[OPLIN 4cast] OPLIN 4cast #449: Tor exits in libraries
OPLIN Support
support at oplin.ohio.gov
Wed Aug 5 10:30:16 EDT 2015
Email not displaying correctly? View it in your browser.
<http://www.oplin.org/4cast/> [image: OPLIN 4Cast]
OPLIN 4cast #449: Tor exits in libraries
August 5th, 2015
[image: anonymous Internet users]About eleven months ago, we devoted a
*4cast* post <http://www.oplin.org/4cast/?p=4891> to Tor, leading off with
a Boing Boing article by Alison Macrina about libraries in Massachusetts
using the Tor browser to protect patron privacy. Ms. Macrina is the founder
and director of the Library Freedom Project
<https://libraryfreedomproject.org>, which last week announced a new
initiative to establish Tor exit relays in libraries, "to help libraries
protect internet freedom." The whole point of Tor is to provide online
anonymity, so things like browsing habits cannot be tracked. Ironically,
however, several articles also published last week reported on findings
that Tor browsing currently may not be totally anonymous after all.
- Tor exit relays in libraries: a new LFP project
<https://libraryfreedomproject.org/torexitpilotphase1/> (Library Freedom
Project | Alison Macrina and Nima Fatemi) "When a user opens the Tor
Browser and navigates to a website, her traffic is bounced over three
relays, scrambling her traffic with three layers of encryption, making her
original IP address undetectable. The exit relay is the last relay in this
circuit, the one that talks to the public internet. Fast, stable exit
relays are vital to the strength of the Tor network. Non-exit relays -
guards, middle relays, and bridges - are also important to the Tor network,
but exit nodes are the most needed, and libraries can afford some of the
legal exposure that comes with an exit."
- Crypto activists announce vision for Tor exit relay in every library
<http://arstechnica.com/tech-policy/2015/07/crypto-activists-announce-vision-for-tor-exit-relay-in-every-library/>
(Ars Technica | Cyrus Farivar) "'Librarians see the value as soon as you
say "privacy protecting technology,"' Alison Macrina
<https://twitter.com/flexlibris?lang=en> of the LFP told Ars via
encrypted chat. 'When we get into the basics of free software and
cryptography, they are hooked.' For now, the LFP has only managed to set up
a middle relay-one of the three major types of relays in a library in New
Hampshire, but hopes that after further testing it can be upgraded to an
exit relay in about a month."
- Shoring up Tor <http://newsoffice.mit.edu/2015/tor-vulnerability-0729>
(MIT News | Larry Hardesty) "During the establishment of a circuit,
computers on the Tor network have to pass a lot of data back and forth. The
researchers showed that simply by looking for patterns in the number of
packets passing in each direction through a guard, machine-learning
algorithms could, with 99 percent accuracy, determine whether the circuit
was an ordinary Web-browsing circuit, an introduction-point circuit, or a
rendezvous-point circuit. Breaking Tor's encryption wasn't necessary.
Furthermore, by using a Tor-enabled computer to connect to a range of
different hidden services, they showed that a similar analysis of traffic
patterns could identify those services with 88 percent accuracy. That means
that an adversary who lucked into the position of guard for a computer
hosting a hidden service, could, with 88 percent certainty, identify it as
the service's host.
- MIT researchers figure out how to break Tor anonymity without cracking
encryption
<http://www.extremetech.com/extreme/211169-mit-researchers-figure-out-how-to-break-tor-anonymity-without-cracking-encryption>
(ExtremeTech | Ryan Whitwam) "This is only possible because the attacker
is running the entry node the victim is connected to. However, the entry
node is selected randomly for each session. The attacker would need to run
a lot of guard nodes to identify a significant number of connections and it
would be very hard to target a specific user. The fix for this attack is
actually pretty simple. The Tor network needs to start sending dummy
packets that make all requests look the same."
*Articles from Ohio Web Library <http://ohioweblibrary.org>:*
- Dissent made safer.
<http://search.ebscohost.com.proxy.oplin.org/login.aspx?direct=true&db=buh&AN=43972320&site=ehost-live>
(*Technology Review*, May/June 2009, p.60-65 | David Talbot)
- Web search query privacy: Evaluating query obfuscation and anonymizing
networks.
<http://search.ebscohost.com.proxy.oplin.org/login.aspx?direct=true&db=buh&AN=94007304&site=ehost-live>
(*Journal of Computer Security*, 2014, p.155-199 | Sai Teja Peddinti and
Nitesh Saxena)
- The Tor browser and intellectual freedom in the digital age.
<http://search.ebscohost.com.proxy.oplin.org/login.aspx?direct=true&db=aph&AN=103412240&site=ehost-live>
(*Reference & User Services Quarterly*, Summer 2015, p.17-20 | Alison
Macrina)
------------------------------
The *OPLIN 4cast* is a weekly compilation of recent headlines, topics, and
trends that could impact public libraries. You can subscribe to it in a
variety of ways, such as:
- *RSS feed.* You can receive the OPLIN 4cast via RSS feed by
subscribing to the following URL:
http://www.oplin.org/4cast/index.php/?feed=rss2.
- *Live Bookmark.* If you're using the Firefox web browser, you can go
to the 4cast website (http://www.oplin.org/4cast/) and click on the
orange "radio wave" icon on the right side of the address bar. In Internet
Explorer 7, click on the same icon to view or subscribe to the 4cast RSS
feed.
- *E-mail.* You can have the OPLIN 4cast delivered via e-mail (a'la
OPLINlist and OPLINtech) by subscribing to the 4cast mailing list at
http://mail.oplin.org/mailman/listinfo/OPLIN4cast.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplin4cast/attachments/20150805/8b51e4cc/attachment.html>
More information about the OPLIN4cast
mailing list