In his latest blog post Bruce Schneier explains why data mining for terrorist patterns is pretty much useless and unsuccessful, while still killing our privacy.
In the words of Schneier:
We're not trading privacy for security; we're giving up privacy and getting no security in return.
I couldn't agree more.
Warning: Very long post ahead. You have been warned!
From the project website:
Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features.
Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security. Communications are bounced around a distributed network of servers called onion routers, protecting you from websites that build profiles of your interests, local eavesdroppers that read your data or learn what sites you visit, and even the onion routers themselves.
Tor also allows you to set up and/or use a so-called Tor hidden service, i.e., a server that offers some service (a website, ssh access, or similar) without revealing its IP to its users.
Why would you want to use Tor? Well, because you probably don't want anybody (neither state agencies, nor companies, nor "hackers", nor any other individuals or groups) to be able to record, analyze, and (ab)use information about your web browsing habits, or any other communication habits. For instance, you don't want Google to have a complete search-profile of you, which — even worse — might some day get in the hands of other parties. In the days of massive data retention you don't want all your electronic traces to be recorded, stored for ages, analyzed, and data-mined for dubious reasons and with even more dubious results and false conclusions drawn that might negatively affect you. If you're a human rights activist in China, you want anonymous communication. If you're a whistleblower, you want anonymous communication. The list is endless.
For securing your communications, so that nobody is able to sniff your emails, your chat messages, your passwords, your private documents and conversations, you use encryption. For communicating anonymously you can use Tor. Combine both, and you have secure and anonymous communication.
In case you're wondering whether criminals might abuse Tor, read the Tor Abuse FAQ. Short answer: yes, but if you're willing to break the law, you already have anonymity (open access points, stolen/prepaid mobile phones, etc.). You don't need Tor to do bad things if you're a criminal.
If you're one of those horrible "oh, but I don't have anything to hide" guys, consider this: Say you have a drug/alcohol problem and want to visit an anti-drugs/anti-alcohol website or forum for help. Would you want the whole world, your neighbors, your co-workers, your boss, to know that, or would you rather want to keep that a secret? Say you have AIDS and want to get information on the web? Or, to make the example even more dramatic: Would you want some random guys to be able to watch you while you fuck your wife? No? So you have something to hide after all, right?
My point is: Everyone has something to hide, even more, it is a basic human right to have the ability to hide something. It's called privacy.
Tor implements a form of onion routing to, basically, push encrypted data through multiple Tor nodes (servers), before it reaches the final destination (e.g. a website). The result is that neither the website owner, nor a local eavesdropper, nor any single Tor server knows who requested that specific website, hence you are communicating anonymously. For more technical details, read the Tor overview and the Tor documentation pages.
In order to use Tor, you have to install and run a local Tor client/daemon (this is not necessarily a Tor server!). On Debian, type
apt-get install tor, on other systems you can get the respective binary packages or download the sources and compile Tor yourself.
apt-get install privoxy.
After installing and starting Tor and Privoxy, you can now configure your webbrowser to use Privoxy as an HTTP proxy (see below), and Privoxy will in turn use Tor to anonymize your communication if you add "
forward-socks4a / localhost:9050 ." to your /etc/privoxy/config.
Most (but not all) of the following information is also covered in the very useful Torify HOWTO in the Tor wiki (I will add the missing information there, ASAP). As I'm pretty paranoid, I have checked every single of these configurations with Ethereal to ensure that the traffic is really anonymized. However, if you are paranoid, you shouldn't trust me, but rather test this stuff for yourself!
Warning: DNS Leaks:
The biggest problem with many applications is that they leak DNS requests. That is, although they use Tor to anonymize the traffic, they first send a DNS request untorified in order to get the IP address of the target system. Then they communicate "anonymously" with that target. The problem: any eavesdropper with more than three brain cells can conclude what website you visited, if they see that you send a DNS request for rsf.org, followed by some "anonymous" Tor traffic. The solution: use Tor together with Privoxy, that prevents DNS leaks. Many non-HTTP-based applications are usually torified using a small tool called
torify (e.g. by typing
torify fetchmail), but often this approach has DNS leaking problems, see below.
Webbrowser: Firefox, Mozilla, Galeon, Konqueror, ...:
Most browsers can be torified by using Privoxy as an HTTP(S) proxy, i.e. using
127.0.0.1 as proxy host and
8118 as proxy port.
