Friends of Civil Liberties in Strange Places

640px-Rand_Paul,_official_portrait,_112th_Congress_alternateWho would have thought that a champion of liberal values would emerge from the American Tea Party movement? Rand Paul, presidential hopeful from the right wing of the republican party in the United States, has successfully led a campaign to prevent extension of the Patriot Act. The legislation was rushed through on a wave of national anxiety following the terrorist attacks of September the 11th 2001 – before anyone had really read it according to Michael Moore’s documentary, Fahrenheit 911.

Stop bugging us

When Barack Obama’s White House is referring to the congressional refusal to re-extend this legislation as an “irresponsible failure”, one could be forgiven for thinking the world has gone mad. A black president spitting blood because a right wing Republican has scuppered his anti-civil liberties agenda? Go figure.

The objections arise because Paul and his fellow rebels believe that security is supposed to protect liberty and that the Patriot Act has conceded too much to those who would limit American freedom by force. When the American government has the power to conduct mass surveillance of its own citizens, it deosn’t feel like a free country anymore. While American citizens languish in exile because they blew the whistle on institutional crime, Barack Obama looks angry and rightly embarrassed.

Our freedom is dependent on our courage. This law was an act of fear – exactly what terror is supposed to produce. Well done Rand Paul for being brave enough to take it on.

Posted in Adrian, News, Politics

Return of the May Queen

May

The Guardian 27th May 2015 – What the ‘snooper’s charter’ means for business and the public

It’s Queens speech time, the annual British spectacle of making an increasingly tired looking monarch read out her new prime ministers legislative agenda; an agenda about which professionalism demands she have no opinion.

This year it included a promise to introduce a new Investigatory Powers Bill that the BBC calls “sweeping and vague”. It will make it legal to do many of the things that Edward Snowden is in exile for pointing out were being done illegally.

This was to be expected.

With the Liberal democrats made to go and stand in the corner with a pointy hat on, there is no parliamentary party in the UK that formally opposes making your internet service provider record everything you do. David Cameron has a majority of 12 so her majesty indicated his anti-liberal legislative agenda will be broken into two parts;

1. Pass the snoopers charter dressed up in a new name ASAP

2. Save breaking the UK’s human rights law relationship with Europe for later – perhaps a bone to throw to the anti Europeans in his party if they lose the in/out referendum now scheduled?

The Guardian sees the IPB as a legislative bag that will hold all of the stuff from the draft communications data bill, or “Snoopers Charter” if you prefer, that the new government is able get past the objections of technology giants at the negotiating table. If the only thing standing between the public interest in privacy and Theresa May is now a trade negotiation with Google, Facebook, Apple et al. – a.k.a. “the union of supra national corporate data miners” –  expecting the worst isn’t pessimism.

Perhaps the bills teeth will get extracted because the data dentists would charge too much to save them. If not, the public would need 12 out of 331 conservative MP’s to look like they might rebel.

Write to any Conservative MP today and politely ask them to do their job and stand up for your rights. Remind them, They work for you – not the police, MI5 or big data.

Posted in Adrian, Politics, Privacy

UK Election: What of liberty?

statue_of_liberty_new_york_city-normal

It was during this parliament that Edward Snowden provided incontrovertible evidence of the UK government’s active participation in an ongoing program of supranational surveillance state building. You’d have thought the fact that the United States routinely conspires with Whitehall to spy on her majesties subjects would “come up” during a general election campaign.

You’d be underestimating the awesome skill British politicians have in avoiding serious debate.

The Tories don’t want to talk about it. It blew up on their watch requiring the introduction of emergency bends in the law needed to keep themselves on the right side of it. This fig leaf doesn’t impress the Law Society whose response to the governments consultation on RIPA a few weeks back was scathing.

Labour still has badly singed eyebrows from the ID card scheme that blew up under the internal pressure of its expanding cost at the last changing of the guard. Left of them the newly boisterous SNP care little for privacy either; their Scottish Entitlement smart card is criticized as worse than Labour’s own aborted surveillance scheme. If Mr Milliband moves into 10 Downing Street next week we’ll just have to hope he’s learned his lesson, because nobody else on our new, colorful and fractured left has said much to note on the subject.

That just leaves the guys with “Liberty” in their name.

The Liberal Democrats have been proffering a Digital Bill of Rights as part of their manifesto – but nobody else will talk to them about it. Maybe the little bit they have achieved over the last five years on privacy issues is better than nothing; they certainly championed the death of ID cards. Unfortunately they also look like they’re going to get a kicking at the polls for buckling on tuition fees and this “Bill of Rights” doesn’t make their current list of non negotiable policies anyway. So good luck to the Lib Dems – they’re going to need a lot of it to make much of a difference.

What reasons for optimism?

Charlotte Leslie (Conservative, Bristol North West) made time to chat face to face during the early part of this campaign; she’s a popular constituency MP and is tipped to do well on Thursday. We wanted reassurance that producing technology in the UK that’s specially designed to make it very difficult to spy on users wont get us into legal trouble in future. Bristol is an increasingly important tech cluster and headlines about the PM including the words “crackdown” and “encryption” are a bit scary if you deal in cryptographic technology.

