure by whom. Two of the four drives in question had been at a beach house where numerous people had access to them. Another disturbing aspect of the case is the fact that the FBI obtained the warrant to search his personal email because he was the “nationwide Unix military administrator for Boeing.” Two other Boeing employees said there was no such position. When the case is viewed in its totality it really seems that the FBI was on a fishing expedition looking for any evidence of spying no matter how unlikely they were to find it. It even agreed to drop the pornography charges if he would talk about the C-17. When he denied the espionage charges (and everyone knew there was no evidence of spying) the government went with the next best thing. If they had not found the pornography they would have left the house and the defendant would never and know they were there. The bottom line is that the government went fishing on national security grounds but caught a common criminal. It may be legal, but it is not in keeping with the spirit of the Constitution or the Bill of Rights.

Majority Think “Dark Net” Should Be Shut Down

According to a new poll a majority of people think the “dark net” should be shut down.  Given the non-stop negative press it receives and the constant whining from governments about the “dark net” this is no surprise.  What people in Western countries don’t appreciate is just how important the “dark net” is to those living under repressive regimes.  It is also an important place for journalists and whistle blowers.  I’ll go even further and say that anonymous speech is a human right we all should be able to enjoy regardless of where we live.  It seems to be a natural human instinct to fear and attack what we cannot control and do not understand. I suspect most people do not understand the so called dark net or Tor hidden services.  They fear it because of the negative publicity and sensational news reporting on the subject. They fear it because it is not under some kind of “control.”  In my opinion, this is exactly why we should value it - because it is not controlled.  Because government oppression and public opinion cannot shut it down.  The spirit of the age seems to be working against freedom right now - calls to ban end to end encryption, ban so called “burner” phones, ban hate speech, ban tor, and ban anonymous speech.  If we don’t fight back hard now we will lose our free speech rights and once lost those freedoms may never be recovered.  I recently read 1984 for the first time and it was terrifying.  But the most terrifying thing is that I can see such a state actually existing and many people would be just fine with it.  Freedom doesn’t belong to the left wing or the right wing, it belongs to every human being.  Don’t give it up for a little perceived safety.  You won’t be safer in a police state, but you will be well on your way to living in hell.

Good Encryption is Hard Enough Without Government Back Doors

One thing I’ve found recently is that it can be hard to explain to people who don’t understand the nature of encryption on the Internet exactly why we can’t have a system of encryption that keeps the bad guys out but can let the good guys in. It sounds so simple in the abstract, our government should not be denied the ability to get to important data just because it is encrypted. What is wrong with key escrow or back doors? No matter what I say about encryption keys being stolen, governments being corrupt, etc. I just can’t seem to make my point the way I want to.

Fortunately Bruce Schneier has posted a blog piece that makes the case for us. It is called “Encryption is Harder Than It Looks.” This piece does a great job of explaining just why good encryption cannot and should not be undermined.  He points out two truths in cryptography:

  1. Cryptography is harder than it looks.
  2. Complexity is the worst enemy of security.

And gets right to the point:

“Cryptography is harder than it looks, primarily because it looks like math. Both algorithms and protocols can be precisely defined and analyzed. This isn’t easy, and there’s a lot of insecure crypto out there, but we cryptographers have gotten pretty good at getting this part right. However, math has no agency; it can’t actually secure anything. For cryptography to work, it needs to be written in software, embedded in a larger software system, managed by an operating system, run on hardware, connected to a network, and configured and operated by users. Each of these steps brings with it difficulties and vulnerabilities.”

“Although cryptography gives an inherent mathematical advantage to the defender, computer and network security are much more balanced. Again and again, we find vulnerabilities not in the underlying mathematics, but in all this other stuff. It’s far easier for an attacker to bypass cryptography by exploiting a vulnerability in the system than it is to break the mathematics. This has been true for decades, and it’s one of the lessons that Edward Snowden reiterated.”

“The second truism is that complexity is still the worst enemy of security. The more complex a system is, the more lines of code, interactions with other systems, configuration options, and vulnerabilities there are. Implementing cryptography involves getting everything right, and the more complexity there is, the more there is to get wrong.”

“Vulnerabilities come from options within a system, interactions between systems, interfaces between users and systems- everywhere.”

