I have switched my tor node to the experimental branch and it is now running version 0.2.4.17-rc. The huge load on the network seen since the botnet starting using it on about 19 August last has forced the tor project team to recommend that all relay operators move to the 0.2.4 branch (and this release …
Category: privacy and anonymity
Permanent link to this article: https://baldric.net/2013/09/10/tor-node-upgrade/
Aug 25 2013
openPGP usage
Over at the the cypherpunks mail list, one Tony Arcieri posted a graphic showing an interesting rise in the number of OpenPGP keys registered on the SKS keyserver in the last month or so. The graphic comes from the SKS statistics page. The overall trend is clearly upwards, and has been for some time, but …
Permanent link to this article: https://baldric.net/2013/08/25/openpgp-usage/
Aug 23 2013
thank you citizen
Imagine Dave’s censorship (^W) surveillance program outsourced to G4S.
Permanent link to this article: https://baldric.net/2013/08/23/thank-you-citizen/
Aug 23 2013
untrusted dod certificate
Chris Williams over at El Reg posted a nice article about the kind of crypto best practice you need to follow if you care about privacy. The article questions the wisdom of using David Miranda as what Williams calls a “data mule” to carry physical electronic media (possibly) containing sensitive data through Heathrow and goes …
Permanent link to this article: https://baldric.net/2013/08/23/untrusted-dod-certificate/
Aug 22 2013
tor usage on the rise
A couple of weeks ago I noted that the release of tails 0.20 seemed to be popular – at least if the traffic on my mirrors was anything to go by. The statistics published by the Tor project itself show an interesting rise in (probable) Tor usage since June. The graphic shows that the number …
Permanent link to this article: https://baldric.net/2013/08/22/tor-usage-on-the-rise/
Aug 20 2013
aunty doesn’t get it
The BBC has today commented on the Guardian story about David Miranda’s detention for nearly nine hours at Heathrow under Schedule 7 of the UK Terrorism Act 2000. The BBC’s on-line report ends with a web feedback form asking: Have you been detained under schedule 7 of the Terrorism Act 2000 at a British airport, …
Permanent link to this article: https://baldric.net/2013/08/20/aunty-doesnt-get-it/
Aug 12 2013
porn over postie
I was browsing the RevK’s blog (originally brought to my attention by David) this morning and came across this gem. It would seem that some UK households have been receiving unsolicited pornographic DVDs through the post. As the RevK says: Well, obviously the Royal Mail need a default opt-in adult content filtering in place for …
Permanent link to this article: https://baldric.net/2013/08/12/porn-over-postie/
Aug 10 2013
tor users under attack
The Tor network does not just provide anonymous internet access, it also provides for so-called hidden services. These services are not visible outside the Tor network and are only reachable over Tor. The servers are given Tor specific addresses of the form “xyz123.onion” (actually, the addresses are a little more complicated than that because the …
Permanent link to this article: https://baldric.net/2013/08/10/tor-users-under-attack/
Aug 09 2013
lavabit dead
I run my own mail server for a number of reasons. And I rarely regret that decision. However, there have been occasions in the past when relying on a single mail provider (even when that provider is myself) has proven problematic. The first problem arose several years ago when the ISP which I use for …
Permanent link to this article: https://baldric.net/2013/08/09/lavabit-dead/
Jul 28 2013
repeat after me – snowden is not the story
John Naughton has an interesting column in his “networker” series in today’s Observer. In it he laments the fact that the majority of the world’s mainstream media seem more intent on reporting on Snowden the man than on what Snowden has revealed. He starts: “Repeat after me: Edward Snowden is not the story. The story …
Permanent link to this article: https://baldric.net/2013/07/28/repeat-after-me-snowden-is-not-the-story/
Jul 17 2013
save your money – just use tails
I suppose it was inevitable that the Snowden revelations would lead to greater interest in privacy and anonymity. I applaud that. I suppose it was also inevitable that there would be a rash of commercial products emerging from both “entrepreneurs” and the more established “security” companies to take advantage of that increased interest. That, I …
Permanent link to this article: https://baldric.net/2013/07/17/save-your-money-just-use-tails/
Jul 15 2013
tor and https at eff
For those of you unsure of what might leak where and when using tor and/or https to protect your browsing, there is a useful interactive graphic on the EFF site. As EFF point out, the potentially visible data includes: the site you are visiting, your username and password, the data you are transmitting, your IP …
Permanent link to this article: https://baldric.net/2013/07/15/tor-and-https-at-eff/
Jul 14 2013
base64 gets past omani deep packet inspection