Charlotte raised our concerns with party HQ and in due course we received this letter from Ed Vaizey, the outgoing minister for Culture and Digital Communications. He is keen to point out that the PM had no intention of banning UK firms from offering crypto-tech to private customers and nor is there a plan to legislate against specific technologies. Mr Vaizey also seems to have more than an inkling of the intractable reality that strict privacy is an inevitable consequence of adequate security.

Read it for yourself and draw your own conclusions.

We think that any result on Thursday is going to return a government that is weak on privacy and civil liberties in general (sorry Ed Snowden, we’d offer you asylum if it were up to us).  We also think we are likely to remain free to trade in technology that offers privacy workarounds to those who need or want them.

There are no overt plans to outlaw keeping your communication private – just plans to make it difficult enough for professionals, businesses and ordinary people to keep investing in privacy technology.

🙂

Posted in Adrian, Politics, Privacy, Security

Can They See My D*ck? Not if you use Cloak!

I really enjoy John Oliver’s Last Week Tonight show on HBO.  In last Sunday’s show, John Oliver managed to take Government surveillance to a level everybody can relate to.  Not only is the show itself quite informative and interesting, but it has now spawned a number of interesting web-sites, the latest being:

https://cantheyseemydick.com/

While having a somewhat tongue-in-cheek title it actually link to a lot of interesting information.

Posted in Anonymity, Lars, Privacy

Warranty void?

Please August, can I have another Anonabox? Lars broke the last one – he soldered some stuff to it so he could get the open source code out.

“This is what happens when you combine amateur hour with money,” says Lord. “It’s not surprising Anonabox is trying to recall it and cover their tracks. It’s a total train wreck.”

http://www.wired.com/2015/04/anonabox-recall/

Posted in Cloak, Humor, News, Tor

Bitten Hands

Sadness -we didn’t see the A Register in time to cancel our order.

Anonabox’s August Germar has told us the security shortcomings were addressed by March 20, 2015, after the upstart was acquired by Sochule.

 

Posted in Cloak, Privacy, Security, Tor

Overwhelming Interest

When I wrote my Anonabox Analysis yesterday evening, I expected perhaps a few comments from a few nerds.  I mostly wrote the analysis because I was curious.  I have spent a huge amount of time on the Cloak firmware, and I am always looking for inspiration and ideas to make it a better product.

What I did not expect was nearly 12000 page views in less than 18 hours and an avalanche of tweets.  Hell, we actually got mentioned on a Twitter Trending site and _that_ is the first time in my life I have been accused of being trendy.

What this does show however is that there is still a huge need for a product like Cloak and the importance of such a product being Open Source, so that the security aspects can be scrutinized by the community.

So far, Cloak is the only product that has actually posted public source code that can be used to build a firmware image from scratch – absolutely NO binaries that could hide potential back doors.  We are also the only ones that have actually ported Tor to OpenWrt and are not relying in an old Tor version from the OpenWrt project that is now dead and unsupported.

Please do comment on our forum if you have any questions regarding Cloak and/or my Anonabox Analysis.

Posted in Cloak, Competitors, Development, Technical, Tor

Government Surveillance

Posted in Anonymity, Encryption, Privacy, Tor

Busted

Lars Boegild Thomsen has dissected Anonabox – it gave up without a fight. For the more technical amongst you, you can skip straight to the gory details here.  The short version is, it doesn’t have any security at all – not even an access password.

It does connect to Tor. Not having any Wi Fi encryption and leaving root access password set to ‘admin’ is about as private as taking a piss in a glass bathroom with your microphone still on.

Dig the chutzpah

Scamming the public for 80 thousand dollars under cover of a “no guarantees” Indiegogo crowdfunding project and then selling the company has a bit of derring do about it. I like August Germar – he wrote to me personally and offered to buy me a beer if I’m ever in Chico – so I’m going to defend him.

We think he’s just honestly and utterly incompetent.

4,000 site hits in 6 hours

This is getting a lot of attention – at Reclaim Your Privacy we’re considering a Cloak resurrection for Easter.

We’ll be happy to answer any questions  in our forum.

Posted in Cloak, Privacy, Security, Tor

Anonymity Issue Fixed

Yesterday, Steve Lord (@stevelord on twitter) did a screen cast, where he was essentially dissecting the Cloak firmware.  I was fully aware of his intentions and had in fact provided him with a firmware copy myself.  I thoroughly enjoy being examined in this way as I do not believe in security by obscurity.

Overall I think we came out quite nicely.  Steve did however point out one issue related to Cloak allowing access to .onion addresses even when clients are connected to the Open network.  Originally I implemented this (which consisted of one network forward and one DNS forward) just because it was a damn cool thing.  However, Steve Lord is of course absolutely right, from an anonymity perspective it was a really stupid “feature”.  What can happen is that a web page on a hidden service can reference an image or a script on an open net server and your anonymity is shot to pieces.

I have of course immediately updated the source on Github and removed this issue.

Thanks to Steve for pointing this out.

Posted in Development, Security, Technical