New Live-CD/DVD release

Monday, March 3. 2014

A new release of of our live-cd/dvd is ready for download. Chnages in version 0.9.52:

  • JonDoBrowser:

    1. Updates for add-ons: no proxy exceptions are possible for security reasons.

    2. JonDoBrowser uses hunspell dictionaries for spellcheck.

  • Icedove:

    1. A patch of TorBirdy enforces the recommendations for "on_startup_login = false" and "download_on_biff = false" for new accounts. Because of a bug in Thunderbird/Icedove the default settings don't apply for new accounts.

    2. Fixed keyserver usage in Tor mode. SSL encryption for keyserver are enforced in general by GnuPG configuration of the live-cd. It is not possible to use Tor hidden HKP servers with this configuration. Now HKPS keyservers are used in Tor mode too.

    3. Removed all proxy exception in JonDo mode and Tor mode for security reasons.

  • Pre-configured Pidgin accounts:

    1. Added XMPP service of Calyx Institut.org (normal web and Tor hidden XMPP server).

    2. Removed dukgo XMPP service because of bad SSL encryption.

    3. Removed Wikileaks IRC because it was closed an anonop.us because it is down for a long time.

    4. To use pre-configured Tor hidden services you have to start Tor with Vidalia, it is independent of default proxy configuration you can choose on Pidgin startup.

  • You can select Tor hidden servers for Electrum Bitcoin client on startup.

  • Some small improvements for Italian localization.

  • Software updates for Jitsi, MAT, libgnutls-openssl27 libgnutls26 libgnutlsxx27 libmagic1, file

An update is recommended.

Android Remote Code Execution

Tuesday, February 25. 2014

For secure operating systems "remote code execution" is a serious bug, for Android it is a feature.

In the paper Execute This! (PDF) researchers of UC Sante Barabara (US) and University Bonn (Germany) analyzed the security implications of the ability to load additional code for execution from an external source by Android apps.

  • 32.5% out of 1,632 randomly selected apps in the Google Play store were loading code from extern servers after installation.

  • The code loaded from an extern server at runtime is not checked by the Bouncer of Google Play store and is not checked by any tested anti-virus app. An attacker may place a funny game in the Play store and load the malicious code at runtime from an own server.

  • More than 30.000 apps installed by more the ten millions of user load remote code in an insecure way. An attacker may use simple injection attacks to modify the download. It is not required to use an exploit to hack the smartphone.

No comment.

Kein No-Spy-Abkommen

Thursday, December 19. 2013

Es wird kein No-Spy-Abkommen geben, erklärte die US-Sicherheitsberaterin S. Rice bei Gesprächen in Berlin (Heise.de berichtete). Natürlich bekommt man kein No-Spy-Abkommen, wenn man die Chefetage der deutschen Geheimdienste als Verhandlungsführer losschickt. Seit wann können Bökke gärtnern?

Die Verhandlungen über ein Abkommen zur Verbesserung der geheimdienstlichen Kooperation zwischen BND/BfV und NSA werden aber fortgesetzt.

Datensammlungen sind kein Selbstzweck

Im Gegensatz zur Briefmarkensammlung, die in sich selbst einen ästhetischen Wert für den Besitzer hat, sind die die geheimdienstlichen Datensammlungen der n-spying-eyes kein Selbstzweck. Wirtschafts­spionage wird immer wieder als Ziel genannt, Beeinflussung politischer Entscheidungsprozesse ist offensichtlich oder die informations-logistische Unterstützung von Kriegen (z.B. in Afghanistan).

Diese konkreten Aufgaben rechtfertigen aber noch nicht die Sammlung aller menschlichen Kommunikationsdaten (General Keith Alexander: "Collect it all!") und den heimlichen Aufbau des "größten Überwachungssystem der menschlichen Geschichte" (Glenn Greewald).

In der klassischen Reglungstechnik ist das Datensammeln die Aufgabe der "Sensoren". Über eine Analyse­komponente ("Regler") wird mittels Einwirkung / Gegenwirken / Manipulation (realisiert durch "Aktoren") ein Sollwert stabilisiert.

