[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

RE: Some legal trouble with TOR in France

Talking of Microsoft; it is a claimed advantage of the new OS versions
coming out such as Longhorn server - they include 'Bitlocker' encryption
that is apparently highly secure and integrates with motherboard
chipsets (TPM modules) to provide end to end code authentication and
hardware security. If any one thing required to unlock it is missing -
e.g. original hardware, TPM or pass code, USB dongle, etc. then no one
is going to reading your data unless a compromise is found in 256 bit
AES encryption. 

So if for instance they take your disks away as per the French TOR node,
then you could destroy your hardware key (wipe TPM module, destroy
motherboard chipset or USB dongle) and they are not going to be reading
anything, ever. Even if they do take the whole system away then they
wont be able to login to access your data even if they can boot unless
they have your password (and biometrics or USB token, etc.) 

You can login using a USB token and then store the token away from the
PC. If the PC is taken then you can destroy the token (one minute in a
microwave oven is pretty effective). Then even if you are later required
by law to give up your 'passwords' you can show that is no longer

See http://www.microsoft.com/technet/windowsvista/security/bittech.mspx
and http://www.microsoft.com/technet/windowsvista/security/bitlockr.mspx

Another advantage of this is that they can't easily trojan or root kit
your OS at a low level - it would fail the signed code integrity checks
and would not boot.

I recommend not securing it with your finger prints though.

I wonder how law enforcement organisations and even organisations that
don't care about international (or even their own) laws such as the US
government will react to the increasing future common use of secure
encryption. Even our phone calls can now be secured from their
monitoring: http://www.philzimmermann.com/EN/zfone/index.html

-----Original Message-----
From: owner-or-talk@xxxxxxxxxxxxx [mailto:owner-or-talk@xxxxxxxxxxxxx]
On Behalf Of Landorin
Sent: 14 May 2006 01:45
To: or-talk@xxxxxxxxxxxxx
Subject: Re: Some legal trouble with TOR in France

Hash: SHA1
I'd say if you can register a server with the required data given you
can unregister it the same way imho. Just contact the adress for
Speaking of cloned hard drives and having his keys... that's where
"Truecrypt" kicks in. ;) Nicely encrypted files with hidden volumes
within the file. ;)

By the way, if you even want to melt the hardisk then you need to go
to the Mount Doom and drop it there, that's the safest way and since
you're already on it, that way you can make the Microsoft Tower of
Evil and its virtual armies collapse, too. ;) I doubt the normal
police has such good programs that survive melting and formating. ;)
In the end, it's up to you to decide what is necessary to trust your
hardisks again. Yet if I were the police I wouldn't waste my time on
someone who obviously had nothing to do with the crime, I'd rather
concentrate on finding criminals that can be traced back (and if they
listened to you then they know it's a waste of time in any case
because they can't track anyone back with your PC).


Anthony DiPierro schrieb:
> On 5/13/06, Ringo Kamens <2600denver@xxxxxxxxx> wrote:
>> He has a good point. They surely have a clone of your drive which
>> means they
>> have the private keys to the server which could destroy the user's
>> anonymity.
> If I understand things correctly then the name of the node should be
> told to someone who can permanently take it out of the directory
> servers.  Is this possible/necessary?  Or does everyone have to add an
> excludenodes?
> Anthony

- --
Accelerate cancer research with your PC:

GPG key ID: 4096R/E9FD5518
Version: GnuPG v1.4.2.1 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org