California Representative Defends Library Supporting Tor

Zoe Lofgren

Zoe Lofgren, California Representative, wrote to Jeh Johnson, the head of the Department of Homeland Security (DHS), defending the right of library in New Hampshire as regards offering Internet anonymity. In her letter that demanded an explanation, she stated that the possibility of DHS employees persuading or pressurizing public as well private entities to degrade or discontinue their services, which would help US citizens protect their anonymity and privacy, has disturbed her a lot. Meanwhile, a congressman in California is trying to have a clear understanding about the idea of Internet anonymity and as to why the DHS singled out one small library in New Hampshire.

Towards the end of summer season this year, an agent from the Department of Immigrations and Customs Enforcement, a subsidiary of DHS, put pressure on the Kilton Public Library in New Hampshire. The agent persuaded the library to disable the Tor relay which it was making use of to connect to a network that offered Internet anonymity. Librarians working at Kilton, located in West Lebanon, unanimously voted for the library to continue to offer Tor relay services. In fact, they also decided that they would step up their game. In the meantime, a number of other libraries have also started joining the movement.

Tor software
Tor relays, like the one that the Kilton Public Library is using, bolsters the Tor network which allows Internet users to access the World Wide Web without the surveillance of the authorities. This network is dependent on volunteers who donate bandwidth.

The library decided to temporarily stop the use of its Tor relay following the pressure put on them initially by the enforcement authorities. However, the library decided to reverse its decision and reboot its Tor relay. The local community has whole heartedly supported Kilton Public Library’s decision. Further, news outlets as well as civil rights groups all over the country have taken note of the issue.

Lofgren wrote in her letter addressed to Jeh Johnson that the product Tor network has been developed on the basis of research carried out at the DPRPA and Naval Research Laboratory in the United States of America. She also drew his attention to the fact that Tor network is being made use of by journalists, dissidents, intelligence sources, activists and other individuals who are concerned about their privacy and Internet anonymity. Tor enables them to keep details of their browsing activity private. The version of the Internet anonymity network that is being used currently continues to receive significant amount of funding by way of government grants.

The gist of the questions posed by Lofgren in her letter is as follows:

Question #1: Is the interference with the offering of the Kilton Public Library to protect the privacy of the Internet users the result of the policy of the DHS to persuade private or public entities from providing such services or is this an independent action by an agent without any kind of authorization?

Question #2: If an agent of the DHS has acted independently, what steps are being taken by the DHS to ensure that agents do not interfere in this manner with privacy protection services that are being made available to the public?

Question #3: Is there any other instance wherein a DHS agent was involved in either pressurizing or persuading private or public entities in either stopping their offering of privacy or Internet anonymity services or reducing the effectiveness of the services provided by them?

Further, Lofgren has requested the DHS to submit to her office relevant copies of the DHS guidance, policy or memo, if any, that deals with the issue of deterring or supporting the provision of privacy protection services by private entities, public entities or individuals.

It was Alison Macrina who helped the Kilton Public Library to set up its Tor relay system. Alison Macrina who founded the Library Freedom Project is passionate when it comes to this issue. According to her, libraries are the most democratic among public spaces. It is, therefore, important to ensure protection to an individual’s intellectual freedom, unencumbered access to information and privacy or Internet anonymity, she noted.

Vuvuzela: New Online Anonymity Tool

Researchers from Massachusetts Institute of Technology (MIT) have developed a new messaging system called Vuvuzela which can be used to provide online anonymity and is believed to be more secure than the popular Tor system.

The researchers, who have been working on the project for close to six months now publicized their success early in December in a press release and have put down this achievement to imperative piety and close scrutiny of the Tor network.

Earlier this year, an all-best partnership between researchers from Qatar Computing Research Institute (QCRI) and MIT did a deep going-over on the undisputed online anonymity tool Tor in a bid to expose its bugs and vulnerabilities, and came up with a report deeming the network as 88 percent accurate.
Vuvuzela
The Vuvuzela system is basically modeled on Tor, and the analysis of the directions taken by various packets on Tor nodes helped them design the new 99 percent accurate Text Messaging System.

