You wrote: “any publicly open source “Anonymity / Privacy” app… would be examined on each release by interested parties for security flaws they could exploit”

Definitely true, but not always bad. We want people scrutinizing every flaw in any open source program -especially those seeking to heighten privacy/anonymity. It is the “good guys” who do this, IOW, not those wishing to exploit the flaws, but report them, to aid in code refinement. “Bug reporting” is what makes open source more proactive, quicker to repair flaws, therefore far safer than any MicroSlop products. At a time when MS has pink-slipped thousands, even entire divisions (like FlightSim), the risks of using their products increase exponentially due both to declining QC staff -and increasing malware “pools”. This is because “cost cutting” is leaving many disgruntled ex-employees “loose” with angry agendas -and the core codes to the MS apps they worked upon. Their tendency toward retribution will make far more deadly “insider” malware possible against MS users. Yet, in this time of economic crisis, the open source community is still growing, in some ways, exponentially with lay-offs. We have millions of RD/security/quality control experts, where MS has only a few thousand (declining). 5000 laid off in 2008 (even before the bust) and 7000 just these few days of 2009. Bad situation -for the “OS-challenged”.

OTOH, open source, while it is also subject to those who seek to exploit its flaws, has far less of this than MS does, since it is widely known open source is far more secure thus much more difficult to exploit. Regardless, every flaw that has been exploited shows up in forums, and with so many more “committed” staff, open source is patched in hours or a few days, instead of MS’ weeks/months.

I am grateful when someone finds a flaw in my work, whether they report it -or use it to less honorable ends. At least I get feedback and can fix the work, either way. But it is the “silent” adversary, that never publicly exploits software, merely finds the flaw -and covertly uses it to stalk, collect data, intrude in good people’s lives -those are the ones we never know about. Their “forum” is entirely “in-house”, never shared outside. They do not want us to seal the leaks. And as I mentioned, at least twice that I know of (meaning likely hundreds of times), an agency has “amended a product” in order to add leaks -for their own use.

You wrote: ” it would be correct to assume you do your own “code review” or at least make sure that you have the correct hashes for anything like Firefox / Tor to be sure that the resulting product is “clean”. I would be interested in whether you would immediately distrust any assemblage of software made publicly available”.

Correctimundo -exact. I always check apps/code obtained from any FTP server. If it does not have source code released to facilitate that, I won’t use it. But over the years, I have acquired a lot of colleagues who are well placed. Most of my Mozilla-ware comes directly from the “source”, and in an otherwise anonymous chat session, not a public “warehouse”. That saves me a lot of time. Also, in the case of FireFox, it is such an incredibly honorable org, that I have never heard of any “insider” sabotage. I trust the overall “intent”. The only weaknesses they have are the dichotomy/paradox of wanting to provide a “secure” browser, as well as one that has full “multimedia” capacity. The Mozilla obsession with Java/MacroMedia/Flash compatibility is an unfortunate necessity for a mainstream browser. But plug-ins like “FlashBlock” and “NoScript” can plug those holes perfectly, if you use them in absolute “zero-tolerance for strangers” defaults. OTOH, antique archives I still use once in a while, like Lynx or NCSA’s Mosaic still work fine on any benign website, except the ones that “require” Java or “Flash”. The “low graphics” version of BBC still comes in beautifully, with Mosaic.

http//:news.bbc.co.uk/2/low.html

best regards

Many thanks for your interesting comments. That certainly is interesting if Anonym.OS went on to become XBMachine, there are possibly good reasons from an author’s perspective not to link the latter to the former, but people are usually proud of their previous work if they’re going on to commercialise it in a new form…

From my relatively layman’s perspective, I completely agree with you on the premise that “Logically, commercial products are incompatible with “security””. Personally, I was primarily interested in XBMachine as an entry point into the public Tor network with those things such as suppressing java/script and flash (or other potential “leakage”) that you mention taken care of for ease of use and low barrier to entry, given the age of Anonym.OS

My own interests are academic (in the sense that I wrote my dissertation on the subject and immensely enjoyed reading the various background material) and more lean to the goal of preserving general user privacy (which I admit is rather paradoxical given that most general users aren’t much interested) than geared towards the theory of avoiding State Level adversaries (which I know that some of these anonymity projects at least like to think on the level of). I would personally think that if your adversary is state level and thus concievably has a very high level from which they are able to observe, you’d be better off staying a long way from modern communication networks, something I’d be interested on your opinion of seeing as you seem to be a producer of custom tools / collections of tools for use on these. I realise that much of the current legislation being proposed in various places around Internet traffic means that “general privacy” and “state level adversary” are probably going to start rubbing up alongside one another more obviously however…

Your last point, taken at face value, is most interesting. I logically assumed when writing my disertation a few years back now that any publicly open source “Anonymity / Privacy” app (Tor, I2P etc etc) would be examined on each release by interested parties for security flaws they could exploit, the idea that this goes a step further and that the binary downloads are in some cases replaced including back doors takes things to an even more interesting level.

