jetlib.sec » Tags » privacy-event

Tags: privacy
Event: Chaos Communication Camp 2011
Abstract: This talk will introduce the next phase of the OpenLeaks project. We will present a more detailed insight into the project and take you on a tour around the different OL subprojects. We will also announce the activities we are planning for this years camp. This talk will introduce the next phase of the OpenLeaks project. Where last years congress was still too early, we would like to take the chance to present a more detailed insight into the project and its technicalities, and take you on a tour around the different subprojects OL is comprised of. We will also announce the activities we are planning for this years camp, including some workshops and a special surprise.

Tags:  chaos-communication-camp privacy-event technicalities  

Authors: Daniel Domscheit-Berg
Tags: information operation privacy
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: Due to popular demand, the talk will give an introduction to the OpenLeaks system and the idea behind it.

Tags:  video openleaks authors daniel-domscheit- chaos-communication-congress privacy-event information-operation  

Authors: Daniel Domscheit-Berg
Tags: information operation privacy
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: Due to popular demand, the talk will give an introduction to the OpenLeaks system and the idea behind it.

Tags:  openleaks audio authors daniel-domscheit- chaos-communication-congress privacy-event information-operation  

Authors: Daniel Domscheit-Berg
Tags: privacy
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: The talk will give an update on the status of the Icelandic Modern Media Initiative. If we put IMMI into the context of the bus Rop talked about in the keynote, then IMMI is the quality rubber for the tires that can ride that road safely. It is part of what our bus should look like, ride like, feel like. The talk will also try to define some more of that bus, and elaborate on what else we need apart from the best rubber we can get. The talk will hence deal with some of the latest developments in respect to freedom of speech, specifically that of the press, and political pressure being excersized on it, roles and responsibilities, and the role of responsibility. The talk will give an update on the status of the Icelandic Modern Media Initiative. If we put IMMI into the context of the bus Rop talked about in the keynote, then IMMI is the quality rubber for the tires that can ride that road safely. It is part of what our bus should look like, ride like, feel like. The talk will also try to define some more of that bus, and elaborate on what else we need apart from the best rubber we can get. The talk will hence deal with some of the latest developments in respect to freedom of speech, specifically that of the press, and political pressure being excersized on it, roles and responsibilities, and the role of responsibility.

Tags:  chaos-communication-congress privacy-event media-initiative  

Authors: Daniel Domscheit-Berg
Tags: privacy
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: The talk will give an update on the status of the Icelandic Modern Media Initiative. If we put IMMI into the context of the bus Rop talked about in the keynote, then IMMI is the quality rubber for the tires that can ride that road safely. It is part of what our bus should look like, ride like, feel like. The talk will also try to define some more of that bus, and elaborate on what else we need apart from the best rubber we can get. The talk will hence deal with some of the latest developments in respect to freedom of speech, specifically that of the press, and political pressure being excersized on it, roles and responsibilities, and the role of responsibility. The talk will give an update on the status of the Icelandic Modern Media Initiative. If we put IMMI into the context of the bus Rop talked about in the keynote, then IMMI is the quality rubber for the tires that can ride that road safely. It is part of what our bus should look like, ride like, feel like. The talk will also try to define some more of that bus, and elaborate on what else we need apart from the best rubber we can get. The talk will hence deal with some of the latest developments in respect to freedom of speech, specifically that of the press, and political pressure being excersized on it, roles and responsibilities, and the role of responsibility.

Tags:  chaos-communication-congress privacy-event media-initiative  

Tags: privacy
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: The objective of the session is to provide a critical overview of "privacy research" within computer science. The mechanisms proposed in the last ten year include mechanisms for anonymous communications, censorship resistance, selective disclosure credentials (and their integration in identity management systems), as well as privacy in databases. All of these system are meant to shield the user from different aspects of on-line surveillance either through allowing a user to keep some of her data "confidential" or by allowing her to assert "control" over her data. We will illustrate using concrete examples, why some paradigms came to dominate the field, their advantages, but also their blind spots, and unfulfilled promises given the conditions of our surveillance societies. Since 2000 there has been a renewed interest amongst computer scientists in the field of ”privacy technology”. This includes mechanisms for “anonymous” communications, censorship resistance, selective disclosure credentials, as well as privacy in databases - all of which are meant to shield the user from some aspects of on-line surveillance. Beyond the lab, some of those systems have been deployed and are widely used today. Yet, the type of surveillance against which privacy technologies are supposed to offer protection is often ill-defined, and widely varying between works: from an individual who wishes “to hide an occasional purchase from his spouse”, to “groups coordinating political dissent under totalitarian regimes”. While privacy is seen as the key unifying theme of these works only one aspect of it is systematically represented, namely ”confidentiality”. Privacy as self-definition, informational self-determination or as a public good that needs to be negotiated is often neglected. Further, the increasing omni-presence of surveillance technologies, the informatisation of every day life, as well as active resistance to on-line surveillance are used as justifying departure points for privacy technologies but they have so far not been explored in depth in the privacy research field. In this talk, we explore the development of contemporary privacy technologies, its key results and methodologies. At its heart our argument is that the field of privacy technology was seeded by computer security and cryptography experts that rushed to apply their tools to new problems, yielding mixed results. Additional pressures from different stakeholders to devise technology that will make large IT systems acceptable to the public has led to further confusion about the goals and methods most appropriate to embed privacy friendly values into computer systems. Further, the recent trend has been to replace the confidentiality paradigm with what can be called the "control" paradigm. Using concrete examples, we seek to explain why some paradigms came to dominate the field, their advantages, but also their blind spots, and unfulfilled promises.