The main difference between the two soon-to-be rivals is that Vuvuzela doesn’t allow third parties to develop patterns and use them as a way through to the original servers, something Tor cannot guarantee. What’s more the new system, unlike Tor, has undergone mathematical validation by experts in a public paper “Scalable Private Messaging Resistant to Traffic Analysis” as proof for its online anonymity credentials.
Man Using Tor
For the old Tor system to work, every user leaves their message on predefined locations like, say, Internet-connected dread drop servers, where other people can retrieve the message. If there were four people using the system, for instance, and only two of them were exchanging text messages, the fact that there is a conversation between two people on the server would be obvious and anyone would easily make a pattern and find a way into the servers.

On Vuvuzela, though, the complexity of the goings-on leaves no room for online anonymity jeopardy. With or without information, in this system, information flow towards the dead-drop server is kept constant, making it hard for anyone analyzing patterns to find a clear-cut track into the server as the traffic seems’ to come from numerous untraceable locations all the time.

Of course the hacker can take a further step and infiltrate the server to find the real users and the locations from which the messages are coming, and that makes the system still unreliable. So, to make it perfect, the researchers created two more servers to make it three and two more layers of encryption, a measure that makes it downright impossible for a hacker to study the patterns and look into the message threads and the identity of the users.

And that’s not all. The dead drop servers have been designed in such a way that understanding them would be difficult for anyone. The first server, for instance, sports the top most encryption layer on the messages whose order has been deliberately tampered with. The second layer does the same, and only the third layer provides and displays the messages in the order preferred by the recipient.

Not unless all the three layers are compromised, which is next to impossible, according to the brains behind the architecture, messages and user identity is safe from third party access and online anonymity is guaranteed.

According to Nickolai Zeldovich, co-leader of the Parallel and Distributed Operating Systems group, who clearly doesn’t intend to cast Tor in bad light, believes that Tor’s assumption that no single hacker in controls multiple nodes in his system cannot be relied on to provide online anonymity these days because “maybe there’re people out there who can compromise half of your servers.”

While it would be tricky for some of us to buy this idea (every new invent comes with a load of hype, basically), the team from MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) believe their advanced text message system can guarantee 100 percent online anonymity and allow for exchange of messages approximately once a minute. “Statistically, it’s next to impossible for a hacker to tell whether messages received at the same time window were destined for the same recipient,” explains CSAIL. “Those statistical assurances stand even if one or two of the servers get infiltrated. The system will conventionally work as long as one server remains uncompromised.”

Tor Announces Their New Executive Director

After five months of pursuit for a new Executive Director, Tor’s quest has finally come to an end. Tor had been looking for someone to continue leading the organization with the same enthusiasm and having in mind the same values this giant has been promoting over the years; someone who can work on educating the public about the importance of online anonymity.

It is Shari Steele, a former Executive Director at Electronic Frontier Foundation (EFF), that has been announced as the new Executive Director of Tor Project. The choice is really quite logical, for the two organizations have more than one thing in common.

While Tor provides online anonymity for its users using the encrypted multilevel relays, the EFF describes itself as the leading nonprofit organization defending civil liberties in the digital world. Tor provides specific online service to its users and EFF is more involved in protecting human rights in legal sense.

Who is Shari Steele?

Shari Steele

According to Wired’s opinion, Steele sounds like an ideal person for leading the Tor Project. She started her career at EFF as a leader of a small group of lawyers and led them into becoming the world-class team. EFF has been involved in almost every significant legal battle of the digital world; it even battled with NSA’s dragnet surveillance programs and challenged the government’s use of National Security Letters.

Shari Steele is often described as a passionate advocate of free speech, and during her time at EFF as Executive Director her main responsibilities were fundraising, financial structure, employee welfare and benefits, support system for the office and many other things. Her leaving the organization was the result of her wish to move.

