I use encrypted chats, Tor, VPNs and other anonymity software. I do not consider myself to be a bad person, an online predator, or a cybercriminal. I also deeply detest surveillance (in all forms).
Yes, I am one of those people who takes the time to avoid red-light cameras altogether, or if I absolutely have to drive the route where these spy gadgets exist, pull a grab-anything-in-the-Jeep-deal while I erect a physical barrier between them and me. It is not unusual to see me toss up some cloth shopping bags and a sun visor as I glare back at these cunning devices while peeking “hole-and-corner” around the framework of my sloppily crafted makeshift barrier.
In my world, I’m using a symbolic middle finger via these makeshift barriers that lie between us. Such immature reactions never erase the cold reality of their existence; it just makes me feel “something other” than genuflecting beneath scripted acceptance.
I’m aware that I might look like an oddity to every driver nearby. They might even cop a few “tee-hees.” Regardless of the giggle-factor involving these surveillance-rage animations, I sincerely feel rage with any form of surveillance that enters my world.
Honestly, we should all be enraged. Our world (your world and mine) has become weighed down and is seeping full of inauspicious hardware, software, programs and entities that desire to control us. These restraints consistently taunt us, forcing us to look over our shoulders in trepidation. It makes them powerful and us subservient. It’s like graffiti on a wall, though it eventually gets painted over, in reality, it’s still there.
Remember the short-lived brouhaha from last summer when it was discovered that the FBI was operating a small air force to spy on us? This was when U.S. government officials confirmed the wide-scale use of aircraft, which the AP traced to 13 fake companies.
Business Insider said, “Some of the aircraft can also be equipped with technology that can identify thousands of people below through the cellphones they carry, even if they’re not making a call or in public.” As was expected, U.S. officials downplayed mass surveillance of U.S. citizens as “rare.”
Surveillance Is Omnipresent
It’s in the air, on the Internet, at our banks, in our smartphones, in grocery stores, at the mall, in public transportation, consistently watching us with surveillance cameras, in our vehicles, in our homes, and inside our smart TVs and smart fridges. Surveillance is ubiquitous, and it is not going to go away.
Surveillance is still graffiti on a virtual wall, and it does not matter how many times they paint over it with (cough) trustworthy handshakes, sealed assurances and lipstick-lies. We know the difference between graffiti and Picasso’s Nude, Green Leaves and Bust.
So, you think you are safe from this bloody surveillance state if you fire up a good VPN and turn on Tor? Think again…
Today I want to hone in on how using anonymous software (Tor, VPN) can place your personal identity into a virtual frying pan. It’s not always the bad guys who use anonymity software—activists, business owners, governments, journalists, parents, children, friends, neighbors, whistleblowers, and those who need to circumvent censorship, use anonymous software, too.
We use it to hide our internet activities from nosy ISPs who might report our sensitive search queries to the government or sell our browsing records to marketers. We use it to protect our children from nasty online predators and to surf anonymously without those bloody ads sticking it to us every time we go online. Too many of us are getting weary of having everything in our lives recorded, analyzed, filed, correlated, and shared to the point they know far more about us than we know about ourselves.
A few months back, core TOR developer Isis Agora Lovecruft wrote a chilling blog post regarding the FBI’s insistence on holding a physical meet-up while explicitly indicating that her attorney could not be present. It would be a pleasant thought if they were only requesting a physical meet-up, so that the NSA could not listen in, but I seriously doubt this is how that three-letter agency acronym rolls.
Perhaps it is flavored with exotic spices such as collaboration on building a backdoor, exit node trivia, or a trumped up subpoena. For whatever reason the FBI felt it necessary to meet with Lovecruft, it’s an uncomfortable feeling when it involves anonymity software and the physical presence of a core Tor developer.
Then there are the VPN’s that are still fortunate enough to be able to deliver a canary. Early in June, VPN service Proxy.sh removed France Node 8 [220.127.116.11] from it’s warrant canary. What about the VPN’s that can’t or won’t deliver a canary?
NITs Are In
The Darknet can be a dangerous place to visit even if you are well-clued on how to protect your anonymity. Even if you go to great lengths to protect your personal identity, there is no guarantee that your identity will never be exposed. The FBI recently proved that anonymity is ephemeral when they busted the Darknet child pornography site Playpen, which had more than 215,000 users.
In this particular instance, the FBI covertly seized the Playpen child porn site and deployed a network investigative technique (NIT) hacking tool that was able to gather each computer’s IP address with date and time of visit along with a unique identifier generated by NIT, including the operating system (OS), OS version, architecture, host name, OS username, and MAC address.
Motherboard further clarifies the role that NITs have played over time:
“NITs come in all sorts of different forms, and have been used since at least 2002. Malware has been delivered to bomb threat suspects via phishing emails, and the FBI has also taken over hosting services and surreptitiously exploited a known bug in Firefox to identify users connecting with the Tor Browser Bundle.”
So, What’s The Deal?
Back in 2013, Snowden said: “I don’t want to live in a world where everything that I say, everything I do, everyone I talk to, every expression of creativity or love or friendship is recorded.”
If we dispute what is currently going down in America today, our names may already be on a classified “watch” list—making us the enemy. Is this really where we want to be?
About the Author: Bev Robb is the security-technology editor at Fortscale.Bev has a BS in sociology and is a sporadic blogger at her Teksecurity blog. She can be found on Twitter and LinkedIn.
Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.