Tags:  chaos-communication-congress selective-disclosure privacy-event  

Tags: privacy
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: The objective of the session is to provide a critical overview of "privacy research" within computer science. The mechanisms proposed in the last ten year include mechanisms for anonymous communications, censorship resistance, selective disclosure credentials (and their integration in identity management systems), as well as privacy in databases. All of these system are meant to shield the user from different aspects of on-line surveillance either through allowing a user to keep some of her data "confidential" or by allowing her to assert "control" over her data. We will illustrate using concrete examples, why some paradigms came to dominate the field, their advantages, but also their blind spots, and unfulfilled promises given the conditions of our surveillance societies. Since 2000 there has been a renewed interest amongst computer scientists in the field of ”privacy technology”. This includes mechanisms for “anonymous” communications, censorship resistance, selective disclosure credentials, as well as privacy in databases - all of which are meant to shield the user from some aspects of on-line surveillance. Beyond the lab, some of those systems have been deployed and are widely used today. Yet, the type of surveillance against which privacy technologies are supposed to offer protection is often ill-defined, and widely varying between works: from an individual who wishes “to hide an occasional purchase from his spouse”, to “groups coordinating political dissent under totalitarian regimes”. While privacy is seen as the key unifying theme of these works only one aspect of it is systematically represented, namely ”confidentiality”. Privacy as self-definition, informational self-determination or as a public good that needs to be negotiated is often neglected. Further, the increasing omni-presence of surveillance technologies, the informatisation of every day life, as well as active resistance to on-line surveillance are used as justifying departure points for privacy technologies but they have so far not been explored in depth in the privacy research field. In this talk, we explore the development of contemporary privacy technologies, its key results and methodologies. At its heart our argument is that the field of privacy technology was seeded by computer security and cryptography experts that rushed to apply their tools to new problems, yielding mixed results. Additional pressures from different stakeholders to devise technology that will make large IT systems acceptable to the public has led to further confusion about the goals and methods most appropriate to embed privacy friendly values into computer systems. Further, the recent trend has been to replace the confidentiality paradigm with what can be called the "control" paradigm. Using concrete examples, we seek to explain why some paradigms came to dominate the field, their advantages, but also their blind spots, and unfulfilled promises.

Tags:  chaos-communication-congress selective-disclosure privacy-event  

Tags: privacy
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: The objective of the session is to provide a critical overview of "privacy research" within computer science. The mechanisms proposed in the last ten year include mechanisms for anonymous communications, censorship resistance, selective disclosure credentials (and their integration in identity management systems), as well as privacy in databases. All of these system are meant to shield the user from different aspects of on-line surveillance either through allowing a user to keep some of her data "confidential" or by allowing her to assert "control" over her data. We will illustrate using concrete examples, why some paradigms came to dominate the field, their advantages, but also their blind spots, and unfulfilled promises given the conditions of our surveillance societies. Since 2000 there has been a renewed interest amongst computer scientists in the field of ”privacy technology”. This includes mechanisms for “anonymous” communications, censorship resistance, selective disclosure credentials, as well as privacy in databases - all of which are meant to shield the user from some aspects of on-line surveillance. Beyond the lab, some of those systems have been deployed and are widely used today. Yet, the type of surveillance against which privacy technologies are supposed to offer protection is often ill-defined, and widely varying between works: from an individual who wishes “to hide an occasional purchase from his spouse”, to “groups coordinating political dissent under totalitarian regimes”. While privacy is seen as the key unifying theme of these works only one aspect of it is systematically represented, namely ”confidentiality”. Privacy as self-definition, informational self-determination or as a public good that needs to be negotiated is often neglected. Further, the increasing omni-presence of surveillance technologies, the informatisation of every day life, as well as active resistance to on-line surveillance are used as justifying departure points for privacy technologies but they have so far not been explored in depth in the privacy research field. In this talk, we explore the development of contemporary privacy technologies, its key results and methodologies. At its heart our argument is that the field of privacy technology was seeded by computer security and cryptography experts that rushed to apply their tools to new problems, yielding mixed results. Additional pressures from different stakeholders to devise technology that will make large IT systems acceptable to the public has led to further confusion about the goals and methods most appropriate to embed privacy friendly values into computer systems. Further, the recent trend has been to replace the confidentiality paradigm with what can be called the "control" paradigm. Using concrete examples, we seek to explain why some paradigms came to dominate the field, their advantages, but also their blind spots, and unfulfilled promises.

Tags:  eld privacy surveillance chaos-communication-congress selective-disclosure privacy-event  

Authors: Dominik Herrmann
Tags: web application profiling privacy
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: This talk will provide a summary of recently discovered methods which allow to break the Internet's privacy and anonymity. We will show, amongst others: ways of distinguishing bots from humans. We use this technique to provide crawlers with false data or lure them into tar pits. Other than CAPTCHAs we introduce methods that profile the holistic behaviour within a single web session to distinguish users or bots within a longer timeframe based on subtle charactistics in most bots' implementations. breaking filtering of JavaScript in web-based proxies. While next to all web proxies advertise the capability of filtering JavaScript, the ubiqity of XSS and CSRF attacks have proven that correct filtering of arbitrary HTML is extremly difficult. track and re-identifying users based upon their web-profile. We show how a third-party observer (e. g. proxy server or DNS server) can create a long-term profile of roaming web users using only statistical patterns mined from their web traffic. These patterns are used to track users by linking multiple surfing sessions. Our attack does not rely on cookies or other unique identifiers, but exploits chatacteristic patterns of frequently accessed hosts. We demonstrate that such statistical attacks are practicable and we will also look into basic defense strategies. traffic analysis and fingerprinting attacks on users of anonymizing networks. Even if anonymizeres like Tor are used, a local adversary can measure the volume of transfered data and timing characteristics to e. g. determine the retrieved websites. We will shortly sketch the current state of the art in traffic analysis, which has been improved significantly within the last year

Tags:  privacy web traffic dominik-herrmann tor chaos-communication-congress web-proxies privacy-event  

Authors: Dominik Herrmann
Tags: web application profiling privacy
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: This talk will provide a summary of recently discovered methods which allow to break the Internet's privacy and anonymity. We will show, amongst others: ways of distinguishing bots from humans. We use this technique to provide crawlers with false data or lure them into tar pits. Other than CAPTCHAs we introduce methods that profile the holistic behaviour within a single web session to distinguish users or bots within a longer timeframe based on subtle charactistics in most bots' implementations. breaking filtering of JavaScript in web-based proxies. While next to all web proxies advertise the capability of filtering JavaScript, the ubiqity of XSS and CSRF attacks have proven that correct filtering of arbitrary HTML is extremly difficult. track and re-identifying users based upon their web-profile. We show how a third-party observer (e. g. proxy server or DNS server) can create a long-term profile of roaming web users using only statistical patterns mined from their web traffic. These patterns are used to track users by linking multiple surfing sessions. Our attack does not rely on cookies or other unique identifiers, but exploits chatacteristic patterns of frequently accessed hosts. We demonstrate that such statistical attacks are practicable and we will also look into basic defense strategies. traffic analysis and fingerprinting attacks on users of anonymizing networks. Even if anonymizeres like Tor are used, a local adversary can measure the volume of transfered data and timing characteristics to e. g. determine the retrieved websites. We will shortly sketch the current state of the art in traffic analysis, which has been improved significantly within the last year

