Category Archives: Good News

Crypto Diritti Digitali Good News hacktivism Open Source

TorChat: messenger application

28 luglio 2011 – 12:26

Giusto per segnalare l’esistenza di questo progetto, anche se non ho ancora avuto modo di provarlo e testarlo.

TorChat è una chat msn-like basata su TOR, che garantisce la cifratura (il traffico tor viaggia cifrato end-to-end) e l’autenticazione della conversazione,  oltre che l’anonimato della propra posizione.

TorChat is a peer to peer instant messenger with a completely decentralized design, built on top of Tor’s location hidden services, giving you extremely strong anonymity while being very easy to use without the need to install or configure anything.

TorChat just runs from an USB drive on any Windows PC. (It can run on Linux and Mac too, in fact it was developed on Linux with cross platform usability in mind from the very first moment on, but the installation on other platforms than Windows is a bit more complicated at the moment)

Riporto qualche stralcio dal sito ufficiale del progetto:

Encryption

All TorChat traffic is encrypted end-to-end.

There are some misunderstandings floating around regarding Tor and encryption. Whenever I mention Tor and encryption in the same sentence the immediate reflex response of many people is: “But Tor provides no encryption!” This statement is true for most applications but not for all. The most commonly known usage of Tor is to use it as an anonymizer for traffic between the anonymous user and a publicly available service in the Internet and while the traffic will travel encrypted through the Tor network it MUST at some point leave the Tor network and enter the unencrypted internet to reach its final destination. This is the origin of the above mentioned “Tor provides no encryption” and it is undoubtedly true for this most widely known and practiced application of Tor and users should understand it.

However, there exists another and less commonly known mode of operation in which two Tor clients can initiate a fully encrypted peer-to-peer connection between each other that will not leave the Tor network at any point! This is what TorChat is using. Both clients build a normal 3 node circuit from each end to some random tor node in the middle to “meet” there and connect their circuits with each other. Upon connection another layer of encryption is established reaching through from one client to the other, building one uninterrupted encrypted tunnel through all 6 nodes between the two end points. This means all TorChat traffic is end2end encrypted. There are no exit nodes involved in this mode, at no point other than your and your buddies own computer will the traffic ever leave the Tor network.

This less known Tor mode is called Tor hidden services, you can read more about it on the above link. It effectively allows true hidden peer-to-peer networks, there are just not many softwares that make any use of its peer-to-peer capability, most use it more in a traditional client-server manner, TorChat is one of the few (and at the moment I don’t know of any other).

Authentication

TorChat buddies authenticate themselves by proving that they are reachable though their .onion address.

The Tor hidden service protocol by itself has no built-in authentication mechanism for incoming connections but it can guarantee that when you initiate an outgoing connection to a given .onion address you can never end up at the wrong counterpart, the one who answers the connection is the one who is in possession of the private key belonging to this address (the private_key file in the hidden_service folder).

Therefore TorChat will not trust any incoming connection and instead immediately try to open an outgoing connection to call back any incoming buddy on the address he pretends to be. A random cookie will then be sent out by both clients on their (trusted) outgoing connection that must be correctly answered on the incoming connection. Only after the answer is found to be correct the incoming connection can be trusted, the status of the buddy will be displayed as on-line and incoming messages from this buddy will be accepted.

It is essential that you don’t lose the private_key file belonging to your ID because the one who finds it will be able to pretend to be you. Using a tool like TrueCrypt is a good idea when you intend to use TorChat on a portable USB drive as these devices can easily be lost or stolen.

Twitter It!
Tags , | Permalink | Comment (1)
Diritti Digitali Good News hacktivism Networking

EFF Campaign Increases the Number of Tor Relays by 13.4%

28 luglio 2011 – 12:15

Articolo originale pubblicato sul sito della EFF
Watching the revolutions unfolding in the Arab world this springtime – and learning details first-hand from our friends on the ground – we at EFF struggled to find meaningful ways to support democratic activists and promote online freedom of expression. But we didn’t just want to lend a helping hand –we wanted to create a pathway so that anyone, anywhere in the world, could contribute to making the Internet more private and more resistant to censorship. From these discussions came our idea of launching the Tor Challenge.

