Roger Dingledine of the Free Haven Project is giving a lunchtime talk about The Onion Router (TOR), an anonymizing router. It’s open source, of course. “We probably have hundreds of thousands of users, although it’s a little hard to tell because we’re an anonymity system.” It’s mainly used by people in Western countries who don’t want to be traced by advertisers, as opposed to being used by dissidents in China or Iran. [As always, I’m paraphrasing and occasionally guessing.]

Encryption doesn’t mask how much you say, when you say it, etc. So, more anonymity is needed. Anonymity is important for privacy, network security and traffic-analysis resistant networks…three ways of spinning the same idea. Citizens, businesses and government need anonymity. E.g., the CIA’s anonymous tip line encrypts the tip but the fact that you submitted a tip can still be traced. “How much would you bid for a list of IP addresses in Baghdad that’s getting messages from the CIA?” By putting all of these users onto the same server, the fact that they’re using it tells you little.

Official Google policy is that they don’t collect personal info. They “only” collect your IP address and what you do with it. But that’s way too much, Roger implies. In fact, he says, if you can see both sides of a Net transaction such as email, you can match up the IP addresses or the contents and make good, practical guesses about who’s talking.

Ethan Zuckerman points out that if you’re the only person using TOR in, say, Sudan, you can probably be identified. Roger says that that’s not something it’d be easy to fix in TOR.

Commercial anonymizers generally put up an anonymous proxy relay. But the user’s request for the relay to fetch a particular Web site could be intercepted. So, some anonymizers encrypt the request. Those are subject to hackers, internal traitors, and legal attacks. The TOR system uses three proxies. (Roger says since the attacks come at the end points, it probably doesn’t matter how many beyond three are added.) If one is compromised, you still can’t connect person A and B. If two are compromised, you can. “We multiplex the circuits because the multiple keys can be pretty slow.” [I record this for your enlightenment. Means nothing to me.] TOR anonymizes only TCP streams. “It needs other applications to clean high-level protocols.”

Server operators are given options to limit bandwidth and choose which ports to connect.

How do you know that a TOR server isn’t compromised, phishing for pigeons? [That mixed metaphor is mine, not Roger’s.] A directory enables servers to vouch for other servers. [Sorry, I didn’t understand that, so I may be misrepresenting it.]

He explains how TOR can provide bidirectional anonymity.

There are about 450 TOR servers and about 200,000 people using TOR in a week. “We push 50MB/second of traffic.”

Problem: “Abusive users get the whole network blocked.” Slashdot and Wikipedia block all postings from TOR. Wikipedia wants to be able to ban abusers’ IP addresses, but TOR IPs are too easy to get. “We make it easy to identify if you’re coming from the TOR network.” They do this on purpose so sites can choose what they want. That means that China, for example, can block the entire TOR network; all it has to do is grab the public list of TOR servers and black them all. To get around this, TOR could have more exit nodes, i.e., last hops from the TOR network that are not recognizable as TOR servers. Roger suggests TOR clients could have a “Help China” button that allows users to forward a small amount of traffic so there would be hundreds of thousands of IP addresses, not 450 TOR servers that are easy to identify and block. He discusses an approach that requires having a trusted social network that grants access to the network.

Next steps: “We want to work on usability.” None of the TOR developers use Windows. Also, incentives: “I really want to do a tit for tat scheme where you don’t get good service unless you handle some traffic.”

Roger mentions that there’s a list of open research questions on the TOR site.

Who are the people who need this, to make it clear that anonymity is good? It can’t be dissidents at this point because, (Ethan says), “It’s a good way to get them arrested.”

Q: What’s the latency of using the system?
A: It depends. But a lot. “If you’re used to university bandwidth, you’ll notice a huge hit.”

Q: Do you throttle people doing video downloads?
A: No. That’s an arms race I don’t want to get into. We ask you not to do huge transfers over TOR. And TOR isn’t very good at that. In some sense, it’s self-correcting.

Q: How are you going to encourage more servers?
A: We have a sign-up on our home page. More important, we’re working on an incentive system.

Q: Do ISPs let people run TOR servers?
A: Many do. By the way, it’s a safe harbor under the DMCA because you’re just passing the bits through.