Tags:  privacy web traffic dominik-herrmann tor chaos-communication-congress web-proxies privacy-event  

Authors: Brenno De Winter
Tags: privacy
Event: Chaos Communication Congress 28th (28C3) 2011
Abstract: Meet the Netherlands: a nation filled with techno-optimists protecting our freedom by puting in place restrictions on what you can do, reducing our privacy and have technology as a solution for anything and everything. When you make a trip we store your details for two years, your airplane meal selection from two years earlier is good data to test with and when migrating the government website we keep the old website running in an unmaintained state. If you have nothing to hide nothing can go wrong and there is nothing you can do. Well not quite. What would happen if you play the system? If you would take the train and hack the card? What if you were to pick up the resistance you face and use it in your advantage. No matter what the costs would carry on? If you would take some data and show the failures? Not just once but a full month long and call that month Leaktober. What if you would publicly call the failures with our personal data? Ultimately you make a difference. You change the law, you changes the rules of the game and you really can raise the question if storing all that data is really needed. Ultimately people really start to doubt if this is the right way to go. This is a strategic and tactical story on how you can regain some privacy and data protection. Even though for a journalist this should be normal work, thanks to some people these things become very personal. It ends in criminal prosecution, legal threats, insults, a successful counter hack and ultimately a lot of benefits. But standing up for a cause does work as long as you focus on the stories you want to bring. My story is about hacking the system from the inside, overcoming fear and showing bureaucrats that hackers are people too. The talk is a lessons learnt how a few people can change a nation with hacker beliefs if they really want to. A guideline on how to make a difference by hacking the system you want to change. Where you can even make huge mistakes, but with some luck you can win a world. How you can make your critical voice be heard. Zillions of lessons learnt.

Tags:  nothing privacy system winter-tags the-netherlands chaos-communication-congress privacy-event overcoming-fear  

Authors: Brenno De Winter
Tags: privacy
Event: Chaos Communication Congress 28th (28C3) 2011
Abstract: Meet the Netherlands: a nation filled with techno-optimists protecting our freedom by puting in place restrictions on what you can do, reducing our privacy and have technology as a solution for anything and everything. When you make a trip we store your details for two years, your airplane meal selection from two years earlier is good data to test with and when migrating the government website we keep the old website running in an unmaintained state. If you have nothing to hide nothing can go wrong and there is nothing you can do. Well not quite. What would happen if you play the system? If you would take the train and hack the card? What if you were to pick up the resistance you face and use it in your advantage. No matter what the costs would carry on? If you would take some data and show the failures? Not just once but a full month long and call that month Leaktober. What if you would publicly call the failures with our personal data? Ultimately you make a difference. You change the law, you changes the rules of the game and you really can raise the question if storing all that data is really needed. Ultimately people really start to doubt if this is the right way to go. This is a strategic and tactical story on how you can regain some privacy and data protection. Even though for a journalist this should be normal work, thanks to some people these things become very personal. It ends in criminal prosecution, legal threats, insults, a successful counter hack and ultimately a lot of benefits. But standing up for a cause does work as long as you focus on the stories you want to bring. My story is about hacking the system from the inside, overcoming fear and showing bureaucrats that hackers are people too. The talk is a lessons learnt how a few people can change a nation with hacker beliefs if they really want to. A guideline on how to make a difference by hacking the system you want to change. Where you can even make huge mistakes, but with some luck you can win a world. How you can make your critical voice be heard. Zillions of lessons learnt.

Tags:  nothing privacy system winter-tags the-netherlands chaos-communication-congress privacy-event overcoming-fear  

Tags: law privacy
Event: Chaos Communication Congress 28th (28C3) 2011
Abstract: The idea of Dining Cryptographers-Networks (DC) offers a much better anonymity compared to MIX-Networks: Defined anonymity sets, no need to trust in a central service, no possible attack for data retention. In this talk you will learn about DC-Networks, advanced key generation methods (resulting in a DC+-Network) and a library to make DC-Networks available to your programs.

Tags:  chaos-communication-congress privacy-event dc-network  

Tags: law privacy
Event: Chaos Communication Congress 28th (28C3) 2011
Abstract: The idea of Dining Cryptographers-Networks (DC) offers a much better anonymity compared to MIX-Networks: Defined anonymity sets, no need to trust in a central service, no possible attack for data retention. In this talk you will learn about DC-Networks, advanced key generation methods (resulting in a DC+-Network) and a library to make DC-Networks available to your programs.

Tags:  chaos-communication-congress privacy-event dc-network  

Tags: privacy
Event: Chaos Communication Congress 28th (28C3) 2011
Abstract: This talk is about: Information freedom and the issues for the citizens RWB ressources: a “human network” RWB needs: Get involved! ** Freedom of information and citizen issues Why defend media freedom, journalists and bloggers? Because without a free press, no cause can make its voice heard, no human rights violation can be reported. Specific examples of information vital to the public (links below): - the tainted baby formula scandal in China exposed by the netizen Zhao Lianhai, who was arrested as a result - Organized crime denounced by netizens, some of whom have been killed. Rascatripas, the moderator of the Nuevo Laredo en Vivo website, murdered on 9 November 2011 - RWB sees how the media and methods of spreading news and information are evolving, and is adapting to the changes - RWB helps all kinds of “information producers” including professional journalists and bloggers and takes positions on the problems specific to new media WikiLeaks hounded - Capacity building and e-advocacy: RWB provides bloggers, cyber-dissidents and journalists with the means to continue reporting and circulating information. Provision of censorship circumvention tools (including VPN) and online security training, circulation of viral campaigns, awareness campaigns, information about online risks. ** RWB’s resources: a “human network” A human network: 150 correspondents worldwide + informal contacts Strong lobbying capacity (European Parliament and Washington) A legal committee Handbook for Bloggers and Handbook for Journalists during Elections Training (in Thailand, in Paris in February, in China and elsewhere in the future) Virtual Shelter project: Creation of electronic safe and website for hosting censored content ** RWB’s needs: Get involved! Need for people whose technical skills can help us to evaluate a country’s Internet, by carrying out tests to determine the filters used, the presence of Deep Packet Inspection and so on. Need for technicians who can tell us about the safety of the various communications methods used. Which governments monitor Skype, IRC, BBM, and Google Talk? Which email service or VoIP to use? Need for the help of experts in viral marketing, search engine marketing and information monitoring. Need for contacts in companies that cooperate with Internet censorship (or former employees) Need for the help of jurists in different countries to analyze the growing number of laws that regulate the Internet

Tags:  chaos-communication-congress citizen-issues privacy-event  

Tags: privacy
Event: Chaos Communication Congress 28th (28C3) 2011
Abstract: This talk is about: Information freedom and the issues for the citizens RWB ressources: a “human network” RWB needs: Get involved! ** Freedom of information and citizen issues Why defend media freedom, journalists and bloggers? Because without a free press, no cause can make its voice heard, no human rights violation can be reported. Specific examples of information vital to the public (links below): - the tainted baby formula scandal in China exposed by the netizen Zhao Lianhai, who was arrested as a result - Organized crime denounced by netizens, some of whom have been killed. Rascatripas, the moderator of the Nuevo Laredo en Vivo website, murdered on 9 November 2011 - RWB sees how the media and methods of spreading news and information are evolving, and is adapting to the changes - RWB helps all kinds of “information producers” including professional journalists and bloggers and takes positions on the problems specific to new media WikiLeaks hounded - Capacity building and e-advocacy: RWB provides bloggers, cyber-dissidents and journalists with the means to continue reporting and circulating information. Provision of censorship circumvention tools (including VPN) and online security training, circulation of viral campaigns, awareness campaigns, information about online risks. ** RWB’s resources: a “human network” A human network: 150 correspondents worldwide + informal contacts Strong lobbying capacity (European Parliament and Washington) A legal committee Handbook for Bloggers and Handbook for Journalists during Elections Training (in Thailand, in Paris in February, in China and elsewhere in the future) Virtual Shelter project: Creation of electronic safe and website for hosting censored content ** RWB’s needs: Get involved! Need for people whose technical skills can help us to evaluate a country’s Internet, by carrying out tests to determine the filters used, the presence of Deep Packet Inspection and so on. Need for technicians who can tell us about the safety of the various communications methods used. Which governments monitor Skype, IRC, BBM, and Google Talk? Which email service or VoIP to use? Need for the help of experts in viral marketing, search engine marketing and information monitoring. Need for contacts in companies that cooperate with Internet censorship (or former employees) Need for the help of jurists in different countries to analyze the growing number of laws that regulate the Internet

Tags:  chaos-communication-congress citizen-issues privacy-event  

Authors: Conrad Lee
Tags: privacy
Event: Chaos Communication Congress 28th (28C3) 2011
Abstract: A practical discussion of how potentially revolutionary, yet ethically questionable data---such as that from facebook---is currently being handled in academia. With every day that passes, the users of social media websites are providing scientists with ever-richer, larger datasets on human behavior. At the same time, machine-learning techniques allow us to exploit this data to accurately predict who these users are and how they will behave in the future. I begin this talk by outlining the need for public datasets containing rich information on individuals and their social relations. I then show how in practice, distribution and use of such datasets by academics is awkward and confused. I conclude with some consideration of how "enhancing" datasets by, for example, inferring missing or hidden data using machine learning classifiers, creates yet another ethical grey-zone.

Tags:  science invasion privacy conrad-lee-tags chaos-communication-congress public-datasets privacy-event  