We started the Tor Challenge with a simple goal: to launch 100 new Tor relays. Tor is software that individuals –including online activists in authoritarian regimes– can use to mask their IP addresses and proxy out to uncensored networks, helping them dodge network surveillance and elude online censorship. But Tor isn’t merely software – it’s also a network of volunteer computers, each donating bandwidth and acting as a router so that people can bounce their requests through the network, thereby obscuring their digital tracks.

We launched our campaign on May 31, 2011 –and within days surpassed our goal of 100 new relays. Today, we are closing the challenge after adding 549 new relays to the network. This includes:

Exit relays: 123
Middle relays: 299
Bridges: 127
Current bandwidth: 326,084 kb/s
Percentage of Tor network bandwidth: 5.77%

While some of the new relays were later taken offline, the majority of them stayed operational. The total number of public relays in the Tor network has increased by 13.4% during the course of our campaign.

There is an acute need for circumvention technologies in authoritarian regimes – and even activists in many would-be progressive societies may feel safer if they can avoid the electronic gaze of authorities. Jacob Appelbaum, a security researcher and advocate for the Tor Project, recently wrote:

The Tor Challenge is a phenomenal show of support for the Tor network and the network graphs show the results. The efforts expended by EFF supporters around the world have helped to continue the Tor network’s growth in a positive direction. Additionally, the educational efforts made by the EFF have similarly impacted the world; people everywhere understand the need for anonymity as well as how to use Tor to meet their needs in a practical manner.

While EFF’s Tor Challenge may have ended, individuals and organizations that want to create a more private Internet can still run Tor relays. And those who want to support Tor but aren’t tech-savvy can find an ally in TorServers.net, an organization based in Germany that provides technical assistance and support in running Tor relays.

Our gratitude goes out to the hundreds of individuals who set up relays and donated bandwidth to help strengthen the network. They are true defenders of online freedoms.

Twitter It!
Tags , | Permalink | Comment (0)
Crypto Good News hacktivism Open Source

Kriptonite – Ristampa dal basso

11 luglio 2011 – 12:30

Kriptonite è uno di quei libri che non sono mai riuscito a tenere per mano. Forse già non si trovavano copie in vendita quando ho scoperto la sua esistenza.

Per chi come me ha letto la versione in PDF, ma continua comunque a preferire le versioni cartacee dei libri, c’è un’opportunità oggi grazie a Produzioni dal Basso.

E’ possibile finanziare “dal basso” la ristampa di questo libro prenotandone una copia:

Twitter It!
Tags , , | Permalink | Comment (1)
Controllo Diritti Digitali Good News hacktivism Open Source

TAILS 0.7.2

15 giugno 2011 – 15:00

An update to the fully anonymous operating system, TAILS, is now available. Version 0.7.2 includes notable user-visible changes include:

Iceweasel
- Disable Torbutton’s external application launch warning. … which advises using Tails. Tails is running Tails.
- FoxyProxy: install from Debian instead of the older one we previously shipped.

Software
- Upgrade Linux kernel to Debian’s 2.6.32-34squeeze1: fixes tons of bugs, closes a few security holes at well.
- haveged: install an official Debian backport instead of a custom backport.
o unrar: install the version from Debian’s non-free repository. Users report unrar-free does not work well enough.

Plus the usual bunch of minor bug reports and improvements. It can be downloaded from here or via bittorrent to save everyone some bandwidth.

The fully detailed changelog can be found here

Twitter It!
Tags , , , , , , , | Permalink | Comment (0)
Good News Open Source Security

Deface della pagina di BackTrack

12 maggio 2011 – 08:49

Articolo originale pubblicato su OverSecurity

La pagina descrittiva di BackTrack sul sito ufficiale del salone dell’Open Source ha subito un attacco con particolare attenzione alla presentazione della distribuzione, il sito riportava testualmente:

BackTrack est une distribution qui utilise des logiciels open source, sans partager la philosophie et les principes, a des fin financières seulement. La promotion de leurs cours qui ont pour principal objectif de gagner de l’argent pour nos membres et de délivrer des certifications à toutes fins pratiques sont inutiles.

sfruttando Google Translator capiamo che la frase non ha un tono amichevole:

BackTrack è una distribuzione che utilizza il software open source senza condividere la filosofia e i principi, ha uno scopo esclusivamente finanziario. Promuovere i propri corsi il cui obiettivo principale è quello di guadagnare denaro per i nostri membri e di rilasciare le certificazioni ai fini pratici, sono inutili.

read more »

Twitter It!
Tags , , , | Permalink | Comment (0)
Good News HowTo Open Source

HackIt 0x0E

5 maggio 2011 – 12:51

Anche quest’anno torna l’hackmeeting:

L’ultimo hackmeeting prima del 2012.

