13. Anonymity Tools; Designing for Activists and Journalists · Designing for Activists and...
Transcript of 13. Anonymity Tools; Designing for Activists and Journalists · Designing for Activists and...
![Page 1: 13. Anonymity Tools; Designing for Activists and Journalists · Designing for Activists and Journalists Blase Ur and Mainack Mondal May 7th, 2018 CMSC 23210 / 33210. 2 Today’s class](https://reader030.fdocuments.us/reader030/viewer/2022040413/5f0fe5d77e708231d4466ec8/html5/thumbnails/1.jpg)
1
13. Anonymity Tools;
Designing for Activists
and Journalists
Blase Ur and Mainack Mondal
May 7th, 2018
CMSC 23210 / 33210
![Page 2: 13. Anonymity Tools; Designing for Activists and Journalists · Designing for Activists and Journalists Blase Ur and Mainack Mondal May 7th, 2018 CMSC 23210 / 33210. 2 Today’s class](https://reader030.fdocuments.us/reader030/viewer/2022040413/5f0fe5d77e708231d4466ec8/html5/thumbnails/2.jpg)
2
Today’s class
• Anonymity and censorship
• More secure / anonymous browsing
– Private browsing modes
– VPNs
– Tor
• Leaking data to journalists
![Page 3: 13. Anonymity Tools; Designing for Activists and Journalists · Designing for Activists and Journalists Blase Ur and Mainack Mondal May 7th, 2018 CMSC 23210 / 33210. 2 Today’s class](https://reader030.fdocuments.us/reader030/viewer/2022040413/5f0fe5d77e708231d4466ec8/html5/thumbnails/3.jpg)
3
Why is anonymity valuable?
![Page 4: 13. Anonymity Tools; Designing for Activists and Journalists · Designing for Activists and Journalists Blase Ur and Mainack Mondal May 7th, 2018 CMSC 23210 / 33210. 2 Today’s class](https://reader030.fdocuments.us/reader030/viewer/2022040413/5f0fe5d77e708231d4466ec8/html5/thumbnails/4.jpg)
4
Why do people criticize censorship?
![Page 5: 13. Anonymity Tools; Designing for Activists and Journalists · Designing for Activists and Journalists Blase Ur and Mainack Mondal May 7th, 2018 CMSC 23210 / 33210. 2 Today’s class](https://reader030.fdocuments.us/reader030/viewer/2022040413/5f0fe5d77e708231d4466ec8/html5/thumbnails/5.jpg)
5
Press censorship in practice
![Page 6: 13. Anonymity Tools; Designing for Activists and Journalists · Designing for Activists and Journalists Blase Ur and Mainack Mondal May 7th, 2018 CMSC 23210 / 33210. 2 Today’s class](https://reader030.fdocuments.us/reader030/viewer/2022040413/5f0fe5d77e708231d4466ec8/html5/thumbnails/6.jpg)
6
Techniques for censoring the Internet
• Methods (see, e.g., Aryan et al. FOCI '13):
– DNS hijacking / prefix hijacking
– HTTP header (host and keyword) filtering
– Connection throttling on SSH
– Physical threats
– Dropping HTTPS / TLS traffic
– IP, Keyword, DNS poisoning
– Deep packet inspection
– Active probes against Tor bridges
– Self-censorship (chilling effect)
![Page 7: 13. Anonymity Tools; Designing for Activists and Journalists · Designing for Activists and Journalists Blase Ur and Mainack Mondal May 7th, 2018 CMSC 23210 / 33210. 2 Today’s class](https://reader030.fdocuments.us/reader030/viewer/2022040413/5f0fe5d77e708231d4466ec8/html5/thumbnails/7.jpg)
7
Techniques for (some) anonymity
• Encrypt everything
• Use Tor to communicate
• Off-the-record (OTR) messaging
• Don’t use services that track you
![Page 8: 13. Anonymity Tools; Designing for Activists and Journalists · Designing for Activists and Journalists Blase Ur and Mainack Mondal May 7th, 2018 CMSC 23210 / 33210. 2 Today’s class](https://reader030.fdocuments.us/reader030/viewer/2022040413/5f0fe5d77e708231d4466ec8/html5/thumbnails/8.jpg)
8
Private browsing
![Page 9: 13. Anonymity Tools; Designing for Activists and Journalists · Designing for Activists and Journalists Blase Ur and Mainack Mondal May 7th, 2018 CMSC 23210 / 33210. 2 Today’s class](https://reader030.fdocuments.us/reader030/viewer/2022040413/5f0fe5d77e708231d4466ec8/html5/thumbnails/9.jpg)
9