Tags: privacy
Event: Chaos Communication Congress 28th (28C3) 2011
Abstract: We are members of Alternatif Bilişim Derneği (Alternative Informatics Association)**, one of many organizations that oppose the ongoing efforts for state-controlled Internet in Turkey. We see that the problems with media control in Turkey and in Europe are increasingly becoming part of a global problem. The governments are working on their own view of a 'secure' Internet, and we have to articulate and suggest an alternative. In our talk we want to give an account of our anti-censorship movement and the challenges we face in Turkey. We will first provide an overview of the political events; sanctions, censorship regulations and attempts of resistance in the country. Then, we will point out the main problems we face in making use of laws and technology against state control. We would also like to use our presentation as an opportunity to meet people at the CCC with similar affinities and to learn from their experience. We see a great need to create global networks and communities to articulate an alternative message; the Internet as the peoples’ media. Ali Rıza Keleş* arkeles@alternatifbilisim.org Ayşe Kaymak aysakaymak@gmail.com Işık Barış Fidaner fidaner@gmail.com Seda Gürses sguerses@esat.kuleuven.be We are members of Alternatif Bilişim Derneği (Alternative Informatics Association)**, one of many organizations that oppose the ongoing efforts for state-controlled Internet in Turkey. We see that the problems with media control in Turkey and in Europe are increasingly becoming part of a global problem. The governments are working on their own view of a 'secure' Internet, and we have to articulate and suggest an alternative. In our talk we want to give an account of our anti-censorship movement and the challenges we face in Turkey. We will first provide an overview of the political events; sanctions, censorship regulations and attempts of resistance in the country. Then, we will point out the main problems we face in making use of laws and technology against state control. We would also like to use our presentation as an opportunity to meet people at the CCC with similar affinities and to learn from their experience. We see a great need to create global networks and communities to articulate an alternative message; the Internet as the peoples’ media. A short history Despite its growing economy, democracy and fundamental rights have always been disputed in Turkey, where the shadow of the 1980 coup and still unresolved Kurdish problem is strongly felt, with the state persistently denying Kurdish citizens’ rights and repressing real political opposition to canalize the people’s consent to the authorized ‘official’ parties in the parliament. The coup in 1980 was mainly used to implement liberal policies, and this process is near completion: most state enterprises have been privatized in the last decade, including Türk Telekom, the phone company and the single ISP that owns the ADSL infrastructure in Turkey. In the same decade, the Internet use became widespread. Yet, the increasing popularity of the Internet has been accompanied by attempts to control it through criminal sanctions. Until 2007, tens of thousands of websites had been blocked by courts as ‘precaution’, including sites like Wordpress and YouTube. After the Law 5651 in 2007, even more websites were censored directly by government administration. As a response to this law, Sansüre Karşı Platform (Platform Against Censorship) was organized. In the first anti-censorship rally in 17 July 2010, nearly 3000 people participated, including Internet youth, political parties, trade unions, etc. Not long after the events in Tunisia and Egypt; the state institution for telecommunication, Bilgi Teknolojileri ve İletişim Kurumu (BTK) made a decision to force ISPs to provide unpaid Internet filters under the headings 'children', 'family' etc. This move created an enormous reaction, the culmination of which led to a nationwide Internet freedom rally in 15 May 2011 that took place in tens of cities. Alone in Istanbul 60 thousand people marched against the imposed censorship measures. What followed was a smearing campaign by controlled media (including state TV) against the protesters, and a pseudo-governance meeting with NGOs by BTK. After the general elections in June, the war with PKK escalated, suppressing the BTK decision out of media attention. Currently, DNS or IP blocking is used mostly for 'obscene' and in some cases for political websites. National security has always functioned as an excuse for the Turkish state to introduce exceptions to a rule or to make the exception the rule itself. An example is 'Ulusal Kripto Yönetmeliği' (National Crypto By-law) that was put in order in 2010. This by-law necessitates ‘official authorization’ for any encrypted communication by any citizen, and also requires the citizens to give away their encryption mechanisms and private keys to BTK for ‘storage’. In conclusion, we have reasons to believe that the government is currently developing infrastructure to utilize methods like deep packet inspection (DPI) as weapons in a 'cyberwar', possibly against its own people. These methods will include monitoring and labeling of Internet users as well as blocking communication. We made use of our 'right to information' to inquire about the plans for employing DPI, but were ‘informed’ that this is 'beyond the limits our right to information'. Problems in using laws & technology against state control The greatest problems with respect to guaranteeing fundamental rights in technology deployment and use currently are with how laws are made and how they are enforced. The lawmaking process is exclusionist, only including a few NGOs that can better be called QUANGOs (quasi-autonomous non-governmental organizations). There are several political parties and trade unions, but even their peaceful protests are occasionally declared ‘unauthorized’ and considered illegal. People in general do not trust the judiciary system, but are simply unorganized and do not believe in their power. The regime bases its legitimacy on ideology and not on lawful justice. Türk Telekom (TT), privatized in 2005, monopolizes the ADSL infrastructure, making Internet services expensive and prone to state control. In 2007, a workers' strike in TT had triggered debates on this monopoly being protected by the government. The company also acts as a service provider in several domains, creating questions about net neutrality. Another problem is with the limitation of how people can relate to technology. Computers, cellphones and other gadgets are aggressively marketed and widely used throughout the country, but the marketed forms of use mostly remain superficial, e.g., these gadgets are depicted as entertainment or as status symbols. We argue that the hegemony of these consumerist cultural connotations do hamper diverse uses of these products for a variety of motivations. A small community of Linux promoters have emerged around universities. These groups could promote alternative approaches to technology. However, under the usual political fears, they only articulate their positions professionally. Their statements usually target Microsoft or other big proprietary software companies. This position is compatible with the officially accepted national pride and national security positions in Turkey, and hence is limited to politics of technology only (see Pardus project). Leftist and Kurdish political organizations are in a position to benefit most from digital communication technologies. However, they still lack the capacity and enthusiasm to use it effectively. Alternative political media initiatives online exist, but they are mostly limited to standard uses and their technical quality reflect the lack of developers in the political community. In Turkey, engineering education is praised and supported by families. Families make up for the lack of a financially strong social system. The society in general also praises technical knowledge. However, a strong barrier separates the 'educated people' who are supposed to know it, from 'regular people' who are only supposed to consume it. Under economic pressure and feeling indebted to their families, most white collar workers dedicate themselves to their work in private companies. There is some space in some universities for shared work and creativity, but such spaces are getting smaller as most universities are being turned into technical schools. Ali Rıza Keleş, Işık Barış Fidaner are software developers, Ayşe Kaymak is a lawyer from Istanbul. Seda Gürses is an Internet researcher from Brussels. ** Alternatif Bilişim is a social network that includes users, developers and researchers of digital technologies, studying and practicing alternative uses of technology. Ultimately, our objective is to diminish the alienation of people to technical knowledge.

Tags:  chaos-communication-congress censorship-regulations privacy-event  

Authors: Lasse Øverlier Paul Syverson
Tags: Tor privacy
Event: Black Hat Federal 2006

Tags:  server authors network paul-syverson tor-anonymity hide tor seek privacy-event black-hat  

Authors: Amanda Hubbard Bryan Cunningham
Tags: law privacy
Event: Black Hat EU 2006

Tags:  law separated privacy amanda-hubbard-bryan-cunningham information-security-and-privacy privacy-event privacy-law  

Authors: Sarah Gordon
Tags: privacy
Event: Black Hat USA 2004

Tags:  authors privacy event sarah-gordon-tags usa privacy-event sarah-gordon black-hat  

Authors: Roger Dingledine
Tags: VPN privacy
Event: Black Hat USA 2004

Tags:  authors vpn tags roger-dingledine usa privacy-event dingledine black-hat  

Authors: Len Sassaman
Tags: forensic privacy
Event: Black Hat USA 2002

Tags:  dead authors forensic len-sassaman usa privacy-event sassaman black-hat  

Authors: Roger Dingledine
Tags: privacy
Event: Black Hat USA 2002

Tags:  authors hard anonymity roger-dingledine usa privacy-event dingledine black-hat  

Authors: Adam Shostack
Tags: privacy
Event: Black Hat EU 2003

Tags:  adam-shostack privacy-event black-hat  

Authors: Len Sassaman
Tags: privacy
Event: Black Hat EU 2003

Tags:  privacy useful designing len-sassaman privacy-event sassaman black-hat  

Authors: Simple Nomad
Tags: privacy
Event: Black Hat USA 2003

Tags:  authors covering tracks usa privacy-event black-hat slides  

Authors: Len Sassaman Roger Dingledine
Tags: Tor privacy
Event: Black Hat USA 2003

Tags:  practice authors anonymity len-sassaman roger-dingledine tor usa privacy-event sassaman dingledine  

Authors: Len Sassaman Roger Dingledine
Tags: Tor privacy
Event: Black Hat USA 2003

Tags:  theory authors anonymity len-sassaman roger-dingledine tor usa privacy-event sassaman dingledine  

Authors: Len Sassaman
Tags: privacy
Event: Black Hat USA 2007

Tags:  discontents anonymity paper len-sassaman usa privacy-event sassaman black-hat  

Authors: Andrew Lindell
Tags: privacy
Event: Black Hat USA 2007

Tags:  privacy anonymous paper andrew-lindell usa anonymous-authentication privacy-event black-hat  

Authors: Andrew Lindell
Tags: privacy
Event: Black Hat USA 2007

Tags:  authentication privacy anonymous andrew-lindell usa anonymous-authentication privacy-event black-hat  

Authors: Adrian Crenshaw
Tags: privacy
Event: Black Hat DC 2011
Abstract: This paper will present research into services hosted internally on the I2P anonymity network, especially I2P hosted websites known as eepSites, and how the true identity of the Internet host providing the service may be identified via information leaks on the application layer. By knowing the identity of the Internet host providing the service, the anonymity set of the person or group that administrates the service can be greatly reduced. The core aim of this paper will be to test the anonymity provided by I2P for hosting eepSites, focusing primarily on the application layer and mistakes administrators and developers may make that could expose a service provider’s identity or reduce the anonymity set they are part of. We will show attacks based on the intersection of I2P users hosting eepSites on public IPs with virtual hosting, the use of common web application vulnerabilities to reveal the IP of an eepSite, as well as general information that can be collected concerning the nodes participating in the I2P anonymity network.

