Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Tor Researchers' Tool Aims To Map Out Internet Censorship

Unknown Lamer posted more than 2 years ago | from the developers-mysteriously-disappear-during-senate-csipa-vote dept.

Censorship 71

Sparrowvsrevolution writes "Tor developers Arturo Filasto and Jacob Appelbaum have released OONI-probe, an open-source software tool designed to be installed on any PC and run to collect data about local meddling with the computer's network connections, whether it be website blocking, surveillance or selective bandwidth slowdowns. Unlike other censorship tracking projects like HerdictWeb or the Open Net Initiative, OONI will allow anyone to run the testing application and share their results publicly. The tool has already been used to expose censorship by T-Mobile of its prepaid phones' browser and also by the Palestinian Authority, which was found to be blocking opposition websites. The minister responsible for the Palestinian censorship was forced to resign last week."

cancel ×

71 comments

Sorry! There are no comments related to the filter you selected.

Risk? (3, Insightful)

ohnocitizen (1951674) | more than 2 years ago | (#39854097)

What are the risks for anyone found running OONI-probe in a surveillance heavy country?

Re:Risk? (5, Insightful)

filthpickle (1199927) | more than 2 years ago | (#39854137)

up to and including death.

Re:Risk? (3, Insightful)

Anonymous Coward | more than 2 years ago | (#39854247)

Such a coddled, uncreative human being you must be, to think that 'death' is the ultimate punishment.

Re:Risk? (0)

Anonymous Coward | more than 2 years ago | (#39854371)

Strictly speaking, they only said death is an upper bound on this punishment, not on all possible punishments. (AC since it's OT anyway.)

Re:Risk? (0)

Anonymous Coward | more than 2 years ago | (#39855697)

But it is.

Anything short of death has the potential to be recovered from. You or your loved ones may be scarred, amputated, and/or psychologically broken, but so long as no death has occurred there is potential for recovery. It's not being coddled or uncreative but rather being prudent and logical. Death is the only hardship mankind has not triumphed over.

Re:Risk? (0)

Anonymous Coward | more than 2 years ago | (#39855845)

Since you're being like that and talking about 'mankind' rather than just a man... Reproduction I think qualifies as triumph over death.

Re:Risk? (0)

Anonymous Coward | more than 2 years ago | (#39855925)

> Reproduction I think qualifies as triumph over death

Not in the least, because I was not talking about the species but the individual. By mankind I meant the various individuals across the globe that have overcome torture and victimization in general, not the sum of mankind. (example:"mankind has harnessed the power of the atom", or "mankind has has walked on the moon." Clearly this is not implying every human has walked on the moon or built a backyard breeder reactor.)

My point was that the only level of victimization that is absolutely unrecoverable is death. Many people have been victimized and recovered from it. People recover from seeing their families executed in front of them, they recover from having fingers cut off in POW camps, and they recover from being burned by acid. No, not all victims will recover, but unless they are dead they still have the opportunity.

Re:Risk? (0)

Anonymous Coward | more than 2 years ago | (#39856181)

Enslavement trumps reproduction on some level.

Re:Risk? (0)

Anonymous Coward | more than 2 years ago | (#39855595)

yup

Re:Risk? (1)

AHuxley (892839) | more than 2 years ago | (#39854257)

Depends on who you upset and where. A large truck might hit you. You might suffer a home invasion and a quick death.
You might suffer a home invasion and a long "cult" death. Day, weeks, months under anti terror questioning and dumped, never to be found or left just outside your family home.
Or you might just have tax, gun, medical or possession problems that fit your 'lifestyle' become legal issues. Or you just drop dead walking home one night ....

Re:Risk? (5, Insightful)

LordLucless (582312) | more than 2 years ago | (#39854279)

If you're in such a country, you don't need OONI - you know you're already censored.

This looks to be more a tool against those regimes that claim to be open and against censorship, by pulling aside the curtain and revealing the reality - as, according to TFA, has already happened in Palestine.

