Tuesday, August 06, 2013

Ending privacy? There's an app for that!

I may have mentioned this before, but: You know that when folding money gets old, it is sent to an official location for disposal, right? Well, do you know how the aged bills get where they need to go?

The mail.

You probably thought that armored cars might come into the picture, but they don't. An armored car tells crooks where the money is. A long time ago, the government discovered that old money travels safer when "hidden in plain sight" within the postal system.

Computers are like that. If you try to hide your IP address by using TOR or some other proxy system, you are telling Uncle: "Hey, Uncle -- looky here! Secret stuff! I'm doing secret stuff that I don't want you to know about!" Using TOR is, in this sense, like driving an armored car.

The fiends who dote on kiddie porn have long relied on TOR. Some of them recently learned all about the principle described above. The folks at the FBI (and SAIC, it seems) have come up with a spyware called CIPAV which is designed to crack the anonymity provided by TOR.
Court documents and FBI files released under the FOIA have described the CIPAV as software the FBI can deliver through a browser exploit to gather information from the target’s machine and send it to an FBI server in Virginia. The FBI has been using the CIPAV since 2002 against hackers, online sexual predators, extortionists, and others, primarily to identify suspects who are disguising their location using proxy servers or anonymity services, like Tor.

The code has been used sparingly in the past, which kept it from leaking out and being analyzed or added to anti-virus databases.

The broad Freedom Hosting deployment of the malware coincides with the arrest of Eric Eoin Marques in Ireland on Thursday on an U.S. extradition request. The Irish Independent reports that Marques is wanted for distributing child pornography in a federal case filed in Maryland, and quotes an FBI special agent describing Marques as “the largest facilitator of child porn on the planet.”
I put the words "and others" in boldface for a reason.

The problem with CIPAV and cognate technologies should be obvious: If we allow the feds to use spyware against people we hate -- like child pornographers -- we inevitably allow its use against...others. If you read the Wired article at the other end of the link above, you'll come across a comment from a right-wing reader which deserves to be noted here:
Terrorists, drug dealers, child porn scum & Tea Party members are the current "enemies" of the FBI, etc. How easy would it be to expand that list to "anyone who gives $ to the political opponents of the current (liberal or conservative) administration"?
I may not agree with this guy's conservative political stance, and I hardly believe that the Tea Party has been treated as an "enemy." (The baggers certainly are having an easier time of it than did members of the Communist Party in the old days.) Nevertheless, the principle expressed here is sound.

Child pornographers are scum. But software designed to end privacy for scum may also be used against non-scum. And if you think you have nothing to hide -- well, one day you may live a more interesting life. One day you may decide that the government has gone too far, has changed too much, has strayed from our founding principles -- has ceased to be a true democracy. You may decide that the time has come to restore what was lost.

But you won't be able to do so. Uncle will always be one step ahead of you, watching everything you do.

And remember: If Uncle can access your system, then he can also plant things on it -- after all, he knows your passwords. Uncle can even insert items into your twitter feed or use your email account to send contraband.

Contraband like child porn.
Contraband like pictures of Anthony Wiener's penis, you seem to be implying.

The TOR thing, (TOR was of course invented by the USN) the exploit in question would only affect the unwary. It only affects you if you went to an infected website (the FBI managed to take over the largest .onion host, Freedom Hosting, so there were lots of those including the Tor-based e-mail service Tor Mail), and if you were unwise enough to browse .onion sites with javascript enabled, and if you were using the same browser to browse onion domains and the normal web, which Tor advise against, they want you to use their Browser Bundle. So if they got you, you deserve it for your carelessness. Onion domains are a shark pit, if you go in without your armour you get what you get.

I use Tor all the time. Not to look at onion domains, I've gone through some of them in the past and wholly unintentionally) stumbled onto disturbing things, so I just use it to circumvent the government's censorship of my favourite torrent site. Make sure to use an encrypted connection, so as to avoid man-in-the-middle attacks from my exit-node. Keep my anonymous e-mail account on the even-more-obscure eepsite network, rather than using the CIA's anonymiser websites or the FBI-infected TorMail. I'm looking forward to finding out which gang of spooks have been running my e-mail account!
Crime-fighting technology has become a blank slate upon which one may write any story one chooses.
Post a Comment

<< Home

This page is 

powered by Blogger. 

Isn't yours?