Private Browsing
![Page 10: 13. Anonymity Tools; Designing for Activists and Journalists · Designing for Activists and Journalists Blase Ur and Mainack Mondal May 7th, 2018 CMSC 23210 / 33210. 2 Today’s class](https://reader030.fdocuments.us/reader030/viewer/2022040413/5f0fe5d77e708231d4466ec8/html5/thumbnails/10.jpg)
10
Private Browsing
![Page 11: 13. Anonymity Tools; Designing for Activists and Journalists · Designing for Activists and Journalists Blase Ur and Mainack Mondal May 7th, 2018 CMSC 23210 / 33210. 2 Today’s class](https://reader030.fdocuments.us/reader030/viewer/2022040413/5f0fe5d77e708231d4466ec8/html5/thumbnails/11.jpg)
11
NoScript
![Page 12: 13. Anonymity Tools; Designing for Activists and Journalists · Designing for Activists and Journalists Blase Ur and Mainack Mondal May 7th, 2018 CMSC 23210 / 33210. 2 Today’s class](https://reader030.fdocuments.us/reader030/viewer/2022040413/5f0fe5d77e708231d4466ec8/html5/thumbnails/12.jpg)
12
Brave
![Page 13: 13. Anonymity Tools; Designing for Activists and Journalists · Designing for Activists and Journalists Blase Ur and Mainack Mondal May 7th, 2018 CMSC 23210 / 33210. 2 Today’s class](https://reader030.fdocuments.us/reader030/viewer/2022040413/5f0fe5d77e708231d4466ec8/html5/thumbnails/13.jpg)
13
Virtual Private Networks (VPNs)
![Page 14: 13. Anonymity Tools; Designing for Activists and Journalists · Designing for Activists and Journalists Blase Ur and Mainack Mondal May 7th, 2018 CMSC 23210 / 33210. 2 Today’s class](https://reader030.fdocuments.us/reader030/viewer/2022040413/5f0fe5d77e708231d4466ec8/html5/thumbnails/14.jpg)
14
Overview of Tor
• The Onion Router (Tor)
– Onion routing introduced by U.S. Naval
Research Labs ~ 20 years ago
– Dingledine, Matthewson, Syverson introduced
Tor in a USENIX Security paper in ‘04
![Page 15: 13. Anonymity Tools; Designing for Activists and Journalists · Designing for Activists and Journalists Blase Ur and Mainack Mondal May 7th, 2018 CMSC 23210 / 33210. 2 Today’s class](https://reader030.fdocuments.us/reader030/viewer/2022040413/5f0fe5d77e708231d4466ec8/html5/thumbnails/15.jpg)
15
How Tor works (graphics from EFF)
![Page 16: 13. Anonymity Tools; Designing for Activists and Journalists · Designing for Activists and Journalists Blase Ur and Mainack Mondal May 7th, 2018 CMSC 23210 / 33210. 2 Today’s class](https://reader030.fdocuments.us/reader030/viewer/2022040413/5f0fe5d77e708231d4466ec8/html5/thumbnails/16.jpg)
16
How Tor works (graphics from EFF)
![Page 17: 13. Anonymity Tools; Designing for Activists and Journalists · Designing for Activists and Journalists Blase Ur and Mainack Mondal May 7th, 2018 CMSC 23210 / 33210. 2 Today’s class](https://reader030.fdocuments.us/reader030/viewer/2022040413/5f0fe5d77e708231d4466ec8/html5/thumbnails/17.jpg)
17
How Tor works (graphics from EFF)
![Page 18: 13. Anonymity Tools; Designing for Activists and Journalists · Designing for Activists and Journalists Blase Ur and Mainack Mondal May 7th, 2018 CMSC 23210 / 33210. 2 Today’s class](https://reader030.fdocuments.us/reader030/viewer/2022040413/5f0fe5d77e708231d4466ec8/html5/thumbnails/18.jpg)
18
How Tor works
![Page 19: 13. Anonymity Tools; Designing for Activists and Journalists · Designing for Activists and Journalists Blase Ur and Mainack Mondal May 7th, 2018 CMSC 23210 / 33210. 2 Today’s class](https://reader030.fdocuments.us/reader030/viewer/2022040413/5f0fe5d77e708231d4466ec8/html5/thumbnails/19.jpg)
19
What does Tor protect against?
![Page 20: 13. Anonymity Tools; Designing for Activists and Journalists · Designing for Activists and Journalists Blase Ur and Mainack Mondal May 7th, 2018 CMSC 23210 / 33210. 2 Today’s class](https://reader030.fdocuments.us/reader030/viewer/2022040413/5f0fe5d77e708231d4466ec8/html5/thumbnails/20.jpg)
20
What does Tor NOT protect against?
