Anonymity, Usability, and Humans. Pick Two.

Similar documents
Tor: Online anonymity, privacy, and security.

Anonymity Tor Overview

BBC Tor Overview. Andrew Lewman March 7, Andrew Lewman () BBC Tor Overview March 7, / 1

FBI Tor Overview. Andrew Lewman January 17, 2012

Online Anonymity. Andrew Lewman June 8, 2010

Anonymous Communications

Understanding, Growing, & Extending Online Anonymity

DFRI, Swedish Internet Forum 2012

Online Anonymity & Privacy. Andrew Lewman The Tor Project

Anonymity and censorship circumvention with Tor

Tor and circumvention: Lessons learned. Roger Dingledine The Tor Project

Peeling Onions Understanding and using

Vulnerabilities in Tor: (past,) present, future. Roger Dingledine The Tor Project

Tor. Tor Anonymity Network. Tor Basics. Tor Basics. Free software that helps people surf on the Web anonymously and dodge censorship.

OnlineAnonymity. OpenSource OpenNetwork. Communityof researchers, developers,usersand relayoperators. U.S.501(c)(3)nonpro%torganization

A SIMPLE INTRODUCTION TO TOR


The Tor Network. Cryptography 2, Part 2, Lecture 6. Ruben Niederhagen. June 16th, / department of mathematics and computer science

Definition. Quantifying Anonymity. Anonymous Communication. How can we calculate how anonymous we are? Who you are from the communicating party

Tor: a brief intro. Roger Dingledine The Tor Project

Tor: The Second-Generation Onion Router. Roger Dingledine, Nick Mathewson, Paul Syverson

0x1A Great Papers in Computer Security

CS Paul Krzyzanowski

THE SECOND GENERATION ONION ROUTER. Roger Dingledine Nick Mathewson Paul Syverson. -Presented by Arindam Paul

Tor Hidden Services. Roger Dingledine Free Haven Project Electronic Frontier Foundation.

Tor, a quick overview

Computer Security. 15. Tor & Anonymous Connectivity. Paul Krzyzanowski. Rutgers University. Spring 2017

Anonymous communications: Crowds and Tor

Outline. Traffic multipliers. DoS against network links. Smurf broadcast ping. Distributed DoS

Private Browsing. Computer Security. Is private browsing private? Goal. Tor & The Tor Browser. History. Browsers offer a "private" browsing modes

Anonymous Communication and Internet Freedom

CNT Computer and Network Security: Privacy/Anonymity

FACEBOOK SAFETY FOR JOURNALISTS. Thanks to these partners for reviewing these safety guidelines:

Anonymous Communication and Internet Freedom

IP address. When you connect to another computer you send it your IP address.

Port-Scanning Resistance in Tor Anonymity Network. Presented By: Shane Pope Dec 04, 2009

ENEE 459-C Computer Security. Security protocols

Fact Sheet: Cloud Flare and the Tor Project

ENEE 459-C Computer Security. Security protocols (continued)

Instructions 1. Elevation of Privilege Instructions. Draw a diagram of the system you want to threat model before you deal the cards.

Onion Routing. Varun Pandey Dept. of Computer Science, Virginia Tech. CS 6204, Spring

The Activist Guide to Secure Communication on the Internet. Introduction

You are the internet

DOMINICK DESIGNS ERADICATE TECH PHOBIA WEBSITES & TECH TRAINING SEMINARS. (843)

Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. EJ Jung

Low-Cost Traffic Analysis of Tor

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Introduction to Tor. January 20, Secure Web Browsing and Anonymity. Tor Mumbai Meetup, Sukhbir Singh

Tor: An Anonymizing Overlay Network for TCP

(S//REL) Open Source Multi-Hop Networks

CS 134 Winter Privacy and Anonymity

System-Level Failures in Security

Anonymity C S A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2012

How Do Tor Users Interact With Onion Services?

Online Anonymity with Tor Browser Bundle

Telex Anticensorship in the Network Infrastructure

Anonymity With Tor. The Onion Router. July 21, Technische Universität München

Privacy defense on the Internet. Csaba Kiraly

CE Advanced Network Security Anonymity II

2012 in review: Tor and the censorship arms race. / Runa A. Sandvik /

Anonymous Communication with emphasis on Tor* *Tor's Onion Routing. Paul Syverson U.S. Naval Research Laboratory

The Battle Against Anonymous Browsing: The Security Challenges Presented by Tor

Detecting Denial of Service Attacks in Tor

A Case For OneSwarm. Tom Anderson University of Washington.

Instructions 1 Elevation of Privilege Instructions

Covert Channels Towards a Qual Project

ANDROID PRIVACY & SECURITY GUIDE ANDROID DEVICE SETTINGS

Dark Web. Ronald Bishof, MS Cybersecurity. This Photo by Unknown Author is licensed under CC BY-SA

Telex Anticensorship in the

Introduction. The website. E-newsletter. Use of cookies

Anonymity in P2P Systems

Backend IV: Authentication, Authorization and Sanitization. Tuesday, January 13, 15

2 ND GENERATION ONION ROUTER

One of the fundamental kinds of websites that SharePoint 2010 allows

Breaking Tor Sessions with HTML5. Marco Bonetti 19 Nov 2009 DeepSec - Vienna

Protocols for Anonymous Communication

Host Website from Home Anonymously

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, autumn 2015

Cryptography opportunities in Tor. Nick Mathewson The Tor Project 21 January 2013

SurfSolo VPN VPN PRIVACY TUNNEL. SurfSolo VPN. User Manual. Version 1.0. User Manual v.1.0 Page 1

DISSENT: Accountable, Anonymous Communication

Onion Routing. Submitted By, Harikrishnan S Ramji Nagariya Sai Sambhu J

Anonymity. Assumption: If we know IP address, we know identity

Anonymity. With material from: Dave Levin and Michelle Mazurek

Crowds Anonymous Web Transactions. Why anonymity?

CS232. Lecture 21: Anonymous Communications

The Internet of Things. Steven M. Bellovin November 24,

Putting the P back in VPN: An Overlay Network to Resist Traffic Analysis

SMART DEVICES: DO THEY RESPECT YOUR PRIVACY?

Consumerization. Copyright 2014 Trend Micro Inc. IT Work Load

Tor: a quick overview. Roger Dingledine The Tor Project

Anonymity. Professor Patrick McDaniel CSE545 - Advanced Network Security Spring CSE545 - Advanced Network Security - Professor McDaniel

Onion services. Philipp Winter Nov 30, 2015

Analytics, Insights, Cookies, and the Disappearing Privacy

Threat Modeling. Bart De Win Secure Application Development Course, Credits to

African Theatre Association (AfTA) PRIVACY POLICY

Course Outline (version 2)

Adaptive throttling of Tor clients by entry guards

The State of the Trust Gap in 2015

Transcription:

Anonymity, Usability, and Humans. Pick Two. Runa A. Sandvik runa@torproject.org 20 September 2011 Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 1 / 26

About Runa Studied at the Norwegian University of Science and Technology Worked for the Tor Project during Google Summer of Code in 2009 Developer, security researcher, translation coordinator Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 2 / 26

What are we talking about? Crash course on anonymous communications Quick overview of Tor Usability, Security, and Humans Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 3 / 26

The Tor Project, Inc. 501(c)(3) non-profit organization dedicated to the research and development of technologies for online anonymity and privacy Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 4 / 26

What is anonymity? Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 5 / 26

Anonymity isn t cryptography Cryptography protects the contents in transit You still know who is talking to whom, how often, and how much data is sent. Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 6 / 26

Anonymity isn t steganography Attacker can tell Alice is talking to someone, how often, and how much data is sent. Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 7 / 26

Anonymity isn t just wishful thinking... You can t prove it was me! Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 8 / 26

Anonymity isn t just wishful thinking... You can t prove it was me! Promise you won t look Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 8 / 26

Anonymity isn t just wishful thinking... You can t prove it was me! Promise you won t look Promise you won t remember Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 8 / 26

Anonymity isn t just wishful thinking... You can t prove it was me! Promise you won t look Promise you won t remember Promise you won t tell Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 8 / 26

Anonymity isn t just wishful thinking... You can t prove it was me! Promise you won t look Promise you won t remember Promise you won t tell I didn t write my name on it! Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 8 / 26

Anonymity isn t just wishful thinking... You can t prove it was me! Promise you won t look Promise you won t remember Promise you won t tell I didn t write my name on it! Isn t the Internet already anonymous? Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 8 / 26

..since weak isn t anonymity. You can t prove it was me! Proof is a very strong word. Statistical analysis allows suspicion to become certainty. Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 9 / 26

..since weak isn t anonymity. Promise you won t look/remember/tell Will other parties have the abilities and incentives to keep these promises? Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 9 / 26

..since weak isn t anonymity. I didn t write my name on it! Not what we re talking about. Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 9 / 26

..since weak isn t anonymity. Isn t the Internet already anonymous? Nope! Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 9 / 26

Anonymous communication People have to hide in a crowd of other people ( anonymity loves company ) The goal of the system is to make all users look as similar as possible, to give a bigger crowd Hide who is communicating with whom Layered encryption and random delays hide correlation between input traffic and output traffic Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 10 / 26

What is Tor? Online anonymity software and network Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 11 / 26