For the benefit of anyone reading therefore, I take it that it would be correct to assume you do your own “code review” or at least make sure that you have the correct hashes for anything like Firefox / Tor to be sure that the resulting product is “clean”. I would be interested in whether you would immediately distrust any assemblage of software made publicly available (even if open source and well reviewed) following a similar goal as your own product purely for the amount of attention this would attract to itself, as this does seem to be the point you are making and a generally depressing one for those interested in Internet Privacy.

Later, the SAME person ordered a set of icons for a package named xB Machine.

Therefore, it is reasonable to presume the mystery you ponder may be “solved”…

The reason Anonym.OS has become “ultimately anonymous” (disappeared) is because it has NOW become “xB Machine”

Since I have not named the customer, and cautioned I cannot be sure of his connection to XeroBank beyond circumstantial deduction, it is fair to toss my opinions around on that product.

Personally, the commercial aspect of xB is bothersome for me.

Logically, commercial products are incompatible with “security” (although I note “my own means-to-exceptions”, below).

The initial phase of 2.0.0.6 “xB Browser” start up is (besides generating a secure proxy connection) essentially an “advertisement” for “additional services” available at their website (for a fee). This ad did not exist in the initial release. Thus money issues have crept into the browser… and as I noticed in the first xB Machine release I tried, so too have money issues infiltrated that package.,

Since I am not only a 2D/3D designer, but also design software for open source projects, and an active CTO in an IT security company, I am aware of security issues. To bill/verify payments, it is a necessity , either by java/scripting or direct serial number/authorization, to maintain an “active” database of “authorized subscribers”. The mere fact that xB Machine maintains an “active” database of “subscribers” makes xBmachine “insecure”. How? There cannot be genuine “anonymity” if a user ID of any kind, is negotiated through the internet (whether by a “secure connection” -or not). This is true because whatever method of encryption is utilized, it leaves an “IP trail” between that database and subscribers. Regardless of whether or not that content is (hopefully) secure (by WEP, WAP, WAP-2, 128-bit/512 encryption, etc.) through initial wireless (pure naivete/stupidity to believe in that) or ISP logs on user’s initial hardwire ether, there is at least ONE direct connection between the user’s initial entry point -and xB’s website/servers. This connection, however brief, is “backward-traceable”. And worse, the database itself must be cross-referenced, “live”, on xB servers, so that database itself can be pilfered by most professional hackers. Therefore, any government, agency, or malicious hacker that might be stalking a particular user -or (more innocuously) seeking ANY user attempting to obtain an “anonymous” connection, will ultimately be able to identify any user by the direct connection required to authorize “elite services” that require payment. Additionally, by the database itself, those users (at least the payment method’s account ID data) will be identifiable to those determined to access/steal the database. In summary, the whole system is flawed -by its economic pursuits.

Personally, I have used a variety of USB-stick based minimal UNIX operating systems (and/or as now), Micro SD card OS, which can be EATEN to preserve contents (since they are waterproof/intestine-proof). On this I install FireFox with flash and java suppressors (absolutely insecure) and standard Tor utils, and script the cache for complete “zero-write” after every close (FireFox’s option to “delete cache after close” does not do this).

All of these features, cumulatively accomplish the same thing xB machine “claims to accomplish -but cannot.”.

Initially, on these systems I used the single xBbrowser, but no longer trust that, since it is not genuinely open source. If I cannot (easily) see what it does (ahem, without cracking its code) then I simply cannot trust it. Nor/Tor, should thee!

It can be presumed that some substantial portion of anyone seeking “anonymous” internet access are criminals, terrorists or child molesters (vile scumbags I love to betray). But the vast majority of users are good people who are (like me), enraged at government/MS and malware intrusions on privacy -or pure censorship. I never compromise on my clients’ security (except the ones I mentioned above, who I would betray without hesitation) -nor my own security. Therefore, I would never use xB Machine -or any other “XeroBank” product. To do so is more than naive, it is absurd.

My clients pay up front to get their hardware device (card/stick) with everything pre-installed. Then they enter their own password at first boot, and it is theirs and only theirs, thereafter, since it has a false directory and zeros that out upon detecting intrusion/and/or 5th password failure. The point is, their card “never calls home” or verifies/authorizes anything with me thereafter. It foils attempted “cloning” or “backup” because its directory is hidden past the initial boot phase, so I never have to worry about clients stealing/duplicating my work -or anyone reading clients’ files “bit by bit” via recovery tools, to defeat the user;’s password. Thus, everyone is protected.

This is not an ad, I am not revealing my product -nor how to obtain it. That too, would attract unwelcome “attention” and thus betray my clients/purpose. If someone gave me a free “ad” for this service, I would immediately abandon all my related websites, to protect my “product” -and my clients from that attention.

This is intended merely to caution those who seek “anonymity” via “commercial products”. Governments and their malignant agencies do not WANT you to have “anonymity”. They want you on camera, they want your fingerprints, retina patterns, DNA… They want to stick a “data-proctoscope” up your “anal I/O port” and collect everything about you. Every day, they find new ways to obtain this data (Clipper Chips, Echelon, Carnivore, etc.), and yet so far, fail to effectively use it on any genuine “threat” to human security (like Osama).

The obvious conclusion is that announcing your product offers that, and revