On Sun, Oct 18, 2009 at 04:38:57AM -0700, Kyle Williams wrote:

I just read two articles that moved me to bring this to the attention of others. Kaspersky Labs thinks anonymity is the problem with the Internet.

http://www.theregister.co.uk/2009/10/16/kaspersky_rebukes_net_anonymity/ " In Kaspersky's world, services such asB PsiphonB andB The Onion Router (Tor)B - which are legitimately used by Chinese dissidents and Google users alike to shield personally identifiable information - would no longer be legal. Or at least they'd have to be redesigned from the ground up to give police the ability to surveil them. That's not the kind of world many law-abiding citizens would feel comfortable inhabiting. "

He's talking about supporting a police state, where the "law" can watch everything you do.

http://www.zdnetasia.com/insight/security/0,39044829,62058697,00.htm " [Q:] Are you saying that people often don't understand the complexities of the work security researchers are involved in? Consumers, businesses and even governments? [A:] Governments do understand because they are more and more in touch with these problems. Enterprises, big enterprises, some of them have dedicated teams of security experts and they really understand what's going on. Consumers generally have no clue, but they don't need to understand. "

The only thing that works better than his A/V software is a well informed and educated user. My mom didn't know shit about what to do and not to do on the Internet and downloaded everything that was free, and that's why I would have to "fix" his computer every few months even though she uses AVG and SpyBot. Finally I sat her down, explained to her why this was happening, and told her not to do that anymore if she wanted her computer to work right. She listened, and hasn't had any serious problems for a few years now.

From the same article... " [Q:] If you had the power to change up to three things in the world today that are related to IT security, what would they be? [A:] Internet design--that's enough.

[Q:] That's it? What's wrong with the design of the Internet? [A:] There's anonymity. Everyone should and must have an identification, or Internet passport. The Internet was designed not for public use, but for American scientists and the U.S. military. That was just a limited group of people--hundreds, or maybe thousands. Then it was introduced to the public and it was wrongb&to introduce it in the same way. I'd like to change the design of the Internet by introducing regulation--Internet passports, Internet police and international agreement--about following Internet standards. And if some countries don't agree with or don't pay attention to the agreement, just cut them off. "

This is scary talk from a man who owns the largest anti-virus company in the eastern hemisphere. Read these articles, and you'll see this guy talks about a global "Internet police" or "Internet Interpol". That's serious globalization talk from someone who millions trust to protect their computers. All they need to do is label some code as malicious, and it'll be removed from your PC after the next A/V update....even if you use it to regain lost civil liberties. How long until Kaspersky labels Tor a trojan or virus? If that happens, then what?

People who seek to control society fear society having anonymity, for it's with anonymity that society can stand up against corruption of the state when it occurs. The latest Iran election and the actions that followed are a great example of this, and it's was technology such as Tor that helped them get the truth out about what was being done. When was the last time a trojan horse or virus helped a country regain liberty or help bypass censorship? To treat Tor as such malware is down right insulting to people's rights everywhere.

Normally I would never think about the following, but as a developer, I'm weighing the idea of detecting, disabling, and/or deleting Kaspersky before installing any of the projects I work on. Such action should be brought to the users attention, and the action to do something about it should be evoked by the user. However, if Kaspersky does go too far and labels Tor as malware, you can be damn sure JanusVM, *maybe* Tor VM, and Chromium Browser VM will take automated action to prevent itself from being attacked by Kaspersky products, and will do so in a very harsh way.

Something worth noting, today's A/V solutions do not scan inside virtual machines and would not be able to detect Tor easily. Use encryption with the VM and it'll be impossible for any A/V product to scan the data inside. If you use an external anonymity device like januspa or a linux router + Tor, then you would not feel the affects of bad A/V software against your anonymity.

Personally, I will be encouraging everyone I know to stay as far away from this company and their products simply out of principle at this point. I had no problem with Kaspersky until I read this. If Kaspersky is going to treat non malicious software as malware, then we might as well treat their software with the same regard.

Spread the word, Kaspersky Labs is not a friend of Tor.

Best regards, Kyle

"All that is necessary for the triumph of evil is that good men do nothing." - Edmund Burke *********************************************************************** To unsubscribe, send an e-mail to majordomo@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/ Thanks for the link. While I don't see this as a threat in the US, some East Asian countires wouldn't surprise me if they did similar to this.

-- Jake Todd // If it isn't broke, tweak it! ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE