The Datagram Onion Router

October 15, 2008

After having a quite depressing discussion about how Tor will evolve in Germany considering the data retention laws, I met a guy on IRC who told me about his new really cool project.

Camilo Viecco, who’s just doing his PhD in CS at the Indiana University, developed a naive UDP-implementation of the anonymisation-principle known as onion-routing from scratch. It’s far from perfect and it wouldn’t meld with the Tor-code easily, but it’s a first approach to improve latency for anon-services.

Tdor is an anonymisation-software to be installed on your local PC. It enables you to use the internet anonymously by configuring tdor as a proxy in your webbrowser. By using this software, no one can find out your IP-address, effectively resulting in an obfuscation of your identity.

The software is available on his homepage and is currently compiling on unixish systems.

What’s different about this project compared to regular anonymisation-systems is that tdor is using UDP instead of TCP, dramatically improving the well-known latency you suffer off when you’re using regular TCP-based anon-systems.

The project didn’t even release it’s first alpha-version, but the version I tested was usable and quite fast. I couldn’t make a difference of regular internet-connections and Internet over tdor.

Though where’s light, there’re shadows: The whole tdor-network only uses six nodes at the moment. It’s not meant to be used for real productive use, it’s only for testing – though it works cool!

At the moment the whole project consists of just a handful of people, but I bet Camilo appreciates any help he can get.

So. If you wanna participate in a really cool fancy brand-new cutting-edge anonymisation technology, grab the sources, compile it, run it and report bugs and issues!

A formal description about tdor is available here: http://petsymposium.org/2008/hotpets/udp-tor.pdf


Fedora Core 8 and Firefox Profiles – works, if you know how!

September 9, 2008

Ever since I migrated to Fedora Cora 8 I was really disappointed that Firefox-Profiles stopped working as I was used to them in Debian. I used different Firefox-profiles to run concurrent instances with other settings – like “regular web-surfing”, “Tor”, “English proxy for BBC iPlayer”, “test-this-random-plugin”.

But not with Fedora. I tried debugging the script, found a multitude of bug-reports against that, with now results.

Today dr|z3d from #tor pointed me to the correct answer: You have to apply the “-no-remote”-command to Firefox to get it working. Unfortunately, this option isn’t mentioned in the manual page to Firefox on Fedora Core 8.

So, if you want to get multiple profiles running: Add a -no-remote to the command-line. That should do the trick.

dr|z3d: I owe you a beer.


Try new Torbutton Firefox-plugin

January 2, 2008

TOR logoUpdate: Included another link to the Video. Thanks, Renke!
Just back from 24C3 where I attended Roger Dingledine’s talk about Tor’s further development plans (Torrent to Matroska-Video: Mirror #1, Mirror #2). He also presented the new development-version of Torbutton which is finally usable. The old Torbutton-plugin had several problems: It had the problem that it presented cookies, history and saved passwords from non-Tor-sessions to Tor-sessions which severely spoiled your privacy; the new development-version of Torbutton has a dedicated cookie-jar for Tor-sessionsand lot’s of other features:

  • Disable plugins on Tor Usage
  • Isolate Dynamic Content to Tor State
  • Hook Dangerous Javascript
  • Block Password+Form saving during Tor/Non-Tor
  • Store Non-Tor cookies in a protected jar
  • …and many more features… (complete list on the website)

See this awesome screen shots to get an idea what changed:

Torbutton Preferences, Dynamic Content
Figure 1: Screen shot of Torbutton Preferences: Dynamic Content

Torbutton Preferences, Cookies
Figure 2: Screen shot of Torbutton Preferences: Cookies

So if you press the Torbutton, it totally isolates all the other non-Tor-sessions (though I don’t recommend to use those tabs), improving your privacy. Before this new plugin was available, I used a separated Firefox-profile to use Tor – not needed anymore with Torbutton.

So grab your new copy (direct link to XPI) and have fun!


Privacy in Germany: What’s going on?

December 19, 2007

This is a meta-posting describing what’s going on in Germany.

Organisations:

German Privacy Foundation (GPF)

The German Privacy Foundation was finally officially established. The GPF thinks everyone has the right for privacy and anonymous communication. Anonymity is one of the fundamental basics to privacy and support human- and citizen’s rights.

It’s goals are to inform and educate about safe communication on the internet, supporting and organising tutorialsfor citizen about those topics.

The GPF is supporting and endorsing the development and deployment of anonymous infrastructure.

The GPF is a non-profit organisation according to the German law.

Contact: Use the Contact-Form.

