kaos.theory Responds

First of all, I’d like to take a moment to express, on behalf of kaos.theory, how excited and flattered we are by all of the attention that we and Anonym.OS have received. We always thought we were working on a cool project, but we really underestimated the overwhelming response that we’ve had. Scores of terabyte upon terrabytes of data have flowed and the hit counters keep on ticking. It appears that privacy is as big of a concern for a large segment of the population as it is for us.

That being said, there have been a few comments made and viewpoints published that we would like to address while we have the bully pulpit provided by the good folks at digg, Slashdot, Reddit, Wired News, and Ars Technica, among others.

In the article written and posted at Wired News, Ethan Zuckerman makes the excellent point that rebooting really isn’t an option for many living in oppressive, hostile regimes. Additionally, Mr. Zuckerman suggests the use of a bootable / emulated Anonym.OS environment available from a removable, USB key chain device. This is a feature that we have already incorporated into our road map and that we hope to release very soon.

For now, we need as many people as can reboot or run a session in VMWare / Virtual PC / QEMU to please please please test our release. We’re not at 1.0 yet, contrary to some postings and articles. Our hope with this release is to solicit feedback from the community concerning features, bugs, and suggestions for everything from desktop wallpaper to file system optimization. Immediately after the Shmoocon talk, all of the members of the group happily fielded questions and comments from audience members that included many suggestions that we intend to incorporate quickly. This type of candid environment is one of the many traits that make Open Source a success and it’s what we need in order to keep Anonym.OS growing and on a positive track.

The “China Problem”
Some have asked how we intend to deal with the “China Problem,” which could be rephrased as, “What can Anonym.OS do to protect a user against a monitoring party who owns the entire network that the user is using?” Ultimately, this comes down to the ability of the user to utilize covert channels for escaping the network and reaching tor servers. If the party controlling the network is serious enough about its desires and goals in censoring its users, nothing can stop them from implementing a white-list only policy, effectively blocking all tor traffic as well as access to proxies and other tools used for evading filtering.

With those concerns in mind, kaos.theory will be working towards and automated egress filtering evasion script for use in conjunction with Anonym.OS. In terms of the “China Problem,” this may not offer much as it will most likely require a “trusted friend” on the outside of the hostile network. In terms of a restrictive corporate network, this could be a viable solution. Again, however, these “covert channels” will likely lead to a ridiculous number of anomalous packets coming from a system (who really makes 25,000 DNS requests in an hour, anyway?) and thus are not a bullet-proof solution.

This is a staggering issue, and it’s not one that’s answerable entirely by technology. If a country or company chooses to restrict access for its users, and the entity is really serious in terms of throwing resources at the problem, there’s not a lot we can do from the client-side.

The Naysayers
There have been two strains of objection to the project, one classical and the other uninformed. The former line of argument goes that we’re simply enabling criminals to hide their illegal activities and, as such, Anonym.OS is a tool for evil. This is best answered by the tor FAQ:

Criminals can already do bad things. Since they’re willing to break laws, they already have lots of options available that provide better privacy than Tor provides. They can steal cell phones, use them, and throw them in a ditch; they can crack into computers in Korea or Brazil and use them to launch abusive activities; they can use spyware, viruses, and other techniques to take control of literally millions of Windows machines around the world.

Tor aims to provide protection for ordinary people who want to follow the law. Only criminals have privacy right now; we need to fix that.

Some advocates of anonymity explain that it’s just a trade off - accepting the bad uses for the good ones - but we don’t think that’s how it works in the case of Tor. Criminals and other bad people have the motivation to learn how to get good anonymity, and many have the motivation to pay well to achieve it. Being able to steal and reuse the identities of innocent victims (identify theft) makes it even easier. Normal people, on the other hand, don’t typically have the time or money to spend figuring out how to get privacy online. This is the worst of all possible worlds.

So yes, criminals could in theory use Tor, but they already have better options, and it seems unlikely that taking Tor away from the world will stop them from doing their bad things. At the same time, Tor and other privacy measures can fight identity theft, physical crimes like stalking, and so on.