Tags:  anonymity service identity information-leaks core-aim privacy-event  

Authors: Andrew Case
Tags: Tor privacy
Event: Black Hat DC 2011
Abstract: Traditional digital forensics encompasses the examination of data from an offline or “dead” source such as a disk image. Since the filesystem is intact on these images, a number of forensics techniques are available for analysis such as file and metadata examination, timelining, deleted file recovery, indexing, and searching. Live CDs present a large problem for this forensics model though as they run solely in RAM and do not interact with the local disk. This removes the ability to perform an orderly examination since the filesystem is no longer readily available and putting random pages of data into context can be very difficult for in-depth investigations. In order to solve this problem, we present a number of techniques that allow for complete recovery of a live CD’s in-memory filesystem and partial recovery of its previously deleted contents. We also present memory analysis of the popular Tor application as it is used by a number of live CDs in an attempt to keep network communications encrypted and anonymous.

Tags:  filesystem analysis examination andrew-case tor privacy-event memory-analysis physical-memory  

Authors: Andrew Case
Tags: Tor privacy
Event: Black Hat DC 2011
Abstract: Traditional digital forensics encompasses the examination of data from an offline or “dead” source such as a disk image. Since the filesystem is intact on these images, a number of forensics techniques are available for analysis such as file and metadata examination, timelining, deleted file recovery, indexing, and searching. Live CDs present a large problem for this forensics model though as they run solely in RAM and do not interact with the local disk. This removes the ability to perform an orderly examination since the filesystem is no longer readily available and putting random pages of data into context can be very difficult for in-depth investigations. In order to solve this problem, we present a number of techniques that allow for complete recovery of a live CD’s in-memory filesystem and partial recovery of its previously deleted contents. We also present memory analysis of the popular Tor application as it is used by a number of live CDs in an attempt to keep network communications encrypted and anonymous.

Tags:  filesystem analysis examination andrew-case tor privacy-event memory-analysis physical-memory  

Tags: privacy
Event: DEFCON 18

Tags:  video meet privacy privacy-event cyber-war deterrence  

Tags: privacy
Event: DEFCON 18

Tags:  audio meet privacy privacy-event cyber-war deterrence  

Tags: privacy
Event: DEFCON 18

Tags:  eff video meet privacy-event  

Tags: privacy
Event: DEFCON 18

Tags:  eff audio meet privacy-event  

Authors: Christopher Soghoian
Tags: privacy
Event: DEFCON 18

Tags:  audio isp government christopher-soghoian privacy-event best-friends  

Authors: Eric Rachner Jim Rennie
Tags: law privacy
Event: DEFCON 18

Tags:  video search seizure jim-rennie eric-rachner privacy-event video-search  

Authors: Kevin Bankston Nicole Ozer
Tags: privacy
Event: DEFCON 18

Tags:  video big brother kevin-bankston nicole-ozer video-big-brother privacy-event ozer  

Authors: Kevin Bankston Nicole Ozer
Tags: privacy
Event: DEFCON 18

Tags:  audio big brother kevin-bankston nicole-ozer privacy-event ozer fact-fiction  

Authors: Sho Ho
Tags: privacy
Event: DEFCON 18

Tags:  video foe feed privacy-event  

Authors: Marcia Hofmann
Tags: privacy
Event: DEFCON 18

Tags:  audio file fbi marcia-hofmann privacy-event hofmann  

Authors: Marcia Hofmann
Tags: privacy
Event: DEFCON 18

Tags:  video file fbi marcia-hofmann privacy-event hofmann  

Authors: Sho Ho
Tags: privacy
Event: DEFCON 18

Tags:  foe feed Release privacy-event slides  

Authors: Peter Eckersley
Tags: fingerprinting browser privacy
Event: DEFCON 18

Tags:  audio unique browser peter-eckersley privacy-event eckersley  

Authors: Peter Eckersley
Tags: fingerprinting browser privacy
Event: DEFCON 18

Tags:  video unique browser peter-eckersley privacy-event eckersley  

Authors: Peter Eckersley
Tags: fingerprinting browser privacy
Event: DEFCON 18

Tags:  authors unique browser peter-eckersley privacy-event eckersley slides  

Tags: network sniffer privacy
Event: DEFCON 18

Tags:  internet video exploiting internet-surveillance-systems privacy-event  

Tags: network sniffer privacy
Event: DEFCON 18

Tags:  internet audio exploiting internet-surveillance-systems privacy-event  

Tags: network sniffer privacy
Event: DEFCON 18

Tags:  surveillance internet exploiting internet-surveillance-systems privacy-event slides  

Authors: Greg Conti
Tags: privacy
Event: DEFCON 18

Tags:  authors instrumented sensors greg-conti privacy-event  

Authors: Greg Conti
Tags: privacy
Event: DEFCON 18

Tags:  audio instrumented sensors greg-conti privacy-event  

Authors: Greg Conti
Tags: privacy
Event: DEFCON 18

Tags:  video instrumented sensors greg-conti privacy-event  

Authors: Chema Alonso Jose Palazon
Tags: network privacy
Event: DEFCON 18

Tags:  video authors foca alonso-jose-palazon privacy-event network-privacy  

Authors: Chema Alonso Jose Palazon
Tags: network privacy
Event: DEFCON 18

Tags:  audio authors foca alonso-jose-palazon privacy-event network-privacy  

Authors: Tracy Ann Kosa
Tags: security privacy
Event: SecTor 2010

Tags:  video security privacy tracy-ann-kosa privacy-event security-authors kosa  

Authors: Tracy Ann Kosa
Tags: security privacy
Event: SecTor 2010

Tags:  keynote security privacy tracy-ann-kosa privacy-event security-authors kosa  

Tags: privacy
Event: LayerOne 2006

Tags:  video tags anonymos privacy-event  

Tags: privacy
Event: LayerOne 2006

Tags:  slides tags anonymos privacy-event  

Authors: Jacob Appelbaum
Tags: Tor privacy
Event: Confidence 2010 Krakow

Tags:  audio privacy anonymity jacob-appelbaum tor krakow anonymity-privacy privacy-event  