Re:Risk? (4, Informative)

Taco Cowboy (5327) | more than 2 years ago | (#39854563)

If you're in such a country, you don't need OONI - you know you're already censored.

WRONG !

OONI still comes handy even if you stay in countries run by authoritarian / totalitarian / bastard governments

With OONI you can identify _which_ sites they have censored, and you can use OONI to share THAT information to the world

Re:Risk? (0)

Anonymous Coward | more than 2 years ago | (#39855745)

There have been many organizations, many companies that cliam to collect data for the good. What ELSE are they collecting about you and what are they doing with that data?

How do they make their profits?

Re:Risk? (1)

pipatron (966506) | more than 2 years ago | (#39856673)

They don't make any profits, it's a non-profit [torproject.org] ; they are not allowed to.

It is likely that all this code is free and open software, as is everything else they have released. This makes it difficult to hide their intentions. I have not verified this since the website seemed to be slashdotted.

Re:Risk? (1)

lloydsmart (962848) | more than 2 years ago | (#39855409)

those regimes that claim to be open and against censorship, by pulling aside the curtain and revealing the reality

Like the UK, for example.

Re:Risk? (1)

Anonymous Coward | more than 2 years ago | (#39859837)

This looks to be more a tool against those regimes that claim to be open and against censorship

Regimes? Heck, I have Comcast as my ISP. I can't wait to try out this tool!

Re:Risk? (2)

girlintraining (1395911) | more than 2 years ago | (#39854307)

What are the risks for anyone found running OONI-probe in a surveillance heavy country?

If they board the ship, they'll rape us, kill us, and sew our skin into their clothing. And if we're very, very lucky, they'll do it in that order.

Re:Risk? (0)

Anonymous Coward | more than 2 years ago | (#39854463)

rape us to death*

Re:Risk? (1)

retchdog (1319261) | more than 2 years ago | (#39854631)

that quote has always bugged me. i'd rather be killed first and then raped and then sewn into their clothing; that would be much better. the only other alternative, being sewn into the clothing and then raped and then killed seems only slightly worse than the so-called "very, very lucky" scenario.

maybe zoe had a reaver fetish.

Risk Analysis, Firefly style (1)

TiggertheMad (556308) | more than 2 years ago | (#39854733)

that quote has always bugged me. i'd rather be killed first and then raped and then sewn into their clothing; that would be much better. the only other alternative, being sewn into the clothing and then raped and then killed seems only slightly worse than the so-called "very, very lucky" scenario.

We can analyze this using a 'truth table' approach..

1st 2nd 3rd Conclusion
1) Kill Rape Sew Bad
2) Kill Sew Rape Bad
3) Rape Kill Sew Bad+
4) Rape Sew Kill Bad++
5) Sew Kill Rape Bad+
6) Sew Rape Kill Bad++

The question is, which is worse, option 4 or option 6? This will of course vary, depending on what kind of seamstresses the Reavers are. Clearly it will not be pleasant.

A deeper and more interesting question is, what is the nature of 'Reaver Space'? If the zone of space they inhabit is a spherical shell, then I can understand why Mal flies near Reaver space, he has no choice. It is a min-max game between the Alliance core and the spherical shell of Reavers that lurk outside that zone, where he keeps maximum distance between both groups. However, in the movie, they indicate that there is a central location that the Reavers originated from. If that is the case, why doesn't he just fly to the other end of known space where there are no Reavers?

Re:Risk Analysis, Firefly style (1)

retchdog (1319261) | more than 2 years ago | (#39854791)

the min-max thing is not inconsistent with central reaver space. serenity, being a pirate transport, has to serve backwater planets to make $. reavers may harass indie ships while being smart enough not to attack alliance. after all, why is the alliance still conducting military ops after re-unification? there are no aliens, so it seems reasonable they are suppressing reavers, not out of any concern, but to suppress the truth.

of course, the real reason for reaver space is that the movie had to compress several seasons of plot into two hours, hence the partially inconsistent retconned reaver origins and mr. universe.