For example, to torify Firefox go to Edit -> Preferences -> General -> Connection Settings -> Manual proxy configuration and configure:
HTTP Proxy: 127.0.0.1 port 8118
SSL Proxy: 127.0.0.1 port 8118
FTP Proxy: 127.0.0.1 port 8118
For Konqueror, go to Settings -> Configure Konqueror -> Proxy -> Manually Specify the proxy settings -> Setup and configure:
HTTP Proxy: 127.0.0.1 port 8118
HTTPS Proxy: 127.0.0.1 port 8118
FTP Proxy: 127.0.0.1 port 8118
Warning: Although Privoxy doesn't support FTP, you should configure the browser to use Tor + Privoxy for FTP. By doing that, you get an error message when you try to access
ftp:// URLs, but at least you don't send untorified traffic without noticing.
Warning: Firefox's "Live Bookmarks" (RSS feeds) are a problem if you switch from a torified to an untorified state sometimes (by switching or enabling/disabling the proxy). Firefox periodically requests all the feeds you're subscribed to. If you turn off Tor + Privoxy usage, they will be requested non-anonymously, and you won't even notice it! Solution: remove all "Live Bookmarks", or never switch to untorified browsing.
HTTP-based tools: lynx, links, w3m, wget, curl, ...:
Most other HTTP tools, such as wget, can be torified by setting the respective values for the
HTTP_PROXY environment variables. Applications that don't honor
http_proxy probably have a configuration option to set the HTTP proxy.
Add this to your
~/.bashrc or similar config-file:
export http_proxy HTTP_PROXY
Warning: links is a notable exception here. It does not honor the
http_proxy environment variable! However, you can add
http_proxy 127.0.0.1:8118 to your /etc/links.cfg and/or to your ~/.links/links.cfg. Or go to Setup -> Network Options and do the same there. Or use the
-http-proxy 127.0.0.1:8118 command line option.
Instant Messaging: Gaim:
Go to Preferences -> Network -> Proxy and configure this:
Proxy type: Socks 5
Gaim doesn't seem to leak DNS requests.
http_proxy is enough, as
apt-get honors the
http_proxy environment variable. But you can also add this line to your /etc/apt/apt-conf:
apt-get doesn't seem to leak DNS requests.
Warning: This will only work for deb/deb-src lines in /etc/apt/sources.list that use HTTP, because Privoxy does not support FTP.
Which RSS feeds you are reading tells quite a lot about you, and it's probably an information some people or organizations would be very interested in, I imagine. So anonymizing your feed-reader is quite important, IMHO. Akregator (a KDE RSS-reader application) uses Konqueror internally, so if you have set Konqueror to use Tor + Privoxy as HTTP-proxy, Akregator is safe, too.
Akregator doesn't seem to leak DNS requests.
Podcast Client: iPodder/Juice:
Got to File -> Preferences -> Network settings and configure this:
Use a proxy server: enable
iPodder/Juice doesn't seem to leak DNS requests.
Secure login: ssh:
In order to torify all your ssh communications (ssh, slogin, sftp, etc.), edit your /etc/ssh/ssh_config and/or ~/.ssh/config and add:
ProxyCommand socat STDIO SOCKS4A:127.0.0.1:%h:%p,socksport=9050
This requires socat, so:
apt-get install socat.
ssh doesn't seem to leak DNS requests.
Warning: Simply using
torify ssh does not suffice, it leaks DNS requests!
Properly torifying fetchmail is pretty ugly. Basically,
torify fetchmail should be enough (one would think), but that leaks DNS requests! All tips offered in the Torify HOWTO suffer from this problem. The ideal solution would be to use
tor-resolve (a small utility that resolves DNS requests via the Tor network, and hence anonymously) before fetching the emails, but I haven't found a good and simple solution for that. What I do right now is to hardcode IP addresses in my ~/.fetchmailrc config-file and then use
torify fetchmail, which doesn't leak DNS requests. However, it leads to some ugly "fetchmail: Server CommonName mismatch: foo.bar.com != xxx.xxx.xxx.xxx" warnings.
I always start fetchmail manually, often by clicking an icon in my IceWM toolbar. So I use the following line in my ~/.icewm/toolbar config-file:
prog Fetchmail fetchmail xterm -e torify fetchmail
Sometimes I invoke fetchmail from the command-line, too, so I have this alias in my ~/.bashrc:
alias fetchmail='torify fetchmail'
Warning: Just for the record:
torify fetchmail alone (i.e. used with hostnames in ~/.fetchmailrc) does not suffice, it leaks DNS requests!
