TOR GUI Contest

TOR, the open source privacy software supported by the EFF, has just chosen winner for its GUI competition.

"The user interface designed by the CMU Usable Privacy and Security Laboratory took the "Best Overall" award, and the entry from April3rd scored the "Most Aesthetically Pleasing" award." ("Winners chosen in phase one of TOR GUI contest," NewsForge)

Phase two of the competition is beginning, this time with the focus being a working software implementation. This is a great project which will definitely help people who currently have troubling configuring this software.

"Search Across Computers" feature collects hard drive files and stores them on Google Servers

At a time when Google searches are being subpoenaed and the government seems to be able to collect information about people with fewer and fewer restrictions, this feature is far too dangerous and many users of Google desktop probably won't be aware of the implications. After 30 years have passed Google says that it will delete the information off its servers.

"If a consumer chooses to use it, the new "Search Across Computers" feature will store copies of the user's Word documents, PDFs, spreadsheets and other text-based documents on Google's own servers, to enable searching from any one of the user's computers. EFF urges consumers not to use this feature, because it will make their personal data more vulnerable to subpoenas from the government and possibly private litigants, while providing a convenient one-stop-shop for hackers who've obtained a user's Google password." ("Google Copies Your Hard Drive - Government Smiles in Anticipation," EFF Breaking News)

The EFF article on this topic points out that private information from a users computer can now be collected with a subpoena rather than a search warrant which is much easier. The Electronic Communication Privacy Act of 1986 lets online service providers store user information under much lower privacy protections than the protections that shield a users home computer. I agree with the EFF and their recommendation in this situation: "Consumers Should Not Use New Google Desktop" ("Google Copies Your Hard Drive - Government Smiles in Anticipation," EFF Breaking News)

An article by CNN is also a good summery of this situation

Why Senator Santorum Wants us to Pay to View the Weather

We pay for the National Weather Service with tax money and benefit from its predictions everyday.  Companies such as The Weather Channel and Accuweather also access this information in order to broadcast their "version" of the information.  The National Weather Service recently made a user-friendly weather site available.  Senator Santorum of Pennsylvania wants this new service stopped because it "competes" with the private weather industry.  Is he referring to the weather industry that repackages the information that they are receiving for free from tax payers?  Yes!  He is introducing the "National Weather Services Duties Act" which will make it illegal for the National Weather Service to publish user-friendly information.  The bill does allow for free forecasts of hazardous weather. 

"Ed Johnson, the weather service's director of strategic planning and policy, said his agency is expanding its online offerings to serve the public.  'If someone claims that our core mission is just warning the public of hazardous conditions, that's really impossible unless we forecast the weather all the time," Johnson said. "You don't just plug in your clock when you want to know what time it is.'"  ("Feds online weather data could go dark," Oxford Press)

Read about how to take action at the Electronic Frontier Foundation or otherwise enjoy your taxed paid service while you still can at the National Weather Service site. 

The Electronic Frontier Foundation is helping to promote an open source proxy client that was started by the US Navy, oddly enough. Tor is an application that protects against network surveillance. When used along with Privoxy the anonymity of web browsing is significantly increased. A fire fox plug-in (Tor switch Proxy) makes the switch between a direct connection and using Tor as a proxy. With this protection on, traffic analysis that allows the monitoring of Internet behavior is foiled. Tor works by using a network of what is known as onion routers. A client request is router through a series of virtual tunnels which are encrypted and passed through the distributed and anonymous network to their destination.

"Instead of taking a direct route from source to destination, data packets on the Tor network take a random pathway through several servers that cover your tracks so no observer at any single point can tell where the data came from or where it's going. To create a private network pathway with Tor, the user's software or client incrementally builds a circuit of encrypted connections through servers on the network. The circuit is extended one hop at a time, and each server along the way knows only which server gave it data and which server it is giving data to. No individual server ever knows the complete path that a data packet has taken. The client negotiates a separate set of encryption keys for each hop along the circuit to ensure that each hop can't trace these connections as they pass through." (EFF Overview)

The beauty of the set up is that it removes the ability of any node to be central to the process. The Tor system is dependent on its scale for its success.

"The security of the Tor service is proportional to the number of nodes in the system. Tor is slowly scaling and looking for tens of thousands of participants who can provide enough nodes to prevent the service from being compromised by what the project website describes as "curious telcos and brute-force attacks." ("Onion Routing Averts Prying Eyes," Wired News)

The Wired article points out a potential problem with this method. Since the current number of servers is low (about 35) it is possible someone could "compromise the network" by becoming a member who provides a server.(Wired News) The method of screening is the network's weak point but growth is the only way it can become stronger. Given that this is an open source project and the software is being given away for free, there is hope for increases in participation. The only issue that remains is making sure screening measures are adequate to maintain the high level of security desired by the clients of the system.

Related Articles Free Haven Project Publications