Moxie Marlinspike on Internet Anonymity

ITWeb had an article earlier this month on Moxie Marlinspike’s keynote address at the ITWeb Security Summit in the Sandton Convention Centre. Moxie is a computer security expert well known for showing the world how insecure SSL communication and certificates can be. He is also known for his campaign for internet anonymity and privacy in the digital age.

Thus was the topic of his speech at the ITWeb Security Summit:

Marlinspike asked the audience how many of them would be happy to carry a government tracking device. No one raised their hand. But when asked how many in the audience carried a cellphone, the results were the opposite. There is not much of a difference, he opined. “A cellphone has real-time positioning and cellular companies are required by law to supply this information to governments. The difference lies in choice. People choose to carry cellphones.”

Moxie also talked about Google, and its tendency to save all of your search criteria, choices, maps, directions, etc:

In addition, Google claims to ‘anonymise’ users’ data after nine months. “Anonymise means drop the last octet of an IP address,” he explained. “Cookies are simply translated. It also says it takes privacy seriously, putting it under the user’s control, but in fact only shows the user some of the information they are most obviously capable of connecting to you. In addition, it requires that the user has an account, remains logged in while using services, and maintains a consistent cookie in order to participate.”

The scope of the ‘Google choice’ has become quite large, he added. “We need some innovation that allows us to reject this type of false choice while still maintaining anonymity. We need anonymous access to Google services that is fast and reliable.

To this end, Moxie created “Google Sharing”, Basically, a Firefox plugin that connects your browser to a proxy server run by Moxie that offers anonymous use of Google services.

*NOTE – as always, it is a security risk to connect to a proxy server that you have no control over.

Unfortunately, with all the scare of terrorism, cybercrime and state backed cyber espionage we live in a world where the bad guys mascaraed as good. In trying to ferret out these threats, personal privacy and anonymity is taking a back burner. For the full article see “Privacy Dies Off”. 

Advertisements

Computer Security: Surf Anonymously with Tor

Whenever you communicate online, send e-mails, or visit websites, your network address is included with every transmission. This address points back directly to your machine, or the proxy that provides access to your machine. With Traffic analysis, your communication on the web can be tracked. Why is that bad you ask?

According to Wikipedia, Traffic analysis is the process of intercepting and examining messages in order to deduce information from patterns in communication. It can be performed even when the messages are encrypted and cannot be decrypted. In general, the greater the number of messages observed, or even intercepted and stored, the more can be inferred from the traffic. Traffic analysis can be performed in the context of military intelligence or counter-intelligence, and is a concern in computer security…

Traffic analysis is also a concern in computer security. An attacker can gain important information by monitoring the frequency and timing of network packets. A timing attack on the SSH protocol can use timing information to deduce information about passwords since, during interactive session, SSH transmits each keystroke as a message.[6] The time between keystroke messages can be studied using hidden Markov models. Song, et al. claim that it can recover the password fifty times faster than a brute force attack.

Continue reading “Computer Security: Surf Anonymously with Tor”

Search While Protecting Yourself From – Google?

“If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”

– Eric Schmidt, Google CEO

With the Google hack in headlines news recently, there seems to be another war going on. This one is against… Google. It appears that Google tracks EVERYTHING you do while you use its search features. Including the webpages you clicked on when doing your searches, the news you’ve read and the places that you asked directions for.

Moxie Marlinspike, computer software expert, penetration tester and the one who showed the world that SSL can be completely bypassed, is now taking on the privacy issues with using Google. His Firefox plug-in called “Google Sharing” connects you to a Google sharing proxy server that protects you from Google’s tracking methods. A full explanation and the software can be found at http://www.googlesharing.net/index.html.

As with any proxy type software, security is a risk, because you are opening a network path from your PC to an unknown system. But if your privacy concerns outweigh the risk, then Google Sharing may be the way to go.

Daniel W. Dieterle