MIT Thinks It Can One-Up TOR With New Anonymity Network: Riffle

Tor is the household name in anonymous networks but the system has vulnerabilities, especially when it comes to an attacker finding out who is sending and receiving messages. Researchers at MIT and the École Polytechnique Fédérale de Lausanne think they have found a better way in a system called Riffle. You can dig into the whitepaper but the MIT news article does a great job of providing an overview.

The strength at the core of Tor is the Onion Routing that makes up the last two letters the network’s name. Riffle keeps that aspect, building upon it in a novel way. The onion analogy has to do with layers of skins — a sending computer encrypts the message multiple times and as it passes through each server, one layer of encryption is removed.

Riffle starts by sending the message to every server in the network. It then uses Mix Networking to route the message to its final destination in an unpredictable way. As long as at least one of the servers in the network is uncompromised, tampering will be discovered when verifying that initial message (or through subsequent authenticated encryption checks as the message passes each server).

The combination of Mix Networking with the message verification are what is novel here. The message was already safe because of the encryption used, but Riffle will also protect the anonymity of the sender and receiver.

[via Engadget]

The Dark Arts: Anonymity

Love him or hate him, Edward Snowden knew a thing or two about anonymity. In June of 2013, he blew the whistle on the NSA’s out-of-control programs that can target virtually anyone plugged into the digital age. The former CIA employee was working as a contractor for the NSA, where he had access to highly classified documents for many of these general populace surveillance programs. He eventually took off to Hong Kong and released the documents to a handful of reporters. One of these documents was a power point presentation of the NSA complaining about how the TAILS operating system was a major thorn in their side. Naturally, Snowden insisted that the reporters and himself only communicate via the TAILS O/S. He used PGP, which is an encryption method with the highly sophisticated title of “Pretty Good Privacy”, and asked not to be quoted at length for fear of identification via stylometry.

In this article, we’re going to go over the basics of anonymity, and introduce you to methods of staying anonymous while online.

Continue reading “The Dark Arts: Anonymity”

A Better Anonabox With The Beaglebone Black

A few weeks ago, Anonabox, the ill-conceived router with custom firmware that would protect you from ‘hackers’ and ‘legitimate governments’ drew the ire of tech media. It was discovered that this was simply an off-the-shelf router with an installation of OpenWrt, and the single common thread in the controversy was that, ‘anyone can build that. This guy isn’t doing anything new.’

Finally, someone who didn’t have the terrible idea of grabbing another off the shelf router and putting it up on Kickstarter is doing just that. [Adam] didn’t like the shortcomings of the Anonabox and looked at the best practices of staying anonymous online. He created a Tor dongle in response to this with a Beaglebone Black.

Instead of using wireless like the Anonabox and dozens of other projects, [Andy] is using the Beaglebone as a dongle/Ethernet adapter with all data passed to the computer through the USB port. No, it doesn’t protect your entire network; only a single device and only when it’s plugged in.

The installation process is as simple as installing all the relevent software, uninstalling all the cruft, and configuring a browser. [Adam] was able to get 7Mb/sec down and 250kb/sec up through his Tor-ified Ethernet adapter while only using 40% of the BBB’s CPU.

Anonabox: How To Fail Horribly At Kickstarter

Late last week, Anonabox hit Kickstarter, glomming on to concerns over security, privacy, and censorship. The project was picked up on the usual tech blogs, lauding this project as the pinnacle of the Open Source, Open Hardware movement and a great investment for the privacy-minded technocrat in a post-Snowden world.

Then, the creator of Anonabox did an AMA on reddit. It was quickly discovered that the entire project was an off the shelf router found on AliExpress with reflashed firmware. The router sells for $20 in quantity one, and the Anonabox Kickstarter is giving them away with a minimum $51 pledge. The new firmware is basically a standard OpenWrt installation with a few changes to the config files. The project claims to solve the problem of hardware backdoors, but ships with a backdoor root password (the password is ‘developer!’), open WiFi, and ssh open by default. The Anonabox also claims to be a plug and play solution to security and privacy on the Internet, meaning if this project ever ships, there will be a lot of people who won’t change the default configuration. That’s rather hilarious in its implications.

