Previous post
Next post
If you’ve been paying attention here at VG, you know that we are following privacy and security trends in an effort to help you stay (or at least try to be) private on the internet. Our writers have personally tested several methods of online communication that claim to be “secure,” and sadly, many of them fail. Bruce Schneier, one of the foremost experts on privacy and security, has a fantastic article explaining what to look for when trying to determine whether a platform is worth using. He lists some warning signs that should be red flags to anyone checking out a new messaging platform. While his article was written in 1999, the warnings still ring true today. In fact, former hacker “Moxie Marlinspike” cited Schneier’s article in a recent review of Telegram, a platform for mobile messaging claiming “secure” capabilities that falls far short of its claims.
Also keep in mind that a team of researchers in Israel just announced the ability to crack 4096-bit RSA encryption keys by using a microphone to listen to the noises the computer’s internal components make during processing of encrypted text. They were able—after much trial and error–to finally break RSA encryption. If that’s not creepy enough,
They suggest it could also be packaged completely in software and sent out as malware, hacking encryption keys on infected devices and sending them back to the hacker.
In related news, it’s been revealed that Eldo Kim, the Harvard student who tried to get out of an exam by emailing in a bomb threat was using the anonymous Tor browser, which we’ve recommended several times. I mention it here because it’s important to note that Tor itself was not compromised. The FBI simply retrieved a list of all Harvard students using Tor, and went down the list one by one until they got to him. They used standard police techniques to get him to ‘fess up, and eventually he did just that. As Schneier points out, Tor didn’t break. Kim did. As long as you’re using the Tor Browser Bundle as intended (and preferably with a VPN and proxy), you’re still okay.
ALman says: I’m wondering, not wandering though I do that, too. If, as you say, the student was “using the anonymous Tor browser”, how was the FBI able to come up with a list of the Harvard students who use Tor?
Also, if I want do be heard to track, wouldn’t I want to use techy stuff that would enable me to “get lost int eh crowd” so to speak? This as opposed to using specialized software that fewer people use and, potentially, make one “stand out from the crowd” so to speak?
Obviously, from my questions, you discern that I’m not a techie. I do wonder about the typical users and how they can mazimize security and privacy without becoming one, a techie?
ALman,
The FBI knew that whoever sent the email threat was using Tor because the IP the email came from was a Tor exit node. They took the list of all students online at that time and matched them to Tor exit nodes, then went down the line until they got to him. Once they had him in their office, it was just a question of breaking him down.
What people have a hard time with is understanding that TOR itself did not fail. The thing is, he used it on the Harvard network, from his home laptop. That alone is stupid. For you or I, who really just want to be private, it’s not as big a deal (although I still use a VPN and proxies). For a moron who wants to do illegal things, using Tor from your home computer, on your college network, is just dumb. Had he gone to a Starbucks, used their wifi, etc., then he stood a chance.
As for using Tor anonymously, see my next article. 😉
2 Comments