First of all, I’d like to take a moment to express, on behalf of kaos.theory, how excited and flattered we are by all of the attention that we and Anonym.OS have received. We always thought we were working on a cool project, but we really underestimated the overwhelming response that we’ve had. Scores of terabyte upon terrabytes of data have flowed and the hit counters keep on ticking. It appears that privacy is as big of a concern for a large segment of the population as it is for us.
That being said, there have been a few comments made and viewpoints published that we would like to address while we have the bully pulpit provided by the good folks at digg, Slashdot, Reddit, Wired News, and Ars Technica, among others.
In the article written and posted at Wired News, Ethan Zuckerman makes the excellent point that rebooting really isn’t an option for many living in oppressive, hostile regimes. Additionally, Mr. Zuckerman suggests the use of a bootable / emulated Anonym.OS environment available from a removable, USB key chain device. This is a feature that we have already incorporated into our road map and that we hope to release very soon.
For now, we need as many people as can reboot or run a session in VMWare / Virtual PC / QEMU to please please please test our release. We’re not at 1.0 yet, contrary to some postings and articles. Our hope with this release is to solicit feedback from the community concerning features, bugs, and suggestions for everything from desktop wallpaper to file system optimization. Immediately after the Shmoocon talk, all of the members of the group happily fielded questions and comments from audience members that included many suggestions that we intend to incorporate quickly. This type of candid environment is one of the many traits that make Open Source a success and it’s what we need in order to keep Anonym.OS growing and on a positive track.
The “China Problem”
Some have asked how we intend to deal with the “China Problem,” which could be rephrased as, “What can Anonym.OS do to protect a user against a monitoring party who owns the entire network that the user is using?” Ultimately, this comes down to the ability of the user to utilize covert channels for escaping the network and reaching tor servers. If the party controlling the network is serious enough about its desires and goals in censoring its users, nothing can stop them from implementing a white-list only policy, effectively blocking all tor traffic as well as access to proxies and other tools used for evading filtering.
With those concerns in mind, kaos.theory will be working towards and automated egress filtering evasion script for use in conjunction with Anonym.OS. In terms of the “China Problem,” this may not offer much as it will most likely require a “trusted friend” on the outside of the hostile network. In terms of a restrictive corporate network, this could be a viable solution. Again, however, these “covert channels” will likely lead to a ridiculous number of anomalous packets coming from a system (who really makes 25,000 DNS requests in an hour, anyway?) and thus are not a bullet-proof solution.
This is a staggering issue, and it’s not one that’s answerable entirely by technology. If a country or company chooses to restrict access for its users, and the entity is really serious in terms of throwing resources at the problem, there’s not a lot we can do from the client-side.
There have been two strains of objection to the project, one classical and the other uninformed. The former line of argument goes that we’re simply enabling criminals to hide their illegal activities and, as such, Anonym.OS is a tool for evil. This is best answered by the tor FAQ:
Criminals can already do bad things. Since they’re willing to break laws, they already have lots of options available that provide better privacy than Tor provides. They can steal cell phones, use them, and throw them in a ditch; they can crack into computers in Korea or Brazil and use them to launch abusive activities; they can use spyware, viruses, and other techniques to take control of literally millions of Windows machines around the world.
Tor aims to provide protection for ordinary people who want to follow the law. Only criminals have privacy right now; we need to fix that.
Some advocates of anonymity explain that it’s just a trade off - accepting the bad uses for the good ones - but we don’t think that’s how it works in the case of Tor. Criminals and other bad people have the motivation to learn how to get good anonymity, and many have the motivation to pay well to achieve it. Being able to steal and reuse the identities of innocent victims (identify theft) makes it even easier. Normal people, on the other hand, don’t typically have the time or money to spend figuring out how to get privacy online. This is the worst of all possible worlds.
So yes, criminals could in theory use Tor, but they already have better options, and it seems unlikely that taking Tor away from the world will stop them from doing their bad things. At the same time, Tor and other privacy measures can fight identity theft, physical crimes like stalking, and so on.
The second line of objection is best seen in quote from David Del Torto in the Wired News article that originally broke the Anonym.OS story:
“My instincts tell me that it’s a very small number of people (that can use Anonym.OS). You can’t really solve this problem by simplifying the interface. It’s almost impossible to anticipate everything a user can do to hurt themselves.”
Mr. Del Torto had not seen Anonym.OS (or even a screenshot) when making the statement. While it’s true that even if you boot up Anonym.OS, you can still surf over to evil-awful-spammers.com and fill in your complete contact information, social security number, credit cards, and DNA, at least no one on your local network would know you were doing it and if you Googled for it first, your search logs wouldn’t be tied to you. Hell, even the evil, awful spammers wouldn’t know your real IP address (unless you opened a console, ran an ifconfig, and told them that, too). Granted, this example is pure hyperbole, but for standard surfing and communicating, we think our Shmoo release of Anonym.OS hits the mark for a pre-1.0, anonymizing and encrypting, secure live CD. Please, feel free to disagree with us; but do it in the form of a bug report, feature request, or testing results.