Re:Risk? (1)

Gonoff (88518) | more than 2 years ago | (#39855573)

In the UK, one of the things that can happen is you commit suicide.

Re:Risk? (0)

Anonymous Coward | more than 2 years ago | (#39857135)

You mean like the USA, Canada, UK and Australia?

Bitch-ass Titty Jiggles! (-1)

Anonymous Coward | more than 2 years ago | (#39854127)

Censor the censors!

Pertinent (5, Interesting)

djnanite (1979686) | more than 2 years ago | (#39854131)

Especially in light of the UK's recent decision to block The Pirate Bay.

I wonder what the legal recourse would be if this tool found the government in your respective 'free' democratic country was blocking sites for political reasons...? Could anyone sue the UK government if they were found to be blocking sites without providing a genuine legal reason for doing so?

Re:Pertinent (1, Flamebait)

girlintraining (1395911) | more than 2 years ago | (#39854245)

Could anyone sue the UK government if they were found to be blocking sites without providing a genuine legal reason for doing so?

A government is just a group of people, notably ungoverned. You can't really sue the government. I mean, you can, but only if they allow you to. So really, when you can sue the government and it isn't just dismissed or you, your family, and everyone you ever knew disappear in a 'boating accident', the government is acknowledging that it hasn't been paid enough from Peter to rob Paul. If Peter pays a higher percentage, then Peter can rob Paul and Paul will not be able to sue the government.

Remember: All laws advantage one group while disadvantaging another.

Re:Pertinent (1)

Black Parrot (19622) | more than 2 years ago | (#39854643)

Remember: All laws advantage one group while disadvantaging another.

Can we call that girlintraining's Law?

Re:Pertinent (1)

girlintraining (1395911) | more than 2 years ago | (#39856263)

Can we call that girlintraining's Law?

Not if you want to keep both your arms.

Re:Pertinent (0)

Anonymous Coward | more than 2 years ago | (#39858841)

Can we call that girlintraining's Law?

Not if you want to keep both your arms.

Let the wookie win.

Re:Pertinent (0)

Anonymous Coward | more than 2 years ago | (#39855749)

A government is just a group of people, notably ungoverned.

Now you're just quoting the Captain.

Re:Pertinent (3, Informative)

SuricouRaven (1897204) | more than 2 years ago | (#39854653)

In princible, vote for someone who says they'll lift the blocks. Accountability in a democracy is via the vote. How well that works in practice varies greatly by country.

Re:Pertinent (0)

Anonymous Coward | more than 2 years ago | (#39855059)

In a strange sense of irony, even though the pirate parties and that exist, pretty much nobody besides your typical internet geeks even know they exist.
Maybe a few people through facebook, but not really many.

They could really be using this whole Pirate Bay thing to their advantage. The current government went ahead and censored the entire site despite it being used to share completely open content, patches and the like. (certainly the only reason I have used it)
Why not block Facebook because it is possibly the current number 1 cause for bullying in general because it is so open?
Why not block Myspace because the musicians aren't with a label and are "robbing the industry of precious money"?
Not all of Pirate Bay is illegal content, hell, some countries even the "illegal content" considered illegal in most countries is completely fine. (until the MAFIAA get to them and deal with them)

I guess the only thing we can do is just make people both aware that:
1) You can change your DNS, which isn't illegal
2) the pirate parties will defend open knowledge and prevent stupidity like this from happening again, and to vote them if they wish since number 1 probably won't always be an option when [insert the greedy] find out and ban DNS changing...

Re:Pertinent (0)

Anonymous Coward | more than 2 years ago | (#39857035)

In a strange sense of irony, even though the pirate parties and that exist, pretty much nobody besides your typical internet geeks even know they exist.

Current predictions put them around 9% for the next state elections in Germany (cf. http://www.wahlrecht.de/umfragen/landtage/schleswig-holstein.htm and http://www.wahlrecht.de/umfragen/landtage/nrw.htm).