Manipuliertes Dingsbums

Unterschwellig ahnen wir, dass es auch gesellschaftlich die Einwirk-Komponenten ("Aktoren") bereits gibt, kaum sichtbar wie die "Sensoren" in der Ära vor Snowden. Teile der Medien gehören zweifellos dazu, die Identifikation und Beeinflussung von Key-Accounts auf vielen gesellschaftspolitischen Ebenen...

Während uns in in einer Demokratiesimulation alle vier Jahre vorgegaukelt wird, wir hätten eine Wahl (in Wirklichkeit werden nur ein paar Regierungspöstchen neu besetzt), rollt der Zug in eine andere Richtung, in eine "postdemokratische Überwachungs- und Kontrollgesellschaft". (The Logic of Surveillance)

Kryptografie allein wird uns nicht retten. Nur die Verschlüsselung von E-Mails und die Anwendung weiterer Methoden des Digitalen Aikido, die auf Crypto-Partys vermittelt werden. reichen nicht aus, um eine neue Fahrkarte zu lösen. Noam Chomsky formulierte eine wichtigere Aufgabe:

... die Bürger demokratischer Gesellschaften sollten Kurse für geistige Selbstverteidigung besuchen, um sich gegen Manipulation und Kontrolle wehren zu können...

SSL certificate checks

Sunday, December 15. 2013

The danger of man-in-the-middle-attacks with fraudulent SSL certificates not only theoretical but real. Two weeks ago criminals attacked the user of BitcoinTalk to get login credentials with a man-in-the-middle-attack on SSL connections.

Gouvernment agencies are able to use valid SSL certificates for man-in-the-middle-attacks (see: Certified Lies - Detecting and Defeating Government Interception Attacks against SSL PDF, EFF.org, 2009). Suppliers of plug-and-play ready black boxes for "Lawful SSL Interception" you may find by browsing the SpyFiles of Wikileaks (e.g. ClearTrail, Indian company). The ISS world 2014 in Dubai will present the latest technologies in Track 4: Encrypted Traffic Monitoring and IT Intrusion.

Additional SSL certificate checks in JonDoFox

With JonDoFox 2.9.0 / JonDoBrowser 0.12 we modified the additional checks of SSL certificates. In order to provide better protection you may use the SSL observatory of EFF.org or you may use Certificate Patrol with a local database.

Settings Header

...

JonDoFox settings
  1. SSL observatory of EFF.org

    You may use the SSL observatory of Electronic Frontier Foundation (EFF.org). In this case the certificate fingerprint and domain name of SSL encrypted websites will be send to the observatory an compared with the certificates sent by other users. The large database of worldwide collected certificates is the advantage of this solution. You will get a warning, if something goes wrong with your certificate.

    warning about wrong SSL certificates

    By default the SSL observatory is only used together with JonDo. You may change the settings by self to match your individual requirements.

  2. Certificate Patrol

    Alternatively you may use the Certificate Patrol feature of JonDoFox. In this case a local database is used to store all websites visited via HTTPS together with some information about the SSL certificate. You will get an warning, if the certificate changes unexpected for later visits.

    2. warning about wrong SSL certificates

    You may have a look at the certificate change and may accept it or not. (It's up to you to decide.)

    changes of SSL certificate

    The example shows a strong warning. The certification authority switched to Verisign (VeriSign NetDiscovery is working since 2002 in assistance for law enforcement) and the old certificate was valid for a long time but it was replaced unexpected. Both features are strong indications for a man-in-the-middle-attack but not a prove. You may have a look on the website, if a new SSL certificate was announced or you may ask the webmaster.

    By using Certificate Patrol a third party has no means to get that saved data.

The Hidden Operating System...

Thursday, December 5. 2013
... in your Smartphone

Every smartphone or other device with mobile communications capability (e.g. 3G or LTE) actually runs not only the end-users operating systems (Android, iOS, PalmOS). Aside from the end-users operating system, it also runs a small hidden operating system that manages everything related to radio. Because of highly timing-dependent functionality, a real-time operating system is required. Qualcomm is the leader with 72% market share of AMSS.

This hidden operating system is closed source, stored in firmware, and runs on the baseband processor. The baseband processor is usually the master in your smartphone with full control over all hardware like microphone an camera, whereas the application processor (which runs the Linux kernel and end-users operating system) is the slave.

The closed software of the hidden operating system is poorly understood and poorly documented and not secure, as there's no proper peer review. The standards that govern how the baseband processors work were designed with a '90s attitude towards security. Each security analysis required a reverse engineering of the closed software. Some research results were published in the last years:

  • Security researcher Ralf-Philipp Weinmann presented a remote code execution attack with only 73 bytes on the DeepSec 2010. He opened a backdoor on Androids and iPhones and activated the microphones remotely: All Your Baseband Are Belong To Us.

  • In 2013 Weinmann presented an improved attack Hexagon challenges at PacSec.

  • A telecommunications security research group at the Technical University of Berlin was able to hack phones and block calls and texts intended for nearby people connected to the same cellular network. They demonstrated the usage of very less hardware requirements and used only smartphones for the attack. It was presented on 22nd USENIX Security Symposium: firmware tweak block subscriber.

Law enforcement agencies may have access to the hidden operating system too (by exploit or backdoor?). In 2006 the FBI turned the phones of the mafia bosses Ardito und Peluso into spying bugs by activating the microphones remotely. This was 4 years before the presentation of first civil research results about baseband hacking by Weinmann.

... in your Car

As of Oct. 2015 all new cars in EU have to be equipped with an eCall system. This small "mobile phone" will send automated emergency calls in case of crashes to alert first aid emergency services more quickly.

Privacy advocates are alarmed about this. All location tracking services for mobile phones will work for cars too in a near future?

  • The EU data retention law may force mobile communication providers to keep the location data for each smartphone for 6 month and more. This will affect cars with eCall systems too?

  • The NSA is tracking cellphone locations worldwide. Not only cellphones but cars too in future?

  • Silent SMS may locate cars very exactly without applying a GPS tracking modul.

  • .... and more

Privacy advocates of the EU parliament asked for clear usage restriction of location data of eCall systems only for location of crashes. (Why can't I calm down by reading this?)

A Right to Privacy

Friday, November 22. 2013

A Brazilian and German UN initiative seeks to apply the right to privacy in the International Covenant on Civil and Political Rights (ICCPR), to online communications. All states are called "to respect and protect the right to privacy". Violations should be outlined like human rights violations. A final version of the text was scheduled to be presented to U.N. members on Wednesday evening and the resolution is expected to be adopted next week.

Publicly, U.S. representatives say they're open to an affirmation of privacy rights. But a confidential paper highlighting American objectives in the negotiations, Right to Privacy in the Digital Age -- U.S. Redlines.

  1. Clarify that references to privacy rights are referring explicitly to States’ obligations under ICCPR and remove suggestion that such obligations apply extra-territorially.

  2. Clarify that the focus of the resolution is on "unlawful" or "illegal" surveillance and interception of communications.

    (For an example: §215 US PATRIOT Act supports a "sensitive collection program" targeting large numbers of Americans - it has to be ok.)

  3. Clarify that violations of privacy rights to not necessarily violate freedom of expression.

If privacy in online communications became a human rights status it will not stop espionage. But US government's wants to be able to say "we haven't broken the law and our constitution, we're not breaking the law and our constitution, and we won't break ....".

JonDoFox user agent

Friday, November 8. 2013

With release version 2.8.0. of JonDoFox we changed the definition of the anonymity group of JonDonym users. A Firefox 24 (Linux, i686) is now used to fake the user agent of JonDoFox browser. Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0

Reasons for the change are:

  • Because of analysis of publications of real world browser fingerprinting some old assumptions were corrected.

  • We don't want to use a fake of a Windows browser any more. It is a little bit obscurity (not security).

The new fake is only full plausible if you were using a Firefox 24esr. Firefox 17esr and Firefox 24esr have small differences in Javascript values, which may be used for browser fingerprinting. Javascript is blocked by default in JonDoFox, but time by time it will be enabled. We recommend an update to Firefox 24esr for all JonDoFox users.

Full set user agent fake parameters for do-it-by-self men:

general.useragent.overrideMozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0
general.appname.overrideNetscape
general.appversion.override5.0 (X11)
general.buildID.override0
general.oscpu.overrideLinux i686
general.platform.overrideLinux i686
general.productsub.override20100101
general.useragent.vendor 
general.useragent.vendorSub 
intl.accept_languagesen-US,en
network.http.accept.defaulttext/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Release of JonDoBrowser 0.11 beta (based on Firefox 24.1.0) is sheduled for Monday. The new live-cd will follow 2 days later.

5,9,14...41

Tuesday, November 5. 2013

New documents provided by Snowden/Greenwald show the elite of nations collaborating with the NSA.

  • The "five spying eyes" are the well known inner circle of USA, Great Britain, Canada, Australia and New Zeeland, based on the UKUSA agreement.

  • First level friends are Denmark, Netherlands, Norway and France. Together with the inner circle we have to talk about "The 9 spying eyes".

  • Second level friends are Germany, Belgium, Italy, Spain and Sweden. (It is little bit strange to call Sweden a second level friend, because the FRA is spying for the NATO. 70% of international Internet traffic of Russia is routed over Sweden and scanned by FRA for spying purposes in cooperation with NSA.)

  • Third level friends are all cooperating intelligence services in Middle East and Afghanistan, 41 countries at all.

Germany has long protested at its exclusion from 9-Eyes and were a little grumpy at not being invited to join the group. Now, using the scandal following the disclosure of Merkels phone tap, the German intelligence service want to became a part of the inner circle. Official it is called "No-spy-agreement", but such an agreement covered by a second secret cooperation agreement forms the basis for entering the inner circle. The partners of the inner circle have to collect large scale of information, pre-processing and send relevant results to the NSA/GCHQ data pool. In this case NSA and GCHQ may stop or reduce the spying in Germany.

Some German politicians are ready to go this way. By an internal paper of CDU/CSU (link only in German) the surveillance of Internet should be extended in NSA-style. German intelligence services should be improved to watch directly at Internet exchange nodes like DE-CIX.

Thunderbird 24.1 and TorBirdy

Tuesday, November 5. 2013

If you were running Thunderbird 24.1 with TorBirdy you have to update to TorBirdy 1.2 (strongly recommended). This version is not available on the Mozilla add-on website at the moment but it is reviewed by Mozilla and will be published soon. At the moment you have to download torbirdy-current.xpi and install it by hand. Install instructions you may find in our online help: Configuration of Mozilla Thunderbird.

For all other user of TorBirdy an update is encouraged too.

Cookieless Cookie Fake Test

Thursday, October 24. 2013

Last time we got some hints about a cookieless cookie test. Some JonDonym user were afraid of being tracked by the test with ETags and want to know our opinion about the Firefox add-on Self-Destructing Cookies, which is promoted on the website.

At short: it is a fake test and the add-on Self-Destructing Cookies is more or less useless.

The Cookieless Cookie Test

On the test page you can find a short description. The author claims, that he don't use Cookies, Javascript, LocalStorage, Flash, Java or other plugins, the IP address, user agent string or any methods employed by Panopticlick. He claims, that he uses only ETags from browser cache for the tracking demonstration.