Authors: Jacob Appelbaum
Tags: Tor privacy
Event: Confidence 2010 Krakow

Tags:  video privacy anonymity jacob-appelbaum tor krakow anonymity-privacy privacy-event  

Authors: Xinwen Fu
Tags: vulnerability Tor privacy
Event: Black Hat DC 2009

Tags:  video break cell tor privacy-event black-hat anonymity  

Authors: Xinwen Fu
Tags: vulnerability Tor privacy
Event: Black Hat DC 2009

Tags:  break anonymity cell tor privacy-event black-hat  

Authors: Xinwen Fu
Tags: vulnerability Tor privacy
Event: Black Hat DC 2009

Tags:  audio break cell tor privacy-event black-hat anonymity  

Authors: Jeroen van Beek
Tags: privacy
Event: Black Hat USA 2008

Tags:  audio authors reloaded usa privacy-event epassports van-beek  

Authors: Jeroen van Beek
Tags: privacy
Event: Black Hat USA 2008

Tags:  authors reloaded jeroen usa privacy-event van-beek black-hat  

Authors: Jeroen van Beek
Tags: privacy
Event: Black Hat USA 2008

Tags:  video authors reloaded usa privacy-event epassports van-beek  

Authors: Tadayoshi Kohno Kevin Fu
Tags: privacy
Event: Black Hat USA 2008

Tags:  audio new privacy kevin-fu usa privacy-event black-hat implantable  

Authors: Tadayoshi Kohno Kevin Fu
Tags: privacy
Event: Black Hat USA 2008

Tags:  video new privacy privacy-event black-hat implantable  

Authors: Moxie Marlinspike
Tags: privacy
Event: Black Hat EU 2010
Abstract: We won the war for strong cryptography, anonymous darknets exist in the wild today, and decentralized communication networks have emerged to become reality. These strategies for communicating online were conceived of in anticipation of a dystopian future, but somehow these original efforts have fallen short of delivering us from the most pernicious threats to privacy that we're now facing. Rather than a centralized state-based database of all our communication and movements, modern threats to privacy have become something much more subtle, and perhaps all the more sinister. This talk will explore these evolving trends and discuss some interesting solutions in the works.

Tags:  video privacy communication privacy-event google interesting-solutions  

Authors: Jacob Appelbaum
Tags: Tor privacy
Event: Source Conference Boston 2010

Tags:  circumvention privacy anonymity jacob-appelbaum tor boston anonymity-privacy privacy-event  

Tags: privacy
Event: DEFCON 17

Tags:  video meet feds privacy-event  

Tags: privacy
Event: DEFCON 17

Tags:  audio meet feds privacy-event  

Tags: privacy
Event: DEFCON 17

Tags:  privacy-event civil-liberties  

Tags: privacy
Event: DEFCON 17

Tags:  privacy-event civil-liberties  

Authors: Tyler Pitchford
Tags: law privacy
Event: DEFCON 17

Tags:  audio search seizure tyler privacy-event search-and-seizure audio-search  

Authors: Tyler Pitchford
Tags: law privacy
Event: DEFCON 17

Tags:  explained search seizure tyler privacy-event search-and-seizure pitchford  

Authors: Tyler Pitchford
Tags: law privacy
Event: DEFCON 17

Tags:  video search seizure tyler privacy-event search-and-seizure pitchford  

Tags: privacy
Event: DEFCON 17

Tags:  video foe feeding using-proxy-servers privacy-event  

Tags: privacy
Event: DEFCON 17

Tags:  foe controversial feeding using-proxy-servers privacy-event  

Tags: privacy
Event: DEFCON 17

Tags:  audio foe feeding using-proxy-servers privacy-event  

Authors: Gregory Fleischer
Tags: Tor privacy
Event: DEFCON 17

Tags:  video attacking application tor gregory-fleischer privacy-event application-layer fleischer  

Authors: Gregory Fleischer
Tags: Tor privacy
Event: DEFCON 17

Tags:  attacking application layer tor gregory-fleischer privacy-event application-layer fleischer  

Authors: Gregory Fleischer
Tags: Tor privacy
Event: DEFCON 17

Tags:  attacking audio application tor gregory-fleischer privacy-event application-layer fleischer  

Authors: Dan Kaminsky Tiffany Rad
Tags: DNS privacy
Event: DEFCON 17

Tags:  video hostname name tiffany-rad dan-kaminsky privacy-event tiffany  

Authors: Dan Kaminsky Tiffany Rad
Tags: DNS privacy
Event: DEFCON 17

Tags:  audio hostname name tiffany-rad dan-kaminsky privacy-event tiffany  

Authors: Roger Dingledine
Tags: Tor privacy
Event: DEFCON 17

Tags:  video authors slow roger-dingledine tor privacy-event dingledine  

Authors: Roger Dingledine
Tags: Tor privacy
Event: DEFCON 17

Tags:  authors slow paper roger-dingledine tor privacy-event dingledine  

Authors: Roger Dingledine
Tags: Tor privacy
Event: DEFCON 17

Tags:  audio authors slow roger-dingledine tor privacy-event dingledine  

Tags: privacy
Event: DEFCON 17

Tags:  personal audio def con privacy-event personal-account  

Tags: privacy
Event: DEFCON 17

Tags:  personal video def con privacy-event personal-account  

Tags: privacy
Event: DEFCON 17

Tags:  use unfair video privacy-event speculations piracy  

Authors: Sherri Davidoff
Tags: privacy
Event: DEFCON 17

Tags:  audio anonymous death sherri-davidoff privacy-event travel-authors  

Authors: Sherri Davidoff
Tags: privacy
Event: DEFCON 17

Tags:  video anonymous death sherri-davidoff privacy-event travel-authors video-death  

Tags: privacy
Event: DEFCON 17

Tags:  use unfair audio privacy-event speculations piracy  

Authors: Robert 'Rsnake' Hansen Joshua 'Jabra' Abraham
Tags: web tracing privacy
Event: DEFCON 17

Tags:  video authors unmasking abraham-tags joshua robert privacy-event jabra hansen  

Authors: Robert 'Rsnake' Hansen Joshua 'Jabra' Abraham
Tags: web tracing privacy
Event: DEFCON 17

Tags:  audio authors unmasking abraham-tags joshua robert privacy-event jabra  

Authors: Robert 'Rsnake' Hansen Joshua 'Jabra' Abraham
Tags: web tracing privacy
Event: DEFCON 17

Tags:  rsnake authors unmasking abraham-tags joshua robert privacy-event jabra hansen  

Authors: Jacob Appelbaum
Tags: Tor privacy
Event: Confidence 2009 Krakow

Tags:  video keynote authors jacob-appelbaum tor-network tor krakow privacy-event  

Authors: Jacob Appelbaum
Tags: Tor privacy
Event: Confidence 2009 Krakow

Tags:  keynote audio authors jacob-appelbaum tor-network tor krakow privacy-event  

Tags: privacy
Event: Chaos Communication Congress 26th (26C3) 2009
Abstract: This will be a stream of the Fnord-Jahresrückblick 2009, as it will be too crowded in Saal 1. We try to get a translation, but there is no guarantee yet, so a German version might be possible, too.