The second line of objection is best seen in quote from David Del Torto in the Wired News article that originally broke the Anonym.OS story:

“My instincts tell me that it’s a very small number of people (that can use Anonym.OS). You can’t really solve this problem by simplifying the interface. It’s almost impossible to anticipate everything a user can do to hurt themselves.”

Mr. Del Torto had not seen Anonym.OS (or even a screenshot) when making the statement. While it’s true that even if you boot up Anonym.OS, you can still surf over to evil-awful-spammers.com and fill in your complete contact information, social security number, credit cards, and DNA, at least no one on your local network would know you were doing it and if you Googled for it first, your search logs wouldn’t be tied to you. Hell, even the evil, awful spammers wouldn’t know your real IP address (unless you opened a console, ran an ifconfig, and told them that, too). Granted, this example is pure hyperbole, but for standard surfing and communicating, we think our Shmoo release of Anonym.OS hits the mark for a pre-1.0, anonymizing and encrypting, secure live CD. Please, feel free to disagree with us; but do it in the form of a bug report, feature request, or testing results.

13 Responses to “kaos.theory Responds”

  1. Lars Says:

    Does not boot under Virtual PC 2004. Mouunting the iso file. host os windows xp.
    anything I can do to debug it?

  2. Administrator Says:

    Hmm…very interesting. I’m using Virtual PC 7 and it works well, might be a virtualized hardware issue? By “doesn’t boot,” what do you mean, specifically? How far does it get in the boot process, does it produce errors, can you see anything on screen, etc?

  3. Student Says:

    Awesome program! I don’t use it for privacy, I use it for the security.
    Won’t work on my Dell 4600, CD-ROM drive times out (IDE). Tried BIOS settings. Works on my HP just fine.

  4. Mikael Says:

    Great stuff! Makes me feel much better about surfing/icq on WLAN! Don’t have to worry about anyone intercepting my conversations on the radio waves.

  5. Andrew Says:

    Lars, did you get your image from Sourceforge? I got one from there and it seemed to be a bad/corrupt .iso file. I tried to burn it twice before I figured this out. I got the one from bittorrent and this works fine. If you have winrar, try opening the .iso file and se if it gives you something. If not, you got a corrupt one.

    And is there a place to add suggestions? I’d kinda like a hdd installer.

  6. Andrew Says:

    Lars, see if the .iso file is corrupt. One I got from sourceforge was bad, but when I got one from bittorrent, everything worked out fine.

    Also, is there a place to add suggested features? I’d love a way to do a hdd install.

  7. ls Says:

    Where’s the MD5/SHA? Maybe I’ve missed it somewhere.

  8. tor Says:

    Downloaded the .iso from Sourceforge, and burnt CD. Booted and opted for the Windows. Didn’t go any further. Errors 29 and 35. How do I go further?

  9. doesnt boot Says:

    I DLed the torrent. The md5 sums match. tried nero error 5 no label name tried kd3 same error,tried gnome baker, same error #5 no label.

    I am going to quit wasting my time. I am now using a working Linux live cd PclinuxOS with tor, privoxy, and Seamonkey.

  10. Anon Says:

    Does the Shmoo release include TOR with encryption or is it just using standard proxies to hide my IP.

    Sorry if this sounds stupid, I’m pretty new to this stuff. Cheers AXxXX

  11. doesn't boot2 Says:

    Exactly the same problem as doesn’t boot.

  12. Dre Says:

    I donwlaod l the Anonym.os and burnt it successfully but it doesn’t seem to recognise my Atheros AR5005g card in my Toshiba Laptop . I am from a Linux back ground but having trouble trying to get to grips with the wireless configuration. Is there any documentation on howto set this up under Anonym.os ?


    Dre :)

  13. JohanWigglebottom Says:

    Is there no way to currently burn the iso to a usb drive, if the computer you are using, youd need to set to boot from usb is possible, what keeps this from being possible? I mean, what has to be done to make anonym.os usb drive bootable?

    Also, do internet cafe computers and libraries usually block bios adjustment? Is there a simple bypass around bios passwords if so, I suppose then they do have floppy or cd drive at least set to boot before harddrive. Could a floppy boot disk redirect to a usb drive or Cd if they have disabled cd room booting?

    Thank you in advance, please forgive my lack of understanding regarding these questions.

Leave a Reply