Re:Pertinent (0)

Anonymous Coward | more than 2 years ago | (#39855773)

REMEMBER than many ISPs are now immune to civil actions.

Re:Pertinent (2)

Grumbleduke (789126) | more than 2 years ago | (#39859699)

Especially in light of the UK's recent decision to block The Pirate Bay.

Could anyone sue the UK government if they were found to be blocking sites without providing a genuine legal reason for doing so?

Ah, but the UK didn't decide to block The Pirate Bay. An English (and Welsh, but not Scottish or Irish) court ruled that some of the UK's ISPs should block The Pirate Bay. That's a judicial decision rather than a governmental one, so would be challenged by an appeal. But as the ISPs weren't interested in fighting it in the first place, and no one else has both the resources and will to do so, it will probably stand forever.

Were a UK public body to block a website without a legal reason, that action/decision to do so could probably be challenged in the courts via a judicial review. That's using the basic legal principle that public bodies aren't allowed to do anything unless a law says they can (hence that case over prayer in a local council meeting recently).

But the UK governments have been sneaky about website blocking; they've left it to the courts, the police and the ISPs. So far, courts have ordered the blocking of at least 2 websites (Newzbin and now The Pirate Bay). Not sure how effective those will be.

The police seem to do it by seizing servers etc. in the process of investigations, or simply asking service providers to shut down websites (seize domain names, block financial transactions, SOPA-style stuff) - which is usually done through the service provider's contract with the target (i.e. "we can refuse your service if we have reason to believe you might be acting illegally"). This sort of thing seems to get used against financial scam sites as well as copyright cases (the police force that does it - the City of London one - happens to be near many of the major banks and the offices of the IFPI).

ISPs have also been doing their own web-blocking through the IWF blocklist system, set up under pressure from the government, but is run independently (thus making it immune to things like judicial review, Freedom of Information requests and the Human Rights Act). That mainly targets child abuse images although may have expanded now to cover racial hatred material. It's a bit unclear, which is kind of the point.

But anyway, the fear of the government being sued is partly why they haven't imposed laws about blocking certain websites (be it porn - the latest moral panic in Westminster - piracy or child abuse images). Their legal people will have advised them that blanket blocking proposals are likely to be illegal under EU and/or ECHR law.

ironic (5, Interesting)

jsh1972 (1095519) | more than 2 years ago | (#39854175)

Kind of ironic that with the multiple tor-centered stories on slashdot today that just now, when I tried to view this story, I was told that my IP was banned! I thought WTH, then realized that I had tor enabled on the device I was browsing on... (HP touchpad running cm9). I guess I can post AC, I just can't BROWSE anonymous...

Re:ironic (1)

Black Parrot (19622) | more than 2 years ago | (#39854651)

I guess I can post AC, I just can't BROWSE anonymous...

Oh, great... now we have a write-only internet.

Re:ironic (1)

BlueStrat (756137) | more than 2 years ago | (#39855167)

I guess I can post AC, I just can't BROWSE anonymous...

Oh, great... now we have a write-only internet.

Judging by an ever-growing number of /. posts and submissions, I'm not sure this will noticeably change anything.

Strat

Re:ironic (0)

Anonymous Coward | more than 2 years ago | (#39855133)

I guess I can post AC, I just can't BROWSE anonymous...

I'm going to hazard a guess that the TOR exit node you came out of has been blacklisted due to repeated brute force attempts on slashdot user logins. Probably other nodes as well, and I'd be completely unsurprised to find most of the well-known anonymous proxy services are blocked as well.

I'd love to run it.... (3, Insightful)

BLKMGK (34057) | more than 2 years ago | (#39854311)

I cannot find anything on the site that appears to make it available to me in a form I can run, a GIT repo for devs and some press releases is all. I suppose I could hit the "secure" .onion site but I see nothing to indicate there's code there. the summary appears to make it sound like they want participation and I'd love to help but see no way to do so.

Am I the only one that finds this clear as mud?

Re:I'd love to run it.... (1)

Anonymous Coward | more than 2 years ago | (#39854585)

you've already run it, by verifying that your helpful local filtering system removed the download link. now hurry up and don your tinfoil hat before they filter this post too.

Re:I'd love to run it.... (1)

Anonymous Coward | more than 2 years ago | (#39854611)

A git repo is (presumably) a "form you can run". Because, you know... "News for nerds", etc.

Re:I'd love to run it.... (0)

Anonymous Coward | more than 2 years ago | (#39854645)

A git repo is (presumably) a "form you can run". Because, you know... "News for nerds", etc.

Hmm
a lot of non-nerds run Tor, I'm making the (dangerous) assumption that most nerds will have the nous to know the score re possible monitoring and how to detect some of the more basic hijacks, I'd have assumed that a project like this would have been aimed at the 'non-nerd' community, as they're the ones most at risk.
A git repo, very 'civilian' friendly..

Re:I'd love to run it.... (0)

Anonymous Coward | more than 2 years ago | (#39854685)

Sorry my sarcasm emitter was on the wrong frequency...

*fiddle fiddle*

Try your detector now.

Re:I'd love to run it.... (0)

Anonymous Coward | more than 2 years ago | (#39858855)

apologies, I blame large amounts of Rum and lack of sleep..
I've taken the detector out the back and had it shot, I would have nuked it from orbit, alas, the old conestoga class is in for repairs at present..

Re:I'd love to run it.... (3, Informative)

jgrahn (181062) | more than 2 years ago | (#39854695)

A git repo is (presumably) a "form you can run". Because, you know... "News for nerds", etc.

That's what I thought before I clicked the link. It takes you to a list of dozens or hundreds of repos, private and public, for different pieces of software. No indication which one, if any, contains this particular release of this software. That's not how you release something.

Re:I'd love to run it.... (0)

Anonymous Coward | more than 2 years ago | (#39857091)

I agree that's not how you release something, but: There's exactly one ooni-probe.git on that page, so it's not really impossible to find.

Re:I'd love to run it.... (1)

Anachragnome (1008495) | more than 2 years ago | (#39854679)

"I suppose I could hit the "secure" .onion site but I see nothing to indicate there's code there."

For the second time today, I heard a little voice in the back of my head telling me "You don't really want to click that link..." leaving me wondering where the hell that came from. Both times intuition instantly took the helm and I browsed off on another tangent.

The first time was an article link on the main page of CNN's home page titled "How to hide from face-detection". In hindsight, what better way to find out who is interested in avoiding being tracked by face-recognition software then to place an article about the subject and watch who clicks. Add 'em to the database! Now, I'm not saying all of this went through my head when I saw the article, but rather intuition simply steered me away.

The second time this happened was when my mouse cursor was just now hovering over that very same button you just mentioned--The "Secure Website" button. This time around, intuition just said to me " I TOLD you so!". Again, in hindsight, what better way to find out who is interested in censorship (and by extension, circumventing it) then by dropping a link that claims to offer insight into the inner workings of censorship, and simply tracking the hits?

Now take the results of BOTH of those link traces. Anyone that now shows up at both goes one notch up the list of people to keep an eye on. Do this long enough, with enough crafted honeypots, and you end up with lists of people that are ranked by threat levels based on interest. This is essentially what the librarians have been warning us about. This link, the "Secure Website", didn't even work for me--standard Firefox "Server Not Found" error. Nothing of value was even offered by the website, that I can tell. Same goes with the CNN article--it's the same article, rehashed, that has been going around the web for a few months now (even here on /.).

OK, my sig has started to tell me to shut up now...

Re:I'd love to run it.... (0)

Anonymous Coward | more than 2 years ago | (#39854789)

"Add 'em to the database!"

Unless you run Tor, then the exit nodes are part of the databases. Do you see how this works, now? Or do you not understand how Tor works?