Q: Some policy makers think we need an accountable network in which we can tie bits back to particular humans. How is TOR going to play in this?
A: Many machines on the Internet are not their “owners” — they do not represent who they claim to. That’s a problem for an accountable network. E.g., Windows 98 is highly vulnerable. Phishing isn’t going away. Roger cites a study that showed that if you add personal info to a phishing attempt — info found by googling — the response rate goes from 15% to 85%.

Q: What will it take for this to move beyond geeky early adopters?
A: There are millions people who’d like to use it, if we can make it easy enough, get it to work well on Windows, get the documentation right…etc.

Q: How can you solve the problem of the lone TOR user in the Sudan?
A: We would need to make it impossible to know that you’re using TOR. You need a way for the data you publish to be unlinkable with you, and defending against that depends on the nature of the attack. There’s also the ability to link up without giving yourself away by someone watching the timing of posts.

A: More users in Sudan would help. Without that, you should go to an Internet site, send a msg to a friend in a safe environment, and ask her to post it for you.

[Tags: berkman anonymity tor roger+dingledine security]

3 Comments »

Sopranos : Failure to spoil

Actually, there’s a huge spoiler in this post if you didn’t see the first episode of the new season.

[SPOILER ALERT]
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

I can’t believe I posted predictions about the new season and did not post what I’ve told a few people was my hope for the show: Kill Tony in the first episode and tell the entire story in flashback. That way we get over the “What happens to Tony?” question, which is always up to the semi-arbitrary whim of the writers, and can focus on how and why it happens. Now that looks like a real possibility for the show.

The first episode was, IMO, brilliant.

[Tags: sopranos]

7 Comments »

I’m hosting another in my intermittent series of discussions about webby topics. On Wednesday night, the topic will be: What’s happening to the authority of knowledge? The fact that an article appears in the Britannica confers some authority on it. That an article appears in Wikipedia does not. What does? What does this mean for knowledge and power? Stuff like that.

It runs from 6-7:15pm, and it’s open to everyone. It’s at the Berkman Center and we serve food. [map] See you there?

2 Comments »

Well, this is not something I expected to be blogging: Senator Bill Frist has blogged about filing an Online Freeom of Speech amendment to the lobbying reform bill, and cites Cluetrain as one of this sources.

He says some good things about why we need to preserve freedom of speech online, although the concrete portion of the bill (judging from his post) seems to be aimed narrowly at keeping the Federal Elections Commission from regulating blog posts as part of campaign finance reform. So, I left the following comment:

As one of the co-authors of the Cluetrain Manifesto, I congratulate you on your defense of free speech in the online, connected world. A free and open Internet is one of the great forces for democratic open societies worldwide, and it’s so important that our own leaders embrace it as you have.

Unfortunately, the openness of the Internet is in very real danger. For example, Net neutrality – making sure the companies who provide the “pipes” don’t get to favor particular content that flows through them – is essential. Then, there are governments and industries that would strip the Internet of its anonymity, which is as good as handing dissidents over to their totalitarian governments. The current length of copyright – so far beyond what the our Founders envisioned – holds back the outpouring of ideas, culture and innovation the Net could set free. Even if the Internet weathers these threats, the digital divide is real and a real inhibition to the equal-to-equal connectedness that is the joy and hope the Internet brings.

So, thank you, Senator, for your strong words supporting that great American value, free speech. It’s heartening to have you join the struggle to keep the Net open and free. I hope you will just as strongly support the conditions that enable the Internet to be a global medium for free speech.

Sometimes the world is weird in good ways. (Thanks to Dan Bricklin for the link.) [Tags: cluetrain bill_frist]

3 Comments »

Mario Sixtus has posted a podcast of his interview of me from a couple of weeks ago. It’s about 15 mins long. (Mario has dubbed in his questions in German but has left my answers in English, so if you don’t speak German you can always play “Guess the question.”) BTW, I didn’t put my fears of digital ID very well, possibly because they’re unfounded and thus can’t be put well: The mere ability to demand hard, digital ID I’m afraid will result in a widespread “Don’t shop here if you don’t like it” attitude, not to mention the fears I mention about what will happen in totalitarian states.