Go to Settings-> Preferences -> Network -> Network setup -> Proxy server and configure:
Then make sure you check the "Use a proxy server" checkbox in the preferences dialog of the IRC server you want to use.
XChat doesn't leak DNS requests.
You might also want to check out toraliases, a small shell script you can source from your
~/.bashrc file. It defines some functions and aliases that transparently direct the traffic of some (but not all!) programs through Tor.
Anything not using TCP usually cannot be torified, as Tor only works for TCP.
torify whois google.comleaks the DNS request for the whois-server (in this case whois.crsnic.net), it doesn't seem to leak the host you wanted to lookup. Can somebody confirm this? The safer method is to use a web-frontend, though.
torify ncftpworks, it leaks DNS requests! I haven't yet found a way to fix this (help is appreciated!). I also tried a few other FTP clients, without luck.
http_proxyenvironment variable and by using a hidden Tor server as keyserver.
keyserver-options honor-http-proxy broken-http-proxy
gpg --recv-keysseems to work fine,
gpg --refresh-keysleaks DNS requests! It seems GnuPG hard-codes the keyserver to keyserver.pgp.com in that case and leaks the DNS request for this domain name.
More information is available in the Tor documentation, the Tor wiki, and especially in the Tor FAQ. In addition, there's an IRC channel on Freenode (#tor), some slides and a video (torrent) about Tor you might find interesting. If you would like to help, you can run a Tor server, donate some money, or volunteer to do other things (code, debug, document, translate, and more).
That's it for now. I'm very grateful for comments and suggestions, especially for hints on how to anonymize more applications. Also, if you notice any dumb mistakes I made, please leave a comment.
From the project website:
The M4 Project is an effort to break 3 original Enigma messages with the help of distributed computing. The signals were intercepted in the North Atlantic in 1942 and are believed to be unbroken. Ralph Erskine has presented the intercepts in a letter to the journal Cryptologia. The signals were presumably enciphered with the four rotor Enigma M4 - hence the name of the project.
The first message has already been successfully broken. The plain-text reads:
1930 Funkspruch 1851/19/252:
" F T 1132/19 Inhalt:
Bei Angriff unter Wasser gedrückt.
Wabos. Letzter Gegnerstand 0830 Uhr
AJ 9863, 220 Grad, 8 sm. Stosse nach.
14 mb. fällt, NNO 4, Sicht 10.
1930 Radio signal 1851/19/252:
" F T 1132/19 contents:
Forced to submerge during attack.
Depth charges. Last enemy position 0830h
AJ 9863, [course] 220 degrees, [speed] 8 knots. [I am] following [the enemy].
[barometer] falls 14 mb, [wind] nor-nor-east, [force] 4, visibility 10 [nautical miles].
Hm, digging in the past with modern technology...
(via Network Security Blog)
High (arbitrary remote code execution under the user ID running the player) when streaming an ASF file from a malicious server, medium (local code execution under the user ID running the player) if you play a malicious ASF file locally. At the time the buffer overflow was fixed there was no known exploit.
Users of the older MPlayer 1.0pre7try2 should apply this patch in order to fix the security issue. CVS users should update to the most recent revision.
I tried to do the latter, but I stumbled over several problems. First, I noticed and filed a bug (I think) in Debian's libavcodec-dev package which prevented a successful compile. After a few more problems I gave up and stayed with 1.0pre7try2 by applying the above-mentioned patch. I'll wait a few more days until the MPlayer developers fix the build issues in CVS...
There's no known exploit in the wild yet, but I bet it won't take too long until one appears. So better fix your Mplayer!
It seems Apple is having more and more severe problems lately, MacOS viruses and worms start popping up and spreading on a larger scale... Michael Lehn has now discovered that Apple Safari can be tricked into automatically downloading and executing arbitrary shell scripts.
No need to mention what harm this can cause, especially if you are stupid enough to browse the web as root (or whatever Apple calls their superuser).
The behaviour to automatically open downloaded "trusted" files in a respective application is the default in Safari, which is obviously not the brightest idea Apple ever had. This is not an Apple-only problem, though. I really wonder why so many people, be it developers or users, are willing to sacrifice security for some crappy "feature"...