![Page 21: 13. Anonymity Tools; Designing for Activists and Journalists · Designing for Activists and Journalists Blase Ur and Mainack Mondal May 7th, 2018 CMSC 23210 / 33210. 2 Today’s class](https://reader030.fdocuments.us/reader030/viewer/2022040413/5f0fe5d77e708231d4466ec8/html5/thumbnails/21.jpg)
21
Threats Against Tor
• Vulnerabilities in the protocol
• Vulnerabilities in the implementation
• Adversaries controlling large parts of the
network and analyzing traffic/timing
• Vulnerabilities on the user’s end
– E.g., old version of Firefox
• Human error on the part of the user
• Not enough users! (no hiding in the crowd)
![Page 22: 13. Anonymity Tools; Designing for Activists and Journalists · Designing for Activists and Journalists Blase Ur and Mainack Mondal May 7th, 2018 CMSC 23210 / 33210. 2 Today’s class](https://reader030.fdocuments.us/reader030/viewer/2022040413/5f0fe5d77e708231d4466ec8/html5/thumbnails/22.jpg)
22
Tor warnings
![Page 23: 13. Anonymity Tools; Designing for Activists and Journalists · Designing for Activists and Journalists Blase Ur and Mainack Mondal May 7th, 2018 CMSC 23210 / 33210. 2 Today’s class](https://reader030.fdocuments.us/reader030/viewer/2022040413/5f0fe5d77e708231d4466ec8/html5/thumbnails/23.jpg)
23
Making anonymity usable (example)
• Tor browser bundle
• TAILS (The Amnesic Incognito Live System)
• OTR (off-the-record) messaging tools
![Page 24: 13. Anonymity Tools; Designing for Activists and Journalists · Designing for Activists and Journalists Blase Ur and Mainack Mondal May 7th, 2018 CMSC 23210 / 33210. 2 Today’s class](https://reader030.fdocuments.us/reader030/viewer/2022040413/5f0fe5d77e708231d4466ec8/html5/thumbnails/24.jpg)
24
Why Johnny Can’t Blow the Whistle
• Identify stop-points in Tor Browser Bundle
• Highlight the security reason behind delays
• Combine Vidalia control window & browser
• Change icon
• Direct users to the right OS version
![Page 25: 13. Anonymity Tools; Designing for Activists and Journalists · Designing for Activists and Journalists Blase Ur and Mainack Mondal May 7th, 2018 CMSC 23210 / 33210. 2 Today’s class](https://reader030.fdocuments.us/reader030/viewer/2022040413/5f0fe5d77e708231d4466ec8/html5/thumbnails/25.jpg)
25
Academic literature on journalists
• McGregor et al., “Investigating the
Computer Security Practices and Needs of
Journalists,” USENIX Security 2015.
• Gaw et al., “Secrecy, Flagging, and
Paranoia: Adoption Criteria in Encrypted
Email,” CHI 2006.
![Page 26: 13. Anonymity Tools; Designing for Activists and Journalists · Designing for Activists and Journalists Blase Ur and Mainack Mondal May 7th, 2018 CMSC 23210 / 33210. 2 Today’s class](https://reader030.fdocuments.us/reader030/viewer/2022040413/5f0fe5d77e708231d4466ec8/html5/thumbnails/26.jpg)
26
Guides to leaking and protesting
• https://www.nytimes.com/newsgraphics/20
16/news-tips
• http://www.theglobeandmail.com/technolo
gy/the-paranoid-computer-users-guide-to-
privacy/article18928710/
• https://ssd.eff.org/en/module/attending-
protests-united-states
![Page 27: 13. Anonymity Tools; Designing for Activists and Journalists · Designing for Activists and Journalists Blase Ur and Mainack Mondal May 7th, 2018 CMSC 23210 / 33210. 2 Today’s class](https://reader030.fdocuments.us/reader030/viewer/2022040413/5f0fe5d77e708231d4466ec8/html5/thumbnails/27.jpg)
27
NY Times’s leak instructions
![Page 28: 13. Anonymity Tools; Designing for Activists and Journalists · Designing for Activists and Journalists Blase Ur and Mainack Mondal May 7th, 2018 CMSC 23210 / 33210. 2 Today’s class](https://reader030.fdocuments.us/reader030/viewer/2022040413/5f0fe5d77e708231d4466ec8/html5/thumbnails/28.jpg)
28
![Page 29: 13. Anonymity Tools; Designing for Activists and Journalists · Designing for Activists and Journalists Blase Ur and Mainack Mondal May 7th, 2018 CMSC 23210 / 33210. 2 Today’s class](https://reader030.fdocuments.us/reader030/viewer/2022040413/5f0fe5d77e708231d4466ec8/html5/thumbnails/29.jpg)
29
Huffpost’s leak instructions
![Page 30: 13. Anonymity Tools; Designing for Activists and Journalists · Designing for Activists and Journalists Blase Ur and Mainack Mondal May 7th, 2018 CMSC 23210 / 33210. 2 Today’s class](https://reader030.fdocuments.us/reader030/viewer/2022040413/5f0fe5d77e708231d4466ec8/html5/thumbnails/30.jpg)
30