A security researcher told him:

If anyone tells you that [the vendor] can just ‘tweak’ the system a little bit to add key escrow or to man-in-the-middle specific users, they need to spend a few days watching the authentication dance between [the client device/software] and the umpteen servers it talks to just to log into the network. I’m frankly amazed that any of it works at all, and you couldn’t pay me enough to tamper with any of it.

Says Schneier - “The designers of this system aren’t novices. They’re an experienced team with some of the best security engineers in the field. If these guys can’t get the security right, just imagine how much worse it is for smaller companies without this team’s level of expertise and resources. Now imagine how much worse it would be if you added a government-mandated back door.”

Please take a moment to read his post. I think every business leader, politician, and anyone else with an opinion on the encryption debate should read his post and the references he provides. If we don’t stand strong on encryption now, we will never gain back the ground that is lost.


EFF Starts the Electronic Frontier Alliance

The Electronic Frontier Foundation announced that they are launching the Electronic Frontier Alliance to bring together diverse groups of activists and organizations.  The idea is for the Alliance to be a central “hub” of information and activity in the fight for digital rights and civil liberties.  It is encouraging to see that they are reaching out to a broad range of ideologically diverse groups - from BLM to the Tea Party.  Any organization that champions free speech and digital rights must do so for all groups regardless of political affiliation.

“The Alliance will bring together groups pursuing a range of strategies and tactics—from hacker spaces crowdsourcing the open source development of software tools, to student groups hosting teach-ins and documentary screenings.”

To join the group an organization must affirm 5 fundamental principles:

  1. free expression: people should be able to speak their minds to whomever will listen.

  2. security: technology should be trustworthy and answer to its users.

  3. privacy: technology should allow private and anonymous speech, and allow users to set their own parameters about what to share with whom.

  4. creativity: technology should promote progress by allowing people to build on the ideas, creations, and inventions of others.

  5. access to knowledge: curiosity should be rewarded, not stifled

These principles are the bedrock of a free and open internet and society. Give the EFF whatever support you can.  They deserve it.

New Push for Encryption Backdoors After Latest Terrorist Attacks

Congress is once again getting worked up about the need to pass legislation that will effectively make strong encryption the enemy.  The The International Business Times is reporting that Congress is “discussing various pieces of legislation that would address the use of encryption and could potentially require that tech companies build backdoors into their products for law enforcement officials.”  The attacks on encryption are all too predictable after terrorist attacks occur.  Unfortunately, the general public does not understand encryption technology or the need for it.  It is an abstract concept in most people’s minds that quickly gets pushed aside when they become frightened.  Indeed, most members of Congress do not understand how encryption makes the internet a safer place than it would otherwise be.  They also don’t understand why you can’t just “break it a little bit” and still have good security.  Encryption helps secure people’s privacy in a concrete and meaningful way.  It is precisely at times like this that there needs to be a strong push to protect privacy and resist knee jerk reactions.  Members of Congress must be made aware of how requiring tech companies to backdoor their products would devastate their international sales and ruin their credibility.  They should also know how those backdoors would open the doors to hackers and criminals.  Look for more attacks on anonymity and anonymizing tools like no contract cell phones.  This is only the beginning.  Big government wants unlimited control of everything - the Internet and you as well.

Tor Engineers Would Rather Quit Than Backdoor Tor

It was reassuring to hear Apple engineers threaten to quit their jobs rather than hack the iPhone.  Now comes another encouraging post from the engineers who work at the Tor Project.  In a statement issued on Mike Perry’s Tor Blog it is reported that Tor Engineers would rather resign than compromise the integrity of the Tor network.  Fortunately, Tor is open source and its code can be reviewed and verified by outside experts.  This makes malicious code hard to hide.  Tor is used by people all over the world to communicate sensitive information in a secure way.  Without it, those fighting for freedom in very dangerous countries would have one less tool with which to accomplish their work of bringing the truth to light.  We should all salute the integrity and determination of those working on and sustaining the Tor network.

Obama (and government in general): No Friend of Encryption and Privacy

Well, its official now. President Obama is all for a key escrow concept that undermines privacy and security.  He may not have used that term but that is exactly what he wants. At the same time, the FBI is also proving to the world that it is not content with just that one Apple iPhone in the San Bernardino case.  A leaker has revealed that it is now going after WhatsApp.  WhatsApp offers an instant messaging application with end to end encryption.  This gives WhatsApp the ability to ensure customer privacy and inadvertently evade court ordered wiretaps. There are very few details of the WhatsApp situation because the whole case is under seal. The only thing they will say is that it isn’t a terrorism case.  Which goes to show, this isn’t just about terrorism, its about the government’s insatiable appetite to get whatever the hell it wants.