Shari Steele has proven herself a great leader and probably the best testimony for that is the “Farewell blog post” by her former colleagues.

The founder of EFF, Mitch Kapor recalled the early days of the organization which also coincides with the early days of cyberspace. He also spoke about Steele’s role in stabilizing and transforming the organization into, as he put it “a beacon of freedom in today’s online world.” Kapor went on to express his huge personal gratitude to Steele, wishing her best of luck in her future business ventures.

Her interest in taking the role of Tor’s ED is not a big surprise, since this is not the first time Steele is involved with Tor. At very same farewell blog post, Roger Dingledine, Project Leader, Director, Researcher at Tor Project remembered Steele’s crucial decision when she “took a chance” and helped fund the project in 2004, despite EFF being more focused on legal aspect of the similar idea. Dingledine pointed out that Tor and online anonymity might not even exist today if it wasn’t for Steele at the crucial moment. On two more occasions Steele stepped in for Tor, once with resources in staff and the second time as fiscal sponsor when Tor applied for Omidyar grant.

Tor Today

Despite being created as means for online anonymity, which was supposed to provide Internet users with security and freedom, Tor has met with many negative reactions of the general public, mainly due to excessive misuse by the drug dealers selling illicit drugs on darknet markets. These darknet markets can only be accessed via Tor Browser; hence its appeal.
tor browser logo

Nevertheless, there are still more positive applications of Tor network and online anonymity it provides, for many journalist and freedom fighters use it a tool for communicating with whistleblowers, especially in countries with limited freedom of speech.

New Executive Director of Tor will have a difficult job of presenting it to the public as a good thing; an idea of online anonymity that really should be supported with heart and soul; as well as sponsored. Shari Steele believes that no major turnover in Tor’s business will take place after she assumes her position – it will remain the leading provider of online anonymity and security on the internet today; plus, she is promising to expand the boundaries to new horizons. What this boundaries-and-horizons part means exactly remains for us to see.

In the meantime, Roger Dingledine is relieved to have the new Executive Director and is very excited that his team of developers will finally be able to completely devote to improving Tor network.

Roger DingledineSome might say “About time!” because earlier this year one of the darknet markets, Agora, “retired” from business claiming that they have found a glitch in Tor’s security system and decided to wait some time until this is fixed.

Another incident is also related to this glitch in Tor network. Back in 2014 in the Operation Onymous more than 27 darknet markets have been seized because the online anonymity Tor was supposed to provide was compromised.

Cybersecurity Firm Offers To Pay Hackers Who Can Break Tor

Since the early days of the internet, the greatest threat that users have faced is a breach of their Internet anonymity. One of the greatest yet worst features of the internet has been that no matter who someone is in real life they have no obligations to be that person or to be responsible for their actions online. In more modern times however, with the rise of social media and the mobile device revolution, keeping that anonymity has been harder than ever. So, to combat this, the Tor network was developed in the mid-1990s as a way to hide one’s presence online and to retain one’s important Internet anonymity.

send-email
So in order to further understand why one would want to break through such a system, we must first understand how it works. The internet effectively works as a giant mailing system, sending objects back and forth like letters that contain information, a sending address, and a return address. So, if a server wanted to see who was connected they would simply look at the “return address” and that would lead them back to the connected user. As this has become quite a popular technique, it has been harder to keep Internet anonymity. The way the Tor network works is as if you wanted to send a letter from New York City to Los Angeles, California but you didn’t want them to know who it was from. So instead of sending it straight there, you send your letter to a friend in France who repackages the letter with their return address, and then they send it to someone in Britain who repackages the letter with their return address, and then that is sent off to one of their friends in Australia who finally repackages the letter with their return address and sends it to Los Angeles. Now if someone wanted to track that letter back to its original sender it would be almost impossible as they would have to track down each of the people who redirected the letter and request the previous return address until they got all the way back to you.