Hackmeeting 24-25-26 GiugnoFirenze

L’hackmeeting è l’incontro annuale delle delle controculture digitali, ovvero delle comunità e delle individualità che si pongono in maniera critica e propositiva rispetto all’avanzare delle nuove tecnologie.

Tre giorni di seminari, giochi, feste, dibattiti, scambi di idee e apprendimento collettivo, per analizzare assieme le tecnologie che utilizziamo quotidianamente, come cambiano e che stravolgimenti inducono sulle nostre vite reali e virtuali, quale ruolo possiamo rivestire  nell’indirizzare questo cambiamento per liberarlo dal controllo di chi vuole monopolizzare lo sviluppo, sgretolando i tessuti sociali per relegarci nei nostri spazi virtuali dove ci illudiamo al sicuro dalla precarietà reale.

L’evento è totalmente autogestito: non ci sono organizzatori e fruitori, ma solo partecipanti.

Sito di riferimento: http://it.hackmeeting.org/

Qui il programma di WarmUp preparatori: http://it.hackmeeting.org/warm-up.html

Twitter It!
Tags , , , | Permalink | Comment (0)
Controllo Diritti Digitali Good News

Big Brother Award 2011

27 aprile 2011 – 09:05

Mercoledi’ 27 aprile e’ iniziata ufficialmente la raccolta delle nomine per il Big Brother Award Italia 2011, che terminera’ il 20 maggio.

Cos’e’ il BBA Italia? E’ un premio “in negativo” che ormai da anni viene assegnato in tutto il mondo a chi piu’ ha danneggiato la privacy.

La maggioranza del Popolo della Rete sembra ormai convinta che parlare di liberta’ e diritti civili in Rete sia un esercizio retorico e ripetitivo, e che il tecnocontrollo sociale sia ormai una realta’ largamente accettata ed alla quale e’ inutile opporsi.
Il BBA si propone di riportare l’attenzione del Popolo della Rete su coloro che attivamente o passivamente contribuiscono a questa situazione.

Anche in questa atmosfera cupa, il BBA rimane una iniziativa seria ma realizzata con allegria; tutto il BBA e’ infatti permeato anche dalla voglia di divertirsi, non certo per sdrammatizzare la situazione, ma perche’ fare le cose con allegria aiuta a farle bene.

E’ quindi possibile che anche quest’anno alla cerimonia di assegnazione, che avverra’ a Firenze il 3 giugno durante il convegno e-privacy 2011, qualche ospite nuovo ed imprevisto si faccia vedere…

Il meccanismo del BBA e’ quest’anno ancora piu’ semplice. Chiunque, entro il 20 maggio, potra’ proporre uno o piu’ candidati per una o piu’ delle 4 categorie del premio.

Il form per la nomina si trova qui.

E’ anche possibile votare per email, inviando i dati della nomination a bba-nomination@winstonsmith.org, anche via anonymous remailer.

Quest’anno il premio verra’ assegnato senza la mediazione di una Giuria; le nomination verranno’ raccolte e presentate tal quali ai partecipanti al convegno, che voteranno direttamente durante la cerimonia di assegnazione.

Anche le categorie dei premi sono state rese piu’ snelle.
Oltre all’immortale premio “Lamento del Popolo”, assegnato automaticamente a chi riceve piu’ nomination, le categorie sono “Peggior ente pubblico”, “Peggiore azienda privata” e “Peggiore tecnologia”.

E’ stato mantenuto anche il premio positivo “Winston Smith – eroe della privacy”.

Altre informazioni su: http://bba.winstonsmith.org/

Twitter It!
Tags , , , | Permalink | Comment (0)

Pagina successiva »

Pagina successiva »