The Privacy BlogThoughts on privacy, security, and other stuff.

CAT | Anonymity

Troll and laptop

Attacks On Anonymity Conflate Anonymous Speech With Trollish Behavior | Techdirt

It turns out that people say nasty things under their real names, and people also say valuable things anonymously.

Shocking!

It is amazing how often I see respected academics and other thinkers get incredibly sloppy in their reasoning when it comes to anonymity. They frequently assume correlations for which they have no evidence, and propose solutions with no consideration of the consequences.

I appreciate the rational perspective in articles like this.

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.

·

Unknown known

Your Anonymous Posts to Secret Aren’t Anonymous After All | Threat Level | WIRED

This article describes a clever attack against Secret, the “anonymous” secret sharing app.

Their technique allows the attacker to isolate just a single target, so any posts seen are known to be from them. The company is working on detecting and preventing this attack, but it is a hard problem.

In general, any anonymity system needs to blend the activity of a number of users so that any observed activity could have originated from any of them. For effective anonymity the number needs to be large. Just pulling from the friends in my address book who also use Secret is way too small a group.

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.

· · · · ·

Sauron-BrazilA Brazilian court is enforcing a constitutional ban on anonymity by requiring Apple and Google to remove Secret, an anonymous social network chatting app from their app stores. Microsoft is being required to remove Cryptic, a similar windows phone app.

In addition to that, they have been ordered to remove the app from the phones of all users who have installed it. These kinds of retroactive orders to have companies intrusively modify the contents of all of their customer’s devices are concerning. At least these apps are free, if users had paid for them, that would introduce another complication.

One wonders how this will apply to tourists or business travelers visiting Brazil. Will their phones be impacted as well?

The law exists to allow victims of libel or slander to identify and confront their those speakers.

While this ruling only applies to Apple, Google, and Microsoft, and only with respect to the Secret and Cryptic apps, the underlying principle extends much further. There are still final rulings to come, so this is not the last word on this situation.

Anonymizer has had a great many Brazilian customers for many years. Anonymizer provides those users important protections which are well established in international human rights law. We certainly hope that they will continue to be allowed to use our services.

Brazil Court Issues Injunction Against Secret And Calls For App To Be Remotely Wiped | TechCrunch

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.

· · · ·

TorAppLogo

Tor just announced that they have detected and blocked an attack that may have allowed hidden services and possibly users to be de-anonymized.

It looks like this may be connected to the recently canceled BlackHat talk on Tor vulnerabilities. One hopes so, otherwise the attack may have been more hostile than simple research.

Tor is releasing updated server and client code to patch the vulnerability used in this attack. This shows once again one of the key architectural weaknesses in Tor, the distributed volunteer infrastructure. On the one hand, it means that you are not putting all of your trust in one entity. On the other hand, you really don’t know who you are trusting, and anyone could be running the nodes you are using. Many groups hostile to your interests would have good reason to run Tor nodes and to try to break your anonymity.

The announcement from Tor is linked below.

Tor security advisory: “relay early” traffic confirmation attack | The Tor Blog

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.

· ·

Thanks to WhoIsHostingThis for providing this informative infographic (click to enlarge). They provide a cool service that allows you to look up the hosting service behind any website.

Digital_Fingerprint_WIHT_Anonimyzer (1)

· · ·

Older posts >>