Tags:  video jahresrckblick stream chaos-communication-congress privacy-event fnord  

Authors: Mike Brennan
Tags: authorship privacy
Event: Chaos Communication Congress 26th (26C3) 2009
Abstract: Authorship recognition based on linguistics (known as Stylometry) has contributed to literary and historical breakthroughs. These successes have led to the use of these techniques in criminal investigations and prosecutions. Stylometry, however, can also be used to infringe upon the privacy of individuals who wish to publish documents anonymously. Our research demonstrates how various types of attacks can reduce the effectiveness of stylometric techniques down to the level of random guessing and worse. These results are made more significant by the fact that the experimental subjects were unfamiliar with stylometric techniques, without specialized knowledge in linguistics, and spent little time on the attacks. This talk will also examine the ways in which authorship recognition can be used to thwart privacy and anonymity and how these attacks can be used to mitigate this threat. It will also cover our current progress in establishing a large corpus of writing samples and attack data and the creation of a tool which can aid authors in preserving their privacy when publishing anonymously. This research was originally motivated by the idea of using stylometry, which is the study of authorship recognition based on linguistic style, to increase security. Could stylometry be used as an aid for verifying the identity of a user? The first step was to see how stylometry held up against adversarial attacks. We developed two attacks and found that they were devastatingly effective against various methods of stylometry. This turned our goal for the research from looking at how stylometry could increase security by verifying an identity to how attacking stylometry can increase security by helping anonymous authors maintain their privacy and protect their identity. This research presents a framework for adversarial attacks including obfuscation attacks, where a subject attempts to hide their identity and imitation attacks, where a subject attempts to frame another subject by imitating their writing style. The major contribution of this research is that it demonstrates that both attacks work very well. The obfuscation attack reduces the effectiveness of the techniques to the level of random guessing and the imitation attack succeeds with 68-91% probability depending on the stylometric technique used. This research also provides another significant contribution to the field in using human subjects to empirically validate the claim of high accuracy for current techniques (without attacks) by reproducing results for three representative stylometric methods. The talk examines the threat that stylometry can pose to anonymity, and what can be done about it. Advice is offered on how to obfuscate your writing style based on what was learned from the subjects in this study. The talk will also discuss current work to create a tool that helps authors hide their writing style. This tool will use a large corpus of existing writing and attack passages in multiple languages along with a variety of stylometric techniques based on different features and machine learning methods. A call for help is also put out to the listeners and readers of this research to participate in the creation of this corpus in multiple languages so the tool can be helpful to as many authors as possible.

Tags:  research stylometry privacy mike-brennan chaos-communication-congress privacy-event  

Authors: Roger Dingledine
Tags: Tor privacy
Event: Chaos Communication Congress 26th (26C3) 2009
Abstract: Tor was originally designed as a civil liberties tool for people in the West. But if governments can block connections *to* the Tor network, who cares that it provides great anonymity? A few years ago we started adapting Tor to be more robust in countries like China. We streamlined its network communications to look more like ordinary SSL, and we introduced "bridge relays" that are harder for an attacker to find and block than Tor's public relays. In the aftermath of the Iranian elections in June, and then the late September blockings in China, we've learned a lot about how circumvention tools work in reality for activists in tough situations. I'll give an overview of the Tor architecture, and summarize the variety of people who use it and what security it provides. Then we'll focus on the use of tools like Tor in countries like Iran and China: why anonymity is important for circumvention, why transparency in design and operation is critical for trust, the role of popular media in helping – and harming – the effectiveness of the tools, and tradeoffs between usability and security. After describing Tor's strategy for secure circumvention (what we thought would work), I'll talk about how the arms race actually seems to be going in practice.

Tags:  network anonymity circumvention roger-dingledine tor china iran chaos-communication-congress privacy-event iranian-elections  

Authors: Roger Dingledine
Tags: Tor privacy
Event: Chaos Communication Congress 26th (26C3) 2009
Abstract: Tor was originally designed as a civil liberties tool for people in the West. But if governments can block connections *to* the Tor network, who cares that it provides great anonymity? A few years ago we started adapting Tor to be more robust in countries like China. We streamlined its network communications to look more like ordinary SSL, and we introduced "bridge relays" that are harder for an attacker to find and block than Tor's public relays. In the aftermath of the Iranian elections in June, and then the late September blockings in China, we've learned a lot about how circumvention tools work in reality for activists in tough situations. I'll give an overview of the Tor architecture, and summarize the variety of people who use it and what security it provides. Then we'll focus on the use of tools like Tor in countries like Iran and China: why anonymity is important for circumvention, why transparency in design and operation is critical for trust, the role of popular media in helping – and harming – the effectiveness of the tools, and tradeoffs between usability and security. After describing Tor's strategy for secure circumvention (what we thought would work), I'll talk about how the arms race actually seems to be going in practice.

Tags:  network anonymity circumvention roger-dingledine tor china iran chaos-communication-congress privacy-event iranian-elections  

Tags: privacy
Event: Chaos Communication Congress 26th (26C3) 2009

Tags:  wikileaks video Release chaos-communication-congress privacy-event release-1  

Authors: Linton Wells
Tags: information operation privacy
Event: DEFCON 14

Tags:  video unclassified information wells privacy-event linton-wells information-operation  

Authors: Linton Wells
Tags: information operation privacy
Event: DEFCON 14

Tags:  audio unclassified information wells privacy-event linton-wells information-operation  

Tags: cryptography privacy
Event: DEFCON 14

Tags:  video plausible deniability privacy-event plausible-deniability  

Tags: cryptography privacy
Event: DEFCON 14

Tags:  audio plausible deniability privacy-event plausible-deniability