Re:I'd love to run it.... (0)

Anonymous Coward | more than 2 years ago | (#39855499)

The link goes to an onion site, that's a secure server only accessible via TOR. If you have the right software it works but I didn't have it setup and it wasn't clear what I'd get if I did....

Re:I'd love to run it.... (1)

drinkypoo (153816) | more than 2 years ago | (#39855615)

Am I the only one that finds this clear as mud?

No, you're not the only one. I went to go download it and run it before I made a comment and uh... no.

Perhaps we could have another story about this when it's in a form that you can compile and run without having to understand the software completely first. And I don't want to hear about how that's irresponsible, nearly nobody in the world understands every line of code on their computer, and probably ALL of them are here on Slashdot.

Re:I'd love to run it.... (1)

wealthychef (584778) | more than 2 years ago | (#39857433)

Perhaps it's slash dotted, but I get "Failed to Open Page" when I click on the link which points to http://5m4rylprkig4swgg.onion/ [5m4rylprkig4swgg.onion]

Re:I'd love to run it.... (1)

BLKMGK (34057) | more than 2 years ago | (#39866659)

Are you running TOR? If not the TOR .Onion link won't work. I don't happen to have TOR installed or I'd have explored the hidden site myself. So far though no one seems to have found the code to download and test near as I can tell...

Here we go again (0)

Anonymous Coward | more than 2 years ago | (#39854317)

Appelbaum found another programmer to leech reputation off of. Maybe eventually he'll learn to program one of these days...

Linux Bug Compromises Tor Users (1)

Anonymous Coward | more than 2 years ago | (#39854415)

Inaccessible for everyone or just me? (1)

AftanGustur (7715) | more than 2 years ago | (#39854657)

A nice tool to get a hint of if a certain website is down/inaccessibel for everyone or just you is This Tool! [downforeve...justme.com]

This service attempts to make a connection to a website of your choice so you can see if it is just your ISP that can't access it.

Re:Inaccessible for everyone or just me? (3, Interesting)

Plunky (929104) | more than 2 years ago | (#39854787)

A nice tool to get a hint of if a certain website is down/inaccessibel for everyone or just you is This Tool! [downforeve...justme.com]

This service attempts to make a connection to a website of your choice so you can see if it is just your ISP that can't access it.

Of course, since that is a known site it could easily be redirected to a locally hosted copy that said "Yes, that site is down for everybody! Its not just you!" for sites that were being blocked..

Re:Inaccessible for everyone or just me? (0)

Anonymous Coward | more than 2 years ago | (#39924867)

Of course, since that is a known site it could easily be redirected to a locally hosted copy that said "Yes, that site is down for everybody! Its not just you!" for sites that were being blocked..

What do you mean?! I just get a dialog box reading Firefox can't find the server at downforeveryoneorjustme.com

Quick links to .onion forums (0)

Anonymous Coward | more than 2 years ago | (#39854707)

Quick links to .onion forums which require Tor:

1. HackBB Discussion Forum:

Quick Link: http://www.tinyurl.com/hackbbonion [tinyurl.com]
Real Address: http://clsvtzwzdgzkjda7.onion/ [clsvtzwzdgzkjda7.onion]

#####

2. Onion Forum 2

Quick Link: http://www.tinyurl.com/onionforum2 [tinyurl.com]
Real Address: http://65bgvta7yos3sce5.onion/ [65bgvta7yos3sce5.onion]

Warning: view either site with images and cookies disabled in your browser. Never visit .onion sites with images enabled in your browser!

Re:Quick links to .onion forums (1)

mamas (468872) | more than 2 years ago | (#39855163)

> Warning: view either site with images and cookies disabled in your browser. Never visit .onion sites with images enabled in your browser!

Why? Any reference to where the issue is described?

