Posts tagged “Tor Project”
“The Freedom House report Leaping over the Firewall is a new report designed to help users understand, evaluate and select a tool or series of tools for security, privacy, anonymity, and most importantly, for circumventing Internet censorship.
As a long time developer with The Tor Project and as a member of the circumvention community, I feel that it is important to set the record straight about a number of issues. My motivation for writing this response is to inform readers of the serious concerns that many people, myself included, have about the recent Freedom House report. I am always pleased to see more analysis of censorship circumvention and Internet security tools, but I have concerns about this report’s methodologies and resulting conclusions.”
From Global Voices
As the Internet plays a major role in organizing protests and disseminating information across the Middle East and other parts of the world, a report released Tuesday by the human rights organization, Freedom House, tells how Internet censorship circumvention tools are effective in navigating around censors. But the report warns about the security implications of such software.
Cormac Callanan, head of Dublin-based Aconite Internet Solutions and an author of the report, urged caution when using censorship circumvention tools.
“Circumvention is not security,” said Callanan. “Security, anonymity and privacy are important and do need to be addressed. For end users, we can only repeat that security is more than a single circumvention tool. And that it becomes a way of life.”
From Voice of America
“Think that anonymizing BitTorrent tracker connections through Tor makes you harder to track? Think again. A vulnerability was used to identify over 10,000 users’ IP addresses via their BitTorrent tracker connections. But it’s not just your BitTorrent downloads that are at risk: an attacker can use your BitTorrent connections to de-anonymize other, more secure applications run over Tor.
In a paper released a few weeks ago at the USENIX conference’s workshop on Large-scale Exploits and Emergent Threats (LEET), researchers from INRIA France revealed a class of vulnerabilities in the Tor system which threatens the anonymity of many BitTorrent users.”
From Ars Technica
“The capacity for the Internet to route around damage and censorship is dependent on there being multiple pathways for data to be routed. What happens when there are incredibly few pathways, and when many of the existing paths contain hidden traps that undermine communications security and privacy? This question is always relevant when talking about communications, but has become particularly topical given recent events that compromised some of the Internet’s key security infrastructure and trust networks.”
“A malicious attacker that appears to be the Iranian government managed to obtain supposedly secure digital certificates that can be used to impersonate Google, Yahoo, Skype, and other major Web sites, the security company affected by the breach said today.
Comodo, a Jersey City, N.J.-based firm that issues digital certificates, said the nine certificates were fraudulently obtained, including one for Microsoft’s Live.com, have already been revoked. A fraudulent certificate allows someone to impersonate the secure versions of those Web sites–the ones that are used when encrypted connections are enabled–in some circumstances.
Jacob Appelbaum, a Tor Project programmer, wrote in a blog post yesterday that this snafu shows that the Internet’s trust mechanism, that was erected upon the idea of using signed digital certificates, is broken.”
From CNET News
“We’re glad that the Internet Service Providers in Egypt are announcing their routes to the world and have rejoined the Internet. We are concerned because it is possible that traffic crossing the Egyptian border is being recorded and possibly saved for future use. Correctly using Tor to and from Egyptian destinations will keep your traffic anonymous.”