Mario points out that Handelsblatt has posted the podcast under a Creative Commons license, which he thinks may be the first time a major German publisher has used CC. Whether it’s the first or just one of the first, I still say: Yay! [Tags: podcast pr creative_commons]

Be the first to comment »

We went to the Boston Museum of Fine Arts today just because it’s been a while. Among the lovelinesses is a 1910 calendar that groups the dates by the day of the week. Useless, yet beautiful.

By the way, don’t you think $15 to enter + $7 for the special exhibit + $10 parking is a tad expensive for a public art museum? Wednesdays after 4 you can get in for whatever contribution you’d like to make, but that’s not much of a window for serving the portion of Boston’s population that doesn’t have $22 to go see some art. (And why would they have a sign up on Wednesday afternoons saying “Suggested contribution $15”? If we wanted to pay $15, we wouldn’t be there on Wednesday afternoon.) [Tags: everything_is_miscellaneous EverythingIsMiscellaneous art boston]

1 Comment »

Believe me, I know that’s the least enticing headline ever, but, March is colonoscopy month so I’m obliged by law to talk about my colon.

If you’re 50+, you should get a colonoscopy every 5 years or so (or when your doctor tells you). They’re generally covered by insurance, if you have insurance (stupid stupid country). Having skipped my annual physical for 5 years, I finally went last month, and my doctor has had me schedule a shove ‘n’ peek for a couple of weeks from now. Since colon cancer is often detectable in pre-cancerous form, my avoidance is just plain stupid.

Here’s a piece in Salon that may motivate you. Here’s an article it references that is reassuring about the process. And here’s a picture of the pretty side of Katie Couric.

As the person who scheduled my colonoscopy told me, you have to take it with a grain of salt. [Tags: colonoscopy health]

11 Comments »

The last bit of snow melted from our lawn yesterday.

Today the crocuses are up, but they don’t look happy about it.

I remember this. And this. Most of all, I remember this.

Don’t let up your guard, Boston! The sucker punch is coming! [Tags: boston weather]

Be the first to comment »

[PHONY SPOILER ALERT!!!!]

Obviously, I have no idea what will really happen in the Sopranos’ last season. Nevertheless, I approach this with a certainty that allows for no contradiction. Beyond any doubt, the following will occur. (I just enjoy setting myself up for a fall.)

Chris is a dead man. It’d be nice if they’d bring Martin Scorsese for a guest shot, so to speak, as the assassin. But it’s more likely that he’ll be killed in an ignominious way, perhaps taking a head wound after an unfortunate silicon explosion at the Badabing Club.

Carmela and Meadow survive so they can console each other. AJ, however, is going upriver. Tony will have to sell him out, perhaps to save Meadow. Or maybe Meadow sells him out. I leave that up to the writers’ discretion.

In the final episode, Tony will be sent to jail for something relatively small. His cellmate bears an uncanny resemblance to his dead mother. Tony’s psychiatrist is the only one who comes to visit him.

There’s been a lot of speculation about the Russian mobsters who hang, unresolved, over the plot returning to kill Paulie. But I think Paulie not only will live, he’ll inherit Tony’s operation.

And he’ll immediately sell it to the Russian mob. [Tags: sopranos television]

Another possibility occurred to me this morning: Christopher is forced to turn Tony in. Chris goes straight, thanks to the witness relocation program. Tony reports to jail rather blithely, saying he’ll have no trouble doing the time. As we see the gang sit leaderless and rudderless at the bar at the Baddabing, we see Tony being eyed by another prisoner whom the show has already established is out to kill him. The end.

45 Comments »

1.

I can’t wait until we’re all reading on e-books. Because they’ll be networked, reading will become social. Book clubs will be continuous, global, ubiquitous, and as diverse as the Web.

And just think of being an author who gets to see which sections readers are underlining and scribbling next to. Just think of being an author given permission to reply.

I can’t wait.

2.

Right now, we have a single knowledge — the world is either one way or another — and multiple libraries.

As we put our works on line, we’ll only need one library and will have multiple knowledges.

Why have more than one library when you can link to and aggregate whatever you need? Oh, the library will be distributed and portions will be replicated for safety’s sake — we will have learned something from Alexandria — but that’s just an implementation “detail.” When all our works are digitized, a local library will be nothing but a playlist. [Tags: libraries reading books EverythingIsMiscellaneous everything is miscellaneous]

6 Comments »