Re:Quick links to .onion forums (0)

Anonymous Coward | more than 2 years ago | (#39855347)

There are several choices:

1) child porn
2) img links loading resources from non-onion sites (seems like this could be a number of different resources though, javascript etc) (also using a tinyrurl link to get to an onion site lets everyone know you're going there)
3) img links to malformed image files exploiting browser bugs (it's a forum called "hackbb" what do you expect?)
4) img links to https://bank.com/transfer-money.php?amount=5000&account=12345&verified=1 [bank.com] (see 3)

That's just off the top of my head. But I think paranoia about #1 is probably right.

Re:Quick links to .onion forums (1)

mamas (468872) | more than 2 years ago | (#39855517)

Are you worried about sensitivity issues? That does not seem to be a valid technical reason. Even if such image pops up, you're being tor, so nobody will know you've seen it. That does not seem a good reason to spread unjustified "Never visit .onion sites with images enabled in your browser!" FUD.

As for #2, yes, that's what I was thinking. Even a frame could be load from non-onion sites. Heck, you can easily wrap the whole page inside a frame... It seems to be that if that's a worry, then the browser should forbid accesses to non-onion sites from onion sites, either built in, or with a plugin (for user clicks, pop-up a "are you sure you want to go there" warning).

#3 and #4 seem to have nothing to do with onion at all. Those can trigger in non-onion domains just the same.

Re:Quick links to .onion forums (1)

mamas (468872) | more than 2 years ago | (#39855531)

s/being tor/behind tor/

Where's the edit button...

Re:Quick links to .onion forums (1)

blackraven14250 (902843) | more than 2 years ago | (#39858861)

It's still in the works...

This is a Joke right? (0)

Anonymous Coward | more than 2 years ago | (#39855709)

The web page has a big onion in the top left, which is the icon for the Onion Network, and I don't see any reference to Onions in the text.

Boycott T-Mobile (0)

Anonymous Coward | more than 2 years ago | (#39856039)

OT, but since the article mentioned it, I got a throwaway prepaid T-Mobile phone for use when I'm outdoors and didn't want to bring my expensive Android phone. The first time I tried browsing and was blocked by the "Web Guard", I called and cussed them out. They refused, under any circumstances, to remove the "Web Guard" unless I came in to a corporate T-Mobile store and showed them a "valid government issued identification". It's a prepaid SIM card. FFS. I hate invoking Godwin, but is there anything we *can* do without producing our papers nowadays? (On a side note, I was recently told by a waitress at a pizza place that *everyone* in my state now has to have valid papers in order to drink a beer, regardless of age or anything else, you must produce your papers, citizen.)

The mouth-breather on the other end of the line actually said "are you saying we shouldn't keep children safe from danger on the internet". Mind-blowing how far the mind-numbed morons will take us in the name of "just doing their job".

Re:Boycott T-Mobile (0)

Anonymous Coward | more than 2 years ago | (#39856225)

"are you saying we shouldn't keep children safe from danger on the internet"

And your response was what? Hopefully you told them about how pornography doesn't actually harm children...

And it even has an effect (1)

Hentes (2461350) | more than 2 years ago | (#39856419)

The tool has already been used to expose censorship by T-Mobile of its prepaid phones' browser and also by the Palestinian Authority, which was found to be blocking opposition websites. The minister responsible for the Palestinian censorship was forced to resign last week.

I would like to see that happen in Europe too.

Re:And it even has an effect (0)

Anonymous Coward | more than 2 years ago | (#39864623)

Or at T-Mobile.

Censorship and corruption in Fatah? (1)

Alimony Pakhdan (1855364) | more than 2 years ago | (#39863673)

What do you expect from a former Soviet client terrorist organization?

Another Tor BB Bug (0)

Anonymous Coward | more than 2 years ago | (#39876113)

Firefox security bug (proxy-bypass) in current TBBs

https://blog.torproject.org/blog/firefox-security-bug-proxy-bypass-current-tbbs [torproject.org]

"A user has discovered a severe security bug in Firefox related to websockets bypassing the SOCKS proxy DNS configuration. This means when connecting to a websocket service, your Firefox will query your local DNS resolver, rather than only communicating through its proxy (Tor) as it is configured to do. This bug is present in current Tor Browser Bundles (2.2.35-9 on Windows; 2.2.35-10 on MacOS and Linux).