Back in December 2011 Roger Dingledine and Jacob Applebaum of the torproject gave a talk at the 28th Chaos Communication Congress titled “How governments have tried to block Tor“. That talk focused on the arms race between privacy campaigners and technologists working on tor and the actions of oppressive governments. The presentation gave many examples …
Permanent link to this article: https://baldric.net/2013/07/14/base64-gets-past-omani-deep-packet-inspection/
Jun 24 2013
more irony
This is lovely. On a whim I have just checked the DNS for the Guardian. I got the following results: MX records: guardian.co.uk mail exchanger = 30 guardian.co.uk.s200b1.psmtp.com. guardian.co.uk mail exchanger = 40 guardian.co.uk.s200b2.psmtp.com. guardian.co.uk mail exchanger = 10 guardian.co.uk.s200a1.psmtp.com. guardian.co.uk mail exchanger = 20 guardian.co.uk.s200a2.psmtp.com. So – all four MX records point to SMTP …
Permanent link to this article: https://baldric.net/2013/06/24/more-irony/
Jun 16 2013
prism opt-out
In all the noise on the ‘net about the alleged NSA PRISM program, this new site offers an amusing, but nonetheless useful, list of free alternatives to proprietary software. In part the site sort of misses the point about PRISM, but it is still good to see someone taking the time to point out that …
Permanent link to this article: https://baldric.net/2013/06/16/prism-opt-out/
Jun 15 2013
Edward Snowden
The revelations of the past week or so have been interesting to me more for what they haven’t said, than what they have. There are a few points arising from Snowden’s story which puzzle me and which don’t seem to have been addressed by the mainstream media – at least not the ones I read. …
Permanent link to this article: https://baldric.net/2013/06/15/edward-snowden/
Jun 10 2013
PRISM – we had it first
I can exclusively reveal that the UK government had a PRISM database long before those upstarts in the USA. In the late 1970s I worked in the Statistics Division of what was then the UK Civil Service Department. We used a database of Civil Service personnel called PRISM (Personnel Record Information System for Management). I …
Permanent link to this article: https://baldric.net/2013/06/10/prism-we-had-it-first/
May 29 2013
another good reason not to buy one
Back in November 2011 I wrote about the TP-Link TL-SC3130G IP camera. I had some trouble getting that device to work properly over wifi so I returned it and got my money back. Today, Core Security released an advisory about this device (and several others from TP-Link) about a remotely exploitable vulnerability arising from “hard-coded …
Permanent link to this article: https://baldric.net/2013/05/29/another-good-reason-not-to-buy-one/
Apr 27 2013
cool
I have just been notified that I am eligible for a Tor T shirt. How cool is that? This is a Tor Weather Report. Congratulations! The node 0xbaddad (id: C332 113D F99E 367E 4190 424C E825 057D 9133 7ADD) you’ve been observing has been running for 61 days with an average bandwidth of 2278 KB/s,which …
Permanent link to this article: https://baldric.net/2013/04/27/cool/
Mar 27 2013
gchq recruitment site stores plaintext passwords
I can’t resist this. El Reg today points to a blog post by a guy called Dan Farrall who has commented on his experience of receiving a plain text reminder of his GCHQ recruitment site password by email after filling out its forgotten password form. Farrall’s blog post is worth reading. Whilst he acknowledges that …
Permanent link to this article: https://baldric.net/2013/03/27/gchq-recruitment-site-stores-plaintext-passwords/
Mar 13 2013
impolite spam
Most blogs get hit by spammers aiming to get their URLs posted in the comments section. Like most wordpress based blogs, I use the default Akismet antispam plugin. I don’t like it, I don’t like the fact that it is shipped by default, I don’t like the fact that it is increasingly becoming non-free (as …
Permanent link to this article: https://baldric.net/2013/03/13/impolite-spam/
Dec 11 2012
moonlighting in parliament
Yesterday I followed a link from Duncan Campbell’s Reg article on the joint parliamentary committee’s scrutiny of the Communications Data Bill referred to in my post below. That link took me to the UK Parliamentary website which I confess I haven’t visited in a while. I was initially irritated that the video format used on …
Permanent link to this article: https://baldric.net/2012/12/11/moonlighting-in-parliament/
Dec 10 2012
tor and the UK data communications bill
As a Tor node operator, I have an interest in how the draft UK Data Communications Bill would affect me should it be passed into law. In particular, I would be worried if Tor ended up being treated as a “telecommunications operator” within the terms of the Act (should it become an Act). Fortunately, Steven …
Permanent link to this article: https://baldric.net/2012/12/10/tor-and-the-uk-data-communications-bill/
Nov 27 2012
what gives with dban?
Recently I have been faced with the need to wipe a bunch of hard disks removed from some old (indeed, in one or two cases, very old) PCs before disposal. Normally I would have used DBAN to do this because it gives me a nice warm feeling that I have taken all reasonable steps and …
Permanent link to this article: https://baldric.net/2012/11/27/what-gives-with-dban/