Let's make a test. I used JonDoFox+JonDo and open the page: Number of visits: 1
Stored text: <empty>

Ok - let's reload the page: Number of visits: 2
Stored text: <empty>

I stored a small text and click the "Store" button: Number of visits: 3
Stored text: <my text>

I closed JonDoFox, open it again and load the test page: Number of visits: 4
Stored text: <my text>

What a fuck! You want to tell me, you can track a JonDoFox by using ETags? Bullshit! Let's make an moose accident test and change the IP address. The author claims, that he don't use the IP address but only ETags from browser cache. I switched the mix cascade and reload the test with a new IP address, without browser restart and without clearing the cache. If it was possible for the test to track my browser I have to see "5" visits and my text, but I got: Number of visits: 2
Stored text: <empty>

Ok - after some more test and logging the HTTP header it was clear. The test uses the IP address for session tracking and the user agent but not ETags. If an ETag was sent or not didn't affect the test result. The claims of the author are lies, it is a fake test.

Firefox add-on "Self-Destructing Cookies"

The main goal of cookieless cookie test is the promotion of the Firefox add-on Self-Destructing Cookies. It should protect you from tracking by cookiesless cookies. To test the add-on I created a fresh Firefox profil, made a try to install the add-on and got an error message: "not for your operating system". Fuck! But I found a laptop with a supported operating system and installed the add-on for a test.

  1. At first I tested the add-on with our Anonymity Test. The add-on works like expected. It removes cookies and ETags if Firefox was closed or if the browser tab was closed. It doesn't protect the surfer from third-party tracking with ETags.

    Firefox offers same protection by default without add-ons. You may delete cookies and ETags at shutdown by configuration settings and you can delete cookies and ETags during websurfing by hit CTRL-SHIFT-DEL. It is not required to close the browser tab.

    JonDoFox and JonDoBrowser offer much better protection against tracking with ETags.

  2. Afterwards I tested the add-on with the cookieless cookie test page. For my first visit I got: Number of visits: 1
    Stored text: <empty>

    After reload the page I got: Number of visits: 1
    Stored text: <empty>

    Reload ... reload ... reload: Number of visits: 1
    Stored text: <empty>

    This result is very strange, because the add-on doesn't protect against tracking with ETags, if you don't close the browser tab. To be sure I logged the HTTP header. The HTTP request sent by the browser for a tracking image was: GET http://lucb1e.com/rp/cookielesscookies/etags.jpg HTTP/1.1 Host: lucb1e.com
    User-Agent: ....
    ... Referer: http://lucb1e.com/rp/cookielesscookies/
    Connection: keep-alive
    If-Modified-Since: Sat, 17 Aug 2013 16:37:37 GMT
    If-None-Match: "6185-4e427532a9640"
    Cache-Control: max-age=0

    The webserver responded with: HTTP/1.0 304 Not Modified
    Date: Wed, 23 Oct 2013 21:05:44 GMT
    Server: Apache
    ETag: "6185-4e427532a9640"
    X-Cache: MISS from none
    Connection: keep-alive
    Proxy-Connection: keep-alive

    Ok - an ETag was send back to the server and the server recognized the ETag - no tracking protection in case. The Test page shows a wrong fake result. It seems, the test page can detect the installed add-on and show a wrong, fake result in this case.

It may be interesting to check the code of the add-on. Why was it not possible to implement a portable solution running on all operating systems for this simple task done by the add-on? I don't have time for fun, but if someone else will have a look at the code...

Information leaks by search plug-ins

Friday, October 18. 2013

If you were using the JonDoFox profile for Firefox you will find search plug-ins installed by default and search plug-ins installed by JonDoFox in the list of search engines:

search plug-ins

The search plug-ins installed by default are not very privacy-friendly and may leak information about the used browser and/or operating system. It is possible to discover the user-agent send by JonDoFox as a fake and use minor differences to discriminate between JonDonym users. Some examples of search URLs by using default installed plug-ins:

Google (Windows, Ubuntu, FreeBSD):

https://www.google.de/search?q=<word>....&rls=org.mozilla:de:official....

https://www.google.de/search?client=ubuntu&q=a<word>....

https://www.google.nl/search?q=<word>....&rls=org.mozilla:en-US:unofficial....

DuckDuckGo (Ubuntu, FreeBSD):

https://duckduckgo.com/?q=<word>&t=canonical

https://duckduckgo.com/?q=<word>&t=freebsd

Amazon (Windows, Ubuntu, FreeBSD):

http://www.amazon.de/s?ie=UTF8&field-keywords=<word>....&tag=firefox-de-21

http://www.amazon.com/s?ie=UTF8&field-keywords=<word>....&tag=wwwcanoniccom-20

http://www.amazon.com/s?ie=UTF8&field-keywords=<word>....&tag=mozilla-20

Conclusion: Do NOT use the search engines installed by default but use the JonDoFox search plug-ins. You may disable unwanted search plug-ins by "manage search engines" dialog.

manage search plugins

New NSA Datacenter online

Saturday, September 28. 2013

A year ago the whistleblower W. Binney published information about the planned new NSA datacenter in Bluffdale (Utah). This datacenter will be the largest NSA datacenter worldwide and it will be at first a bottomless storage. Among other data it will store all Google searches, alle GMail email and all chats forever. By an article of the newspaper Salt Lake Tribune this new datacenter is (partially) online now.

In Germany the NSA builds a new Consolidated Intelligence Centers for $124 Mio. in Wiesbaden-Erbenheim (US-army headquarters). The first information about the new NSA spying center in Germany was leaked by Snowden and is now confirmed by the NSA partner German Federal Intelligence Service (BND).

Geheimdienste außer Kontrolle

Monday, September 16. 2013

Die Enthüllungen von Snowden/Greenwald zeigen vor allem, dass die Geheimdienste außer Kontrolle geraten sind. Das betrifft nicht nur NSA und GCHQ, die im Mittelpunkt stehen, sondern auch die deutschen Geheimdienste. Die parlamentarische Kontrolle funktioniert nicht oder hat nie funktioniert. Die Diskussion über Details der Veröffentlichungen sollte das Wesentliche nicht verdrängen.

  • Hr. Steinmeier (SPD) hat als Geheimdienstkoordinator von Ex-Kanzler Schröder ein Kooperations­abkommen zwischen BND/BfV und NSA unterzeichnet, das Deutschland zu dem am stärksten überwachte Land in Europa gemacht hat. Die zuständigen Kontroll­gremien wurden davon nicht informiert.

  • Während die NSA monatlich 500 Mio. Datensätze in Deutschland mit Unterstützung von BND, MAD und Verfassungs­schutz abschnorchelt, erzählt der amtierende Geheimdienstkoordinator Pofalla der Parlamentarischen Kontroll­kommision (PKG), dass im gesamten Jahr 2012 nur 2 Datensätze (in Worten: ZWEI) an die NSA übergeben worden sein sollen.

  • Im Rahmen von "Project 6" betreiben BND und Verfassungsschutz zusammen mit der CIA Datensammlungen auch über deutsche Bürger. Die zuständigen Kontroll­gremien sind über diese Kooperation nicht informiert. Es gibt keine unabhängige Prüfung, ob die Daten­sammlungen mit deutschen Gesetzen vereinbar sind.

  • Der Verfassungsschutz testet das Analyse- und Spionagetool "XKeyscore" und hat sich verpflichtet, als Gegenleistung für die kostenlose Überlassung der Software alle daraus gewonnen Erkenntnisse mit der NSA zu teilen. Die Beschreibung der Features von "XKeyscore" in den von Snowden und Greenwald veröffentlichten Folien zeigt, das der Einsatz des Programms nicht mit Rechts­sprechung des Bundes­verfassungs­gerichtes vereinbar ist.

  • Während deutsche Manager sich immer wieder wundern, das amerikanische Konkurrenten über Technologien verfügen, die in Deutschland entwickelt wurden, behauptet der Verfassungsschutz, dass es keine Wirtschaft­spionage der USA oder Großbritanniens gegen deutsche Unternehmen gäbe. Dem Verfassungsschutz wäre kein einziger Fall bekannt. Eine einfache Suche im Internet widerlegt diese Behauptung. Dem Verfassungsschutz ist auch nicht bekannt, dass der GCHQ für Wirtschaftsspionage zuständig ist und dafür Analysten mit mit Sprach­kennt­nis­sen insbesondere in fran­zö­sisch, ita­lie­nisch, spa­nisch – und deutsch sucht(e).

    Ein anonymer Mitarbeiter des Verfassungsschutz sagte bereits 1998 in der Sendung PlusMinus des WDR:

    Mir sind über 50 solcher Fälle von Wirtschaftsspionage bekannt. Wenn wir auf solche Aktivitäten stoßen, werden wir von unseren Vorgesetzten zurückgepfiffen. Wir dürfen unsere Erkenntnisse meist weder an den Staatsanwalt noch an die betroffenen Firmen weitergeben. Aus Rücksicht auf unsere Verbündeten.

    Statt dessen warnt der Verfassungsschutz seit Jahren regelmäßig vor Wirtschaftsspionage aus China und Russland. Das ist trivial und wenig originell, dafür brauchen wir keinen Geheimdienst.

  • Entgegen der offiziellen Linie der Bundesregierung beteiligt(e) sich der BND an dem Überfall der USA auf den Irak und mischt sich im Bürgerkrieg in Syrien aktiv ein. Obwohl die Regierung Schröder offiziell behauptete, sich nicht am Irak Krieg zu beteiligen, lieferte der BND wichtige Geheimdienst­informationen und war an der Markierung von Zielen beteiligt. In Syrien liefert der BND Informationen über Truppenbewegungen der syrischen Armee and die USA, die an die "Rebellen" weitergegeben werden.

    Ein BND-Mitarbeiter sagte stolz gegenüber der Bild-Zeitung:

    Wir können stolz darauf sein, welch wichtigen Beitrag wir zum Sturz des Assad-Regimes leisten.

Schlussfolgerung: Es bestehen erhebliche Zweifel, dass die Geheimdienste im Rahmen ihrer Arbeit die Verfassung und geltende Rechts­sprechung respektieren. Die amtierende politische Elite ist jedoch nicht bereit, aus dieser Erkenntnis die notwendigen Schlussfolgerungen abzuleiten. Innenminister Friedrich (CDU/CSU), der mit einem selbst kreierten "Supergrundrecht Sicherheit" die verfassungs­mäßigen Schutzrechte der Bürger aushebeln möchte, versuchte inzwischen mehrfach die Snowden-Affäre für beendet zu erklären. Bezeichnend sind die Nicht-Antworten der Bundesregierung auf Fragen der Abgeordneten des Bundestages.

Geheimdienste sind nicht sakrosankt

Die Humanistische Union fordert seit Jahren die Auflösung des Verfassungsschutz und wird dabei von anderen zivil-gesellschaftlichen Organisationen unterstützt. Nach Ansicht von W. Ridder, der 20 Jahre für den Verfassungs­schutz gearbeitet hat, habe der Inlands­geheim­dienst nicht einen einzigen Terroranschlag verhindern können und mit Ausnahme des Mordfalls Buback auch nie zur Aufklärung beigetragen (Verfassung ohne Schutz). Trauriger Höhepunkt ist die systematische Aktenvernichtung in mehreren Ämtern des Verfassungsschutz in der NSU-Affäre. Statt dessen hat Verfassungs­schutz mit dem V-Leute System schwerkriminelle, rechts­extreme Straf­täter vor Straf­verfolgung geschützt (z.B. den Neonazi S. Seemann, Gründer des "Blood and Honour" Netzwerk). Das ist der Polizei seit Jahren bekannt. Durch die Finanzierung der Gründung von Terror­gruppen wie Melvüt Kar (Sauerland und zwei weitere Terrorgruppen) oder Irfan P. (GIMF, Globale Islamische Medienfront) wurde eine latente Strategie der Spannung geschaffen, um neue Sicherheitsgesetze durchzudrücken, die dann gegen politische Aktivisten angewendet werden (z.B. Dr. Rolf Gössner, a.i.d.a., Gegner von Stuttgard21 u.a.m.)

Die vom Bundestag eingesetzte Expertenkommission zur Evaluierung der Anti-Terror-Gesetze empfiehlt in ihrem Abschlussbericht die Auflösung des MAD.

Die Landtagsfraktionen der PiratenPartei in Saarland, NRW, Schleswig-Holstein und Berlin fordern in einer gemeinsamen Erklärung die ersatzlose Auflösung der Geheimdienste:

Die Piratenfraktionen wollen die Geheimdienste in Bund und Ländern abschaffen. Die geheimdienstlichen Aufgaben sollen keiner anderen Organisation übertragen werden. Auf dem Weg dorthin wollen wir die Kontrolle der Dienste stark ausbauen und deren Kompetenzen zurückfahren. Unsere Auffassung einer freien und demokratischen Gesellschaft ist mit der Existenz von Geheimdiensten nicht vereinbar.

Der CCC fordert die Abschaffung der Geheimdienste, eine strafrechtliche Verfolgung aller Täter und Nutznießer der ausufernden Überwachung und die Kündigung des "Safe Harbor" Feigenblatt Abkommens mit den USA zur Wieder­einführung von Grund­rechten und Rechtsstaatlichkeit.

Tor botnet?

Friday, August 30. 2013

In the last days the metrics of TorProject.org register a drastically growing number of Tor clients connecting to the network. It started on August 19. (two days before the chemical attack in Syria) and is going on at the moment. Over ten days the number of Tor clients increase from 500,000 up to 1,400,000.

Tor User

At the same time the performance of the Tor network was not affected. May be, the new clients don't use much traffic or the traffic reserve of Tor is larger than expected. The Tor network itself seems not to be the target of a DDoS.

Tor User

A visualizations created by C. Anderson shows great gains over 91 countries. Local censorship or other events make little sense for explanation. The only country that didn't gain was Israel, as R. Dingledine pointed out: "...that will keep the bellies of conspiracy theorists full for months...". The Tor community is in discussion about the reasons. Mike Perry wrote a small aggregation on the OR talk mailing list:

We seem to have three competing hypotheses, sorted in order of decreasing prior probabilities:

1. Botnet (Totally not run from Israel, we swear)

2. Pirate Browser ( & PLUR guys, but get with the program: Src+Gitian FTW)

3. Censorship/sudden unrest (sudden+globally coordinated? Seems unlikely)

There are many use cases of such a botnet for criminals. But a botnet of this size may be enough to take down the communication of a small country partially. This was demontrated by North Korean hacker unit Lab 110 in June 2009. It uses a botnet with less than 200.000 computers to attack South Korean communication networks. During the Georgian-Russian war in 2008 Georgia was disconnected from Internet by botnet attacks in combination with other cyberwar attacks.

Without further investigation everything is only conspiracy theory. But it will be interesting to see, what's going on next days.

(By the way: comments are closed because of spamming. Please use our forum for discussion.)

New Mix Operator

Thursday, August 29. 2013

We added 3620Systems, LLC to our list of verified mix operators. 3620Systems is located in Rochester, NY (USA). At the moment a test cascade with a first mix is running together with JonDos GmbH.

Small statement of M. Israel (CEO of 3620Systems, LLC) about his intention to join JonDonym:

Politically I follow the Pirate Party and hold the stance that information should be free, and I support the efforts of Wikileaks to make sure that information remains free.

In the last time some user of JonDonym recommended the exclusion of all US and British mix operators because of the PRISM leak of E. Snowden. We don't follow this opinion.

E. Snowden published documents about one espionage complex. The NSA in partnership with GCHQ, DSD, CSEC, GCSB and associated partners like German BND are the largest known espionage complex of the world. But there other intelligence services with vast espionage activities like FRA (Sweden), SSSI (Russia), Mossad (Israel) and more.

We can't see a border between "bad" and "good" nations but only between spying agencies and privacy activists. We don't have any reason to distrust our mix operators.