This system makes it incredibly difficult to track down the original user who wants to keep a low-profile and allows them to retain their Internet anonymity with little effort on their part. This has been incredibly useful for those who are partaking in illicit and illegal activities and want to hide their true identity from governments who wish to track down those who have committed cybercrimes. As one can imagine it takes quite a bit of work and international cooperation to obtain all of these “return addresses” to finally remove the internet anonymity of the alleged cyber criminals, making the process of catching these criminals often ineffective.

Internet anonymity is a difficult issue for law enforcement agencies and governments who need to track down cyber criminals, and this is where Zerodium comes into play. Zerodium is a company that essentially sells ways to break into computer systems and networks to private companies and governments; either for testing their own networks to improve security or for law enforcement. As the Tor network is used by many criminals in order to maintain their Internet anonymity, it has been the subject of many hacker “research projects” in order to figure out how to exploit the network to identify criminals or to improve the network, depending on which side you work for.
Hack Tor network
Depending on the difficulty of the hack on the Tor network, hackers can receive upwards of $30,000 USD. That is a lot of money by any standard but doesn’t even compare to some of the other premium cash rewards that the company offers to hackers. If a hacker can manage to find an exploit to an iOS device they can expect to see well over $500,000 USD for their efforts. There is however a restriction which does make a bit of sense, all of the exploits that are sold to Zerodium must be never before seen, otherwise known as Zero-Day exploits. By offering these new premium rewards for hackers publicly, Zerodium has ushered in a new era in minimized Internet anonymity, where everyone is out there to destroy it. There is no doubt that this will forever change the way that we not only protect ourselves from hackers but also how we relate to the internet.

Behavioral Profiling: Tool That Can Shatter Online Anonymity

Researchers from GREYC research lab have engineered a behavioral profiling program that distinguishes different individuals through their keystrokes. Whether it’s your typing speed, consistency or frequency of making systematic typing errors, this technique obliquely shatters online anonymity. Though arguable benign data, it is crucial in identifying behavior and matching it to the right person. To further threaten your onlineanonymity, this technique easily pick up usernames and passwords when you visit membership-based websites; in essence, invading your privacy.

Working in close collaboration, behavioral biometrics and behavioral profiling precisely draft your online portfolio, making it easier to keep tabs on you as soon as you start typing and speaking online from a certain location; your facial features are analyzed as well. Whereas behavioral biometrics are based on subtle nuances in your typing patterns, voice, location and special features, behavioral profiling track your online presence after having analyzed your behavior. Each needs the other to accomplish what many loath; shatter your online anonymity without remorse. No one is in the clear when it comes to behavioral profiling.

Though it may appear relatively harmless when being collected by a single website, imagine the level of privacy breach involved when multiple websites, all big names in the industry and collectively owned by one entity, collect crucial information without the user’s content. These multiple sites act as information databases and when matched up and compared, your profile will be created within no time and with little or no gaps. The researchers at GREYC lab are using JavaScript or a profiling app to collect biometric data, especially keystrokes. The amount of time between your keystrokes is also noted and aids in creating your profile, further compromising your online anonymity.

If it’s perfectly normal for you to omit spacing your words, this technique developed by researchers will associate this behavioral trait with you more so if you frequent the same websites at a particular time of the day. Each time you add new information to these websites; this tool will gobble up the information, update it in your profile and continue mapping your different characteristics. Online anonymity, though bolstered by numerous passwords and sign-in options, will soon be an open book. Data mining entities are on the rise and some have already been bold enough to deny these claims even when evidence is presented.

The GREYC lab researchers have portrayed consistency in the results brought forth by their algorithm. Your keystrokes are not a rigid structure and from time to time, there will be considerable differences. Even then, the graphs used in identifying your online presence remain largely uniform, distinguishing you from anyone else whose behavioral traits seem to match yours. Just like fingerprints were and still are used for identification, this evolved to DNA and now keystrokes are beckoning to be the leading identifier online; the possibilities which this technology can unleash are limitless, especially in the cybercrimes units. Online anonymity may have been assured by private window browsing’ or application of passwords a few years ago but think again; the playing field has drastically changed and is no longer level.