According to the Kickstarter campaign, the Anonabox has gone through four years of development and four generations of hardware. [August] even has a great graphic demonstrating that each successive generation has reduced the size in half and doubled the system resources:

Unscaled
Image taken from Kickstarter campaign

Anyone with the slightest eye for detail will quickly realize that components, like Ethernet jacks, SD cards, and CF cards are always the same size. I wonder what this graphic would look like if all the boards were scaled so they were in proportion to each other?

Rescaled
Image rescaled so all boards are proportional to each other

Oh. That’s not fishy at all.

As with most Kickstarters that have seen this much negative attention, the project was suspended just a few hours ago, but not before gathering more than $600,000 in pledges at its peak.

suspended

Although the Anonabox failed, there is a market for a Tor-enabled router, and luckily we have one on hackaday.io. It’s so great that some of the copy for the Kickstarter campaign was lifted directly from this project. With a wealth of market research available, we can only hope that [CaptainStouf] runs his own campaign for the UnJailPi.

HOPE X: Wireless Tor Proxies And Sharing TrueCrypt Volumes

When you’re at HOPE, of course you’re going to see a few Tor proxies, but [Jose]’s is top-notch. It’s a completely portable Tor proxy (.br, Google translation), battery-powered, with a connection for 4G networks.

[Jose]’s OnionPi setup is based on the Adafruit version, but adds a few interesting features that make it even more useful. It’s battery-powered with about a day of charge time, has a built-in battery charger, Ethernet pass through, external 4G and WiFi antennas, all in a sealed case that makes the entire build impervious to the elements.

While this isn’t much of a hack per se, the amount of integration is impressive. There are switches to turn off each individual networking port, and all the relevant plugs are broken out to the front panel, with the AC input and USB serial connection using screw connectors that are supposedly very popular in Brazil.

[Jose] also brought along a new device that isn’t documented anywhere else on the web. It’s called NNCFA, or Nothing New Crypto For All. Using a Cubieboard, an interesting ARM single board computer with a SATA connector, [Jose] created a device that will mount TrueCrypt volumes on a hard drive and share them via Samba.

EFF Launches Open Router Firmware

Open Wireless Movement logo

The Electronic Frontier Foundation have released an alpha of their own Open Wireless Router Firmware as part of the Open Wireless Movement. This project aims to make it easier to share your wireless network with others, while maintaining security and prioritization of traffic.

We’ve seen a lot of hacks based on alternative router firmware, such as this standalone web radio. The EFF have based their router firmware off of CeroWRT, one of the many open source firmware options out there. At this time, the firmware package only targets the Netgear WNDR3800.

Many routers out there have guest modes, but they are quite limited and often have serious vulnerabilities. If you’re interested in sharing your wireless network, this firmware will help out by letting you share a specified amount of bandwidth. It also aims to have a secure web interface, and secure auto-update using Tor.

The EFF has announced this “pre-alpha hacker release” as a call for hackers who want to join in the fun. Development is happening over on Github, where you’ll find all of the source and issues.

Raspberry Pi Tor Proxy Lets You Take Anonymity With You

pi-tor-proxy

Your web traffic is being logged at many different levels. There are a few different options to re-implement your privacy (living off the grid excluded), and the Tor network has long been one of the best options. But what about when you’re away from you home setup? Adafruit has your back. They’ve posted a guide which will turn a Raspberry Pi into a portable Tor proxy.

The technique requires an Ethernet connection, but these are usually pretty easy to come by in hotels or relatives’ homes. A bit of work configuring the Linux network components will turn the RPi into a WiFi access point. Connect to it with your laptop or smartphone and you can browse like normal. The RPi will anonymize the IP address for all web traffic.

Leveraging the Tor network for privacy isn’t a new subject for us. We’ve looked at tor acks that go all the way back to the beginnings of Hackaday. The subject comes and goes but the hardware for it just keeps getting better!