Specifically, President Obama said:

     “You cannot take an absolutist view on this,” Obama said at the South  by Southwest festival in Austin, Texas. “If your argument is strong       encryption no matter what, and we can and should create black boxes, that I think does not strike the kind of balance we have lived with for 200, 300 years, and it’s fetishizing our phones above every other value.”

     “The question we now have to ask is, if technologically it is possible to make an impenetrable device or system, where the encryption is so strong there’s no key, there’s no door at all, then how do we apprehend the child pornographer? How do we solve or disrupt a terrorist plot?” Obama said. “If in fact you can’t crack that at all, government can’t get in, then everybody’s walking around with a Swiss bank account in their pocket.”

The Obama Administration’s schizophrenic position on encryption stems from its desire to be all things to all people: strong on encryption on the one hand while wanting some kind of key escrow program on the other.  I don’t see how anything other than a key escrow program will satisfy the government a this point.  The FBI position in the WhatsApp case illustrates the same points.  Only a key escrow program will give the government what they want while pretending to promote strong encryption and safe communications and data storage.  In fact, a requirement that companies be able to provide all customer data to the government could end up outlawing Tor and all encryption with perfect forward secrecy.  Make no mistake, key escrow undermines strong encryption and violates people’s fundamental right to privacy.  Some things are so private and personal that they should be beyond the government’s reach – one of those things is our computer hard drives.  In this day and age computer storage is an extension of the person – people pour their lives and souls in their computers. Whether that is a smart thing to do or not is irrelevant – it is a reality we must live with.  If, in the future, there is technology that can hack your brain, do you want a court order to be the only thing standing between you and a machine that can rape your brain and lay all your private thoughts and emotions bare for all the world to see?  I don’t, but that is where this is headed.  I hate to say it, but maybe it’s time for big US Tech companies to consider moving their operations offshore (and taking their jobs with them) to locations that are more privacy friendly. In the future I plan to add some pages to this site detailing easy steps anyone can take to safeguard their privacy – Tor, VPNs, encryption applications, disk cleaners, etc.

Here are the relevant links:


Bill Introduced In Congress To Stop States From Forcing Manufacturers To Install Crypto Backdoors In Their Products

With so many setbacks in the fight for privacy and encryption it appears we finally have two Congressmen willing to fight to keep smartphone encryption strong. Congressmen Ted Lieu and Blake Farenthold have introduced legislation that will stop states from passing bills that require device manufacturers to install crypto backdoors into their products. The idea of individual states requiring such backdoor access from device manufactures (who sell their products all over the world) is sheer stupidity on its face. But stupidity has never stopped misguided lawyer politicians. What is even more remarkable is that Congress actually has four members that have computer science backgrounds. I thought the total would be closer to zero. I’ve always assumed people with high levels of technical education or training would run screaming from the insanity of Washington. I guess that is my cynical side showing. Anyway, representative Lieu is one of those members. The bill is called the Ensuring National Constitutional Rights for Your Private Telecommunications Act of 2016.” Read the full article at Arstechnica and let your congressional representative know you support this bill.

Spies in the Sky

Here is another reminder why people who are concerned about their privacy are not being paranoid but reasonable in light of what is going on. This story highlights the warrantless surveillance being done by the police in Anaheim, California. They are using something called a DRTBox (DirtBox), developed by a Boeing subsidiary, to listen in on cell phone calls using spoofed cell towers. They can capture cell phone calls and text. These DRTs (Digital Receiver Technology) are flown in planes (maybe drones) over cities where they can pick up tens of thousands of phone signals from miles around. They basically trick your phone into connecting to their fake “tower” by using a strong signal (phones will connect to the strongest tower). DRTs also collect unique hardware numbers (IMEI) so they can track each individual phone. Even better, they can crack encryption keys. Most of the new cellular technology like LTE uses strong encryption. But your phone will still fall back to the older GSM technology if 3G and 4G connections are not available. GSM is easily crackable. By jamming 3G and 4G signals they can force your phone to use GSM and crack the encryption. They can quickly determine who you are, where you are, and what you are saying. It just goes to show that people who use application level encryption like Signal, PGP, and Redphone for example aren’t paranoid crooks but normal people behaving rationally in the age of mass state surveillance.