To fix this dns leak/security hole, follow these steps:

        Type âoeabout:configâ (without the quotes) into the Firefox URL bar. Press Enter.
        Type âoewebsocketâ (again, without the quotes) into the search bar that appears below "about:config".
        Double-click on âoenetwork.websocket.enabledâ. That line should now show âoefalseâ in the âValueâ(TM) column.

See Tor bug 5741 for more details.
(https://bugs.torproject.org/5741)
We are currently working on new bundles with a better fix."

- http://pastebin.com/xajsbiyh [pastebin.com]

#
Anonymous comments:
#
On May 2nd, 2012 Anonymous said:

Oh dear :(

Does anyone know if IP addresses leaked to Twitter when (through NoScript) I enabled javascript for that site?

If yes, I may be in trouble.
#
On May 2nd, 2012 Anonymous said:

@anon, AFAIK Twitter does not use web sockets, so even if you enabled Javascript on Twitter it should not be an issue. I could be wrong or there could be other issues.
#
On May 2nd, 2012 Anonymous said:

Theoretically, an exit node can embed a websocket into your traffic stream if you are using HTTP.
#
On May 2nd, 2012 Anonymous said:

As long as you weren't doing anything illegal in the United States you should be fine. Tor has never been about hiding illegal activity. And since Twitter is in the US and doesn't respond to foreign court orders⦠wellâ¦
#
On May 2nd, 2012 Anonymous said:

Ah right, maybe Anonymous "Oh dear" is a fucking communist, or even a dirty whistle blower like Maning! Brave, law abide citizens haven't got anything, that must be hidden, so maybe you want to forbid TOR, Mr. McCarthy?
#
On May 2nd, 2012 Anonymous said:

Oh great, so all my Pastebins are belong to the Feds?
#

THE DRAMA CONTINUES...

TBB proxy bypass: Some DNS requests not going through Tor
Ticket #5741 (closed defect: fixed)
https://trac.torproject.org/projects/tor/ticket/5741 [torproject.org]

"This is not the first time some rarely triggered bug in Firefox causes Tor to be bypassed, and certainly will not be the last one. Since these bugs have a very high security impact I propose they are guarded against. How about running Firefox inside some kind of firewall that drops all network packets not going to Tor?"
#
Comments:
#
by mikeperry

Good catch Robert. Disabling about:config pref network.websocket.enabled prevents it from happening for me... I'm now grepping through the Firefox WebSocket code looking for the issue..

#
by mikeperry

This is fixed and pushed to all TBB branches. I fixed it by blocking all DNS requests while socks_remote_dns is enabled, so we don't end up with this showing up in new components in the future.

Interested folks can review the patch here: https://gitweb.torproject.org/torbrowser.git/blob/maint-2.2:/src/current-patches/firefox/0018-Prevent-WebSocket-DNS-leak.patch [torproject.org]
#
Additional Reference:

[tor-talk] Firefox security bug (proxy-bypass) in current TBBs

Robert Ransom rransom.8774 at gmail.com
Wed May 2 22:43:52 UTC 2012

See https://blog.torproject.org/blog/firefox-security-bug-proxy-bypass-current-tbbs [torproject.org]
for the security advisory.

Robert Ransom

https://lists.torproject.org/pipermail/tor-talk/2012-May/024123.html [torproject.org]
#
Tor/TBB Developer Activity for 2012/May: https://lists.torproject.org/pipermail/tor-commits/2012-May/thread.html [torproject.org]
#
Another version of TBB, another bug. IMO, they should mark all releases of TBB as ALPHA!

At the time of this bug report collection and passing the news onto others, there have not been any new release of TBB versions to fix this bug on their download pages, but it'll come.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>