Do You Trust Your VPN? Are You Sure?

The advice is everywhere, from Consumer Reports to the New York Times to the Federal Trade Commission: If you care to keep your web browsing private and secure, you should consider a virtual private network, or VPN.

Libraries are banding together for Tor

In July, the Kilton Public Library in New Hampshire partnered with the Library Freedom Project (LFP), to become the first library in the country to run a server connecting to Tor, an online network that allows users to browse the internet anonymously. But in August, the Department of Homeland Security got in touch with local police, who contacted the library about shutting down its relay. The library complied, for a time. Then, on Monday night, groups like the EFF, the American Library Association and local Tor supporters appealed to the library’s board of trustees, and got them to reinstate the library’s Tor relay node. Now Kilton is planning an even more important — and riskier — role in the Tor network, and other libraries may follow suit.

NSA surveillance: how librarians protect privacy


In the hours before US senators voted to take on the might of the National Security Agency this week, their inboxes were deluged with more than 2,200 supportive emails from a most unlikely group of revolutionaries: America’s librarians. Their contribution to the passage of the USA Freedom Act may not have been as dramatic as the revelations of Edward Snowden, but this mild-mannered wing of the privacy lobby has been stridently campaigning against government surveillance since long before the NSA whistleblower shot to fame. The first politician to discover the danger of underestimating what happens when you have thousands of librarians on your case was attorney general John Ashcroft who, in 2003, accused the American Library Association of “baseless hysteria” and ridiculed their protests against the Patriot Act. US libraries were once protected from blanket requests for records of what their patrons were reading or viewing online, but the legislation rushed through after after 9/11 threatened to wreck this tradition of confidentiality in ways that presaged later discoveries of bulk telephone and internet record collection. In 2005, four librarians from Connecticut also successfully fought a FBI request to use national security letters to seize reading records and hard-drives, forcing the government to drop the case and back off.

Hate speech on Yik Yak is a Catch-22

While hate speech on college campuses shared through Yik Yak is detrimental to the students it affects, it also sheds light on clear, though often not discussed racism, homophobia, sexism, xenophobia and bias towards various individuals and student groups. This was apparent in a May 5 incident on the popular, anonymous social sharing app at Santa Clara University (SCU) in Santa Clara, Calif. On the night of the post, members of SCU Igwebuike, the on-campus black student union, were gathered outside Swig Hall and speaking a bit loudly, according to Alana Hinkston a Santa Clara junior and member of the group who was present when the yak containing the hate speech was posted. Another student in the group present at the time pulled up Yik Yak on their phone when they saw the post and showed the others. The following week on Wed.

Russia ‘will block’ Google, Twitter and Facebook if they withhold blogger data

Russia’s media watchdog has written to Google, Twitter and Facebook warning them against violating Russian internet laws and a spokesman said they risked being blocked if they did not comply. Roskomnadzor said it had sent letters this week to the three US-based internet companies asking them to comply with laws that critics of President Vladimir Putin have decried as censorship. “In our letters we regularly remind [companies] of the consequences of violating the legislation,” said Roskomnadzor spokesman Vadim Ampelonsky. He added that because of the encryption technology used by the three firms, Russia had no way of blocking specific websites and so could only bring down particular content it deemed in violation of law by blocking access to their whole services. To comply with the law the three firms must hand over data on Russian bloggers with more than 3,000 readers per day and take down websites that Roskomnadzor saw as containing calls for “unsanctioned protests and unrest”, Ampelonsky said.

WikiLeaks relaunches completely anonymous submission system

WikiLeaks sources will be kept completely anonymous from even the site’s operators thanks to a revamped submission system, founder Julian Assangeannounced Friday. The controversial site launched a new Beta version to protect whistleblowers’ identities from state surveillance, keeping “national security sourcing in mind.” “WikiLeaks will continue publishing, as it has since its foundation, full archives of suppressed documents in strategic global partnerships,” Assange said in a post on the site. It has not had a truly anonymous system for more than four years, after disgruntled staffers took control of the site’s platform in October 2010, Wiredreported. The group continued to spill state and company secrets by publishing without revealing how the information was obtained.

Banning Tor unwise and infeasible, MPs told

A ban on online anonymity networks would be “technologically infeasible” and unwise, MPs have been told. Parliamentary advisers said networks such as Tor could be used for criminal ends but also in the public interest. The advice for MPs contradicted the Prime Minister David Cameron, who has said law enforcement should be handed the keys to encrypted communications. One expert said the document showed Mr Cameron’s plans to be “noble”, but ultimately unworkable. The Parliamentary Office of Science and Technology (Post), which issues advice to MPs, said that there was “widespread agreement that banning online anonymity systems altogether is not seen as an acceptable policy option in the UK”.

Who Spewed That Abuse? Anonymous Yik Yak App Isn’t Telling

During a brief recess in an honors course at Eastern Michigan University last fall, a teaching assistant approached the class’s three female professors. “I think you need to see this,” she said, tapping the icon of a furry yak on her iPhone. The app opened, and the assistant began scrolling through the feed. While the professors had been lecturing about post-apocalyptic culture, some of the 230 or so freshmen in the auditorium had been having a separate conversation about them on a social media site called Yik Yak. There were dozens of posts, most demeaning, many using crude, sexually explicit language and imagery.

81% of Tor users can be de-anonymised by analysing router information, research indicates


Research undertaken between 2008 and 2014 suggests that more than 81% of Tor clients can be ‘de-anonymised’ – their originating IP addresses revealed – by exploiting the ‘Netflow’ technology that Cisco has built into its router protocols, and similar traffic analysis software running by default in the hardware of other manufacturers. Professor Sambuddho Chakravarty, a former researcher at Columbia University’s Network Security Lab and now researching Network Anonymity and Privacy at the Indraprastha Institute of Information Technology in Delhi, has co-published a series of papers over the last six years outlining the attack vector, and claims a 100% ‘decloaking’ success rate under laboratory conditions, and 81.4% in the actual wilds of the Tor network. Chakravarty’s technique [PDF] involves introducing disturbances in the highly-regulated environs of Onion Router protocols using a modified public Tor server running on Linux – hosted at the time at Columbia University. His work on large-scale traffic analysis attacks in the Tor environment has convinced him that a well-resourced organisation could achieve an extremely high capacity to de-anonymise Tor traffic on an ad hoc basis – but also that one would not necessarily need the resources of a nation state to do so, stating that a single AS (Autonomous System) could monitor more than 39% of randomly-generated Tor circuits. Chakravarty says: “…it is not even essential to be a global adversary to launch such traffic analysis attacks.

Now Everyone Wants to Sell You a Magical Anonymity Router. Choose Wisely


Maintaining your privacy online, like investing in stocks or looking good naked, has become one of those nagging desires that leaves Americans with a surplus of stress and a deficit of facts. So it’s no surprise that a cottage industry of privacy marketers now wants to sell them the solution in a $50 piece of hardware promising internet “anonymity” or “invisibility.” And as with any panacea in a box, the quicker the fix, the more doubt it deserves. Last week saw the fast forward rise and fall of Anonabox, a tiny $45 router that promised to anonymize all of a user’s traffic by routing it over the anonymity network Tor. That promise of plug-and-play privacy spurred Anonabox to raise $615,000 on the fundraising platform Kickstarter in four days, 82 times its modest $7,500 goal. Then on Thursday, Kickstarter froze those pledges, citing the project’s misleading claims about its hardware sources.