[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
RE: WIRED: Anonymity on a Disk
Also, the file is not downloadable from Sourceforge.
From: owner-or-talk@xxxxxxxxxxxxx [mailto:owner-or-talk@xxxxxxxxxxxxx] On
Behalf Of Eugen Leitl
Sent: Monday, January 16, 2006 9:47 AM
Subject: WIRED: Anonymity on a Disk
By Quinn Norton | Also by this reporter
WASHINGTON DC -- To many privacy geeks, it's the holy grail -- a totally
anonymous and secure computer so easy to use you can hand it to your
grandmother and send her off on her own to the local Starbucks.
That was the guiding principle for the members of kaos.theory security
when they set out to put a secure crypto-heavy operating systems on a
bootable CD: a disk that would offer the masses the same level of privacy
available to security professionals, but with an easy user interface.
"If Granny's into trannies, and doesn't want her grandkids to know, she
should be able to download without fear," says Taylor Banks, project leader.
It's a difficult problem, entailing a great deal of attention to both
security details and usability issues. The group finally unveiled their
finished product at the Shmoo Con hacker conference here Saturday, with
Titled Anonym.OS, the system is a type of disk called a "live CD" -- meaning
it's a complete solution for using a computer without touching the hard
drive. Developers say Anonym.OS is likely the first live CD based on the
security-heavy OpenBSD operating system.
OpenBSD running in secure mode is relatively rare among desktop users. So to
keep from standing out, Anonym.OS leaves a deceptive network fingerprint. In
everything from the way it actively reports itself to other computers, to
matters of technical minutia such as TCP packet length, the system is
designed to look like Windows XP SP1. "We considered part of what makes a
system anonymous is looking like what is most popular, so you blend in with
the crowd," explains project developer Adam Bregenzer of Super Light
Booting the CD, you are presented with a text based wizard-style list of
questions to answer, one at a time, with defaults that will work for most
users. Within a few moments, a fairly naive user can be up and running and
connected to an open Wi-Fi point, if one is available.
Once you're running, you have a broad range of anonymity-protecting
applications at your disposal.
But actually using the system can be a slow experience. Anonym.OS makes
extensive use of Tor, the onion routing network that relies on an array of
servers passing encrypted traffic to permit untraceable surfing. Sadly, Tor
has recently suffered from user-base growth far outpacing the number of
servers available to those users -- at last count there were only 419
servers worldwide. So Tor lags badly at times of heavy use.
Between Tor's problems, and some nagging performance issues on the disk
itself, Banks concedes that the CD is not yet ready for the wide audience he
hopes to someday serve. "Is Grandma really going to be able to use it today?
I don't know. If she already uses the internet, yes."
Experts also say Anonym.OS may not solve the internet's most pressing
issues, such as the notorious China problem: repressive governments that
monitor their population's net access, and censor or jail citizens who speak
out against the government.
Ethan Zuckerman, fellow with Harvard's Berkman Center for Internet and
Society, works extensively with international bloggers and journalists, many
of whom live under constant threat from their own governments. He see
Anonym.OS as a blessing for some -- but not for those at the greatest risk.
"I think it's going to be tremendously useful for fairly sophisticated users
when they are traveling, but where it may not be as effective as people
would hope is in counties where the government is really seriously about
locking down the net, constraining internet access," Zuckerman says.
Because most people in the developing world use the internet from shared
desktop environments, services for them have to consider office place and
cyber cafe-based computer situations. "Rebooting isn't often an option,"
explains Zuckerman, who would like to see anonymity solutions move toward
minimally invasive strategies like the TorPark, a USB key that allows access
to a Tor enabled browser without rebooting, and private proxies matched up
one by one with dissidents.
But kaos.theory members say Anonym.OS is just the first step in making
anonymity widely available. Future versions, they say, may run on a USB
keychain. Additionally, they plan to implement Enigmail to allow encrypted
e-mail for Thunderbird and Gaim Off The Record, which allows users to use
instant messaging without their logs being tied to them.
David Del Torto, chief security officer of the non-profit CryptoRights
group, says projects like Anonym.OS are heading in the right direction, but
thinks the project overreaches by trying to be useful to everyone. "Grandmas
are not the ones that need this right now.... My instincts tell me that it's
a very small number of people (that can use Anonym.OS). You can't really
solve this problem by simplifying the interface. It's almost impossible to
anticipate everything a user can do to hurt themselves."
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE