WIRED: Anonymity on a Disk

[Eugen Leitl]

http://www.wired.com/news/technology/0,70017-0.html?tw=wn_tophead_1

By  Quinn Norton | Also by this reporter

WASHINGTON DC -- To many privacy geeks, it's the holy grail -- a totally
anonymous and secure computer so easy to use you can hand it to your
grandmother and send her off on her own to the local Starbucks.

That was the guiding principle for the members of kaos.theory security
research

when they set out to put a secure crypto-heavy operating systems on a bootable
CD: a disk that would offer the masses the same level of privacy available to
security professionals, but with an easy user interface.

"If Granny's into trannies, and doesn't want her grandkids to know, she should
be able to download without fear," says Taylor Banks, project leader.

It's a difficult problem, entailing a great deal of attention to both security
details and usability issues. The group finally unveiled their finished
product at the Shmoo Con hacker conference here Saturday, with mixed results.

Titled Anonym.OS, the system is a type of disk called a "live CD" -- meaning
it's a complete solution for using a computer without touching the hard drive.
Developers say Anonym.OS is likely the first live CD based on the
security-heavy OpenBSD operating system.

OpenBSD running in secure mode is relatively rare among desktop users. So to
keep from standing out, Anonym.OS leaves a deceptive network fingerprint. In
everything from the way it actively reports itself to other computers, to
matters of technical minutia such as TCP packet length, the system is designed
to look like Windows XP SP1. "We considered part of what makes a system
anonymous is looking like what is most popular, so you blend in with the
crowd," explains project developer Adam Bregenzer of Super Light Industry.

Booting the CD, you are presented with a text based wizard-style list of
questions to answer, one at a time, with defaults that will work for most
users. Within a few moments, a fairly naive user can be up and running and
connected to an open Wi-Fi point, if one is available.

Once you're running, you have a broad range of anonymity-protecting
applications at your disposal.

But actually using the system can be a slow experience. Anonym.OS makes
extensive use of Tor, the onion routing network that relies on an array of
servers passing encrypted traffic to permit untraceable surfing. Sadly, Tor
has recently suffered from user-base growth far outpacing the number of
servers available to those users -- at last count there were only 419 servers
worldwide. So Tor lags badly at times of heavy use.

Between Tor's problems, and some nagging performance issues on the disk
itself, Banks concedes that the CD is not yet ready for the wide audience he
hopes to someday serve. "Is Grandma really going to be able to use it today? I
don't know. If she already uses the internet, yes."

Experts also say Anonym.OS may not solve the internet's most pressing issues,
such as the notorious China problem: repressive governments that monitor their
population's net access, and censor or jail citizens who speak out against the
government.

Ethan Zuckerman, fellow with Harvard's Berkman Center for Internet and
Society, works extensively with international bloggers and journalists, many
of whom live under constant threat from their own governments. He see
Anonym.OS as a blessing for some -- but not for those at the greatest risk.

"I think it's going to be tremendously useful for fairly sophisticated users
when they are traveling, but where it may not be as effective as people would
hope is in counties where the government is really seriously about locking
down the net, constraining internet access," Zuckerman says.

Because most people in the developing world use the internet from shared
desktop environments, services for them have to consider office place and
cyber cafe-based computer situations. "Rebooting isn't often an option,"
explains Zuckerman, who would like to see anonymity solutions move toward
minimally invasive strategies like the TorPark, a USB key that allows access
to a Tor enabled browser without rebooting, and private proxies matched up one
by one with dissidents.

But kaos.theory members say Anonym.OS is just the first step in making
anonymity widely available. Future versions, they say, may run on a USB
keychain. Additionally, they plan to implement Enigmail to allow encrypted
e-mail for Thunderbird and Gaim Off The Record, which allows users to use
instant messaging without their logs being tied to them.

David Del Torto, chief security officer of the non-profit CryptoRights group,
says projects like Anonym.OS are heading in the right direction, but thinks
the project overreaches by trying to be useful to everyone. "Grandmas are not
the ones that need this right now.... My instincts tell me that it's a very
small number of people (that can use Anonym.OS). You can't really solve this
problem by simplifying the interface. It's almost impossible to anticipate
everything a user can do to hurt themselves."


--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]