Privacy Legal Fund (Germany) [PLF]

The Privacy Legal Fund (Germany) is a yet-to-be-founded organisation which will help voluntary operators of anonymisation-services like JAP, Tor, Mixmaster, Entropy, Freenet et al. with their problems with the Feds.

Much like the GPF, they want to promote the useage of privacy-enhancing internet-tools, but puts it’s emphasis on direct action instead of education. In that sense, the GPF and the PLC will be complementary.

The PLF doesn’t have fixed rules yet, they’re still to be defined. The PLF will be a non-profit organisation.

Contact: Contact me using the contact-form in this blog. You may encrypt the message using the PGP-key 0x90DEE171.

Events:

Both, the GPF and the PLF, will meet on the Chaos Communication Congress 24 in Berlin at the 27th-30th of December 2007 in Berlin.

On the 27th the PLF will meet for it’s founding-ceremony.
On the 28th the PLF and the GPF will meet to discuss the cooperation of both organisations.

Roger Dingledine, head of the Tor-project, will attend 24C3 for some talks as well.

Other Events:

There should be a “10 Years GnuPG“-party in Düsseldorf featuring Werner Koch this Thursday; however, no official annoucement was made yet. Still waiting.


Another one.

November 15, 2007

TOR logoWell. I was expecting this. You know, there are people taking civil responsibility, running a Tor-node and all they get is nastygrams, kicked-down doors and ultimately, lawsuits.

So, what happened: There’s this German guy, a Tor-operator. In June the police send him a letter telling him that he’s accused of computer fraud combined with unlawful modification of evidences. He’s a law-abiding citizen nothing guilty of, just using his civil rights and quite fed up with all those silly accusations, so he followed Udo’s golden rule #1: “You have the right to remain silent“.

Months later he got a letter from a court order about a penalty order, telling him that he’s guilty on all counts.

He describes it in his own words:

In early September I received a penalty order ("Strafbefehl") - from the
court. A judge found me guilty of having ordered a gift voucher (value: 51
EUR) on amazon.de, providing address details of a living person (but not
myself obviously), and using a Web.de email address registered specifically
for this purpose. I was sentenced to pay a fine of 500 EUR.

He appealed and the whole case finally went to court, having the hearing today. What happened then is beyond all reason:

[...] the penalty order listed four witnesses (the person whose address
details had been used, a police officer in a cow town near that person's
home hometown, a local police officer, and an employee of amazon.de)

However, the trial listed no witnesses at all. That guy was a laymen-judge (lay assessor) himself, so he though that this trial is based on a very weak basis and didn’t bother about it to much. Then all hell broke lose.

The judge and the lawyer of the state realized quite quick that he was not the one who committed the fraud, but instead of dismissing the case entirely they started to construct accusations like “supporting a crime” – which is utter bullshit. The accusation of “supporting a crime” in Germany definitively states that you need to support actively a certain crime – and only especially that you’re accused of. There ain’t nothing like a “general support crime”, as the judge thought. This is just another stunt!

The judge really thought “someone needs to be punished, but we can’t accept you to help anyone else to comit a crime”:

The judge as well as the public prosecutor
refused to accept that I didn't do anything criminal, that I didn't and
still don't want to help anyone committing a crime.

Oh Lord. Where have we gone!?

Even worse. The whole lawsuit was so frightening and cumbersome to the Tor-guy that he decided to dismiss the lawsuit according to §153 StPO. That means that the accusations are dismissed because there’s no public interest in the case. But yet, that doesn’t mean that he wasn’t found NOT GUILTY!

Why did he do this? Because he didn’t want to pay for a lawyer, as I do – but I can afford it:

They offered me to dismiss the actual court trial according to paragraph 153
StPO which is not the same as an acquittal (no "Freispruch") which I
eventually accepted. It means, however, that I won't have to pay for the
trial. They also repeatedly said that this time I got off with just a slap
on the wrist - next time it wouldn't be that cheap.

It’s all a big mess. Judges and lawyers have no bloody clue what Tor is about. They ignore the fact that Tor is a legal tool in a civil society and that Tor-operators aren’t responsible for the actions of their users. Heck, no one ever sued Pan Am to let the Lockerbie-bombers on board, and no one ever sued the German Postal Service for transporting letter-bombs: Yet German courts think that operators of anomymizing services are responsible for the actions of the users.

Brave new new world. Where have we gone? Our elected leaders ratify laws which are stupid. The judiciary is as dumb as a piece of stale bread. Take me out of here.


Follow

Get every new post delivered to your Inbox.

Join 120 other followers