What is Tor? Online anonymity software and network Open source, freely available (3-clause BSD license) Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 11 / 26

What is Tor? Online anonymity software and network Open source, freely available (3-clause BSD license) Active research environment: Rice, UMN, NSF, NRL, Drexel, Waterloo, Cambridge UK, Bamberg Germany, Boston Univ, Harvard, MIT, RPI, Georgia Tech Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 11 / 26

What is Tor? Online anonymity software and network Open source, freely available (3-clause BSD license) Active research environment: Rice, UMN, NSF, NRL, Drexel, Waterloo, Cambridge UK, Bamberg Germany, Boston Univ, Harvard, MIT, RPI, Georgia Tech Increasingly diverse toolset: Tor, Torbutton, Tor Browser Bundle, TAILS Anonymous Operating System, Tor Weather, GetTor, Thandy, Orbot, Tor Check, Arm, Torouter, Tor Cloud and more Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 11 / 26

What makes Tor different, part 1 Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 12 / 26

What makes Tor different, part 1 Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 12 / 26

What makes Tor different, part 1 Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 12 / 26

What makes Tor different, part 2 Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 13 / 26

What makes Tor different, part 2 Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 13 / 26

What makes Tor different, part 2 Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 13 / 26

Bridges versus relays A step forward in the blocking resistance race Bridge relays (or bridges for short) are Tor relays that aren t listed in the main Tor directory To use a bridge, you will need to locate one first (can be done using bridges.torproject.org, email, social media etc) A bridge will act as the first hop in the circuit Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 14 / 26

Hidden services Tor makes it possible for users to hide their locations while offering various kinds of services, such a website or an im server Using Tor rendezvous points, other Tor users can connect to these hidden services, each without knowing the other s network identity A hidden service will have an address that ends in.onion, e.g. http://duskgytldkxiuqc6.onion/ Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 15 / 26

Who uses Tor? Normal people Law Enforcement Human Rights Activists Business Execs Militaries Abuse Victims Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 16 / 26

estimated 300k to 800k daily users Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 17 / 26

How many people use Tor daily? Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 18 / 26

Tor users in China Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 19 / 26

Tor users in China Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 19 / 26

Tor users in Egypt Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 20 / 26

Tor users in Egypt Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 20 / 26

Tor users in Iran Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 21 / 26

Tor users in Iran Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 21 / 26

Anonymity, Usability, and Humans Allow the user to fully configure Tor rather than manually searching for and opening text files. Let users learn about the current state of their Tor connection, and configure or find out whether any of their applications are using it. Make alerts and error conditions visible to the user. Run on Windows, Linux, and OS X, on a normal consumer-level machine. Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 22 / 26

Time for a demo Demonstration of Tor Browser Bundle Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 23 / 26

Experience so far Our web site is confusing to users and not technical enough for researchers. Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 24 / 26

Experience so far Our web site is confusing to users and not technical enough for researchers. The quality of translations can vary. Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 24 / 26

Experience so far Our web site is confusing to users and not technical enough for researchers. The quality of translations can vary. Concepts of anonymity and its threats escape most users. I want my Youtube! I use tor to organize on facebook. Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 24 / 26

Experience so far Our web site is confusing to users and not technical enough for researchers. The quality of translations can vary. Concepts of anonymity and its threats escape most users. I want my Youtube! I use tor to organize on facebook. Cultural differences and their expectations of software, usability, anonymity, privacy, and what tor provides. Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 24 / 26

Experience so far Our web site is confusing to users and not technical enough for researchers. The quality of translations can vary. Concepts of anonymity and its threats escape most users. I want my Youtube! I use tor to organize on facebook. Cultural differences and their expectations of software, usability, anonymity, privacy, and what tor provides. Software leaks data all over the place. Stopping these leaks leads to unexpected user experiences. Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 24 / 26

Experience so far Our web site is confusing to users and not technical enough for researchers. The quality of translations can vary. Concepts of anonymity and its threats escape most users. I want my Youtube! I use tor to organize on facebook. Cultural differences and their expectations of software, usability, anonymity, privacy, and what tor provides. Software leaks data all over the place. Stopping these leaks leads to unexpected user experiences. Five years since we last dabbled in Usability. Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 24 / 26

Next steps and how you can help Test software. Provide feedback and suggest improvements. Help with development. Visit https://www.torproject.org/ for more information, links, and ideas. Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 25 / 26

Copyright who uses tor? http://www.flickr.com/photos/mattw/2336507468/siz, Matt Westervelt, CC-BY-SA. 500k, http: //www.flickr.com/photos/lukaskracic/334850378/sizes/l/, Luka Skracic, used with permission. Runa A. Sandvik runa@torproject.org () Anonymity, Usability, and Humans. Pick Two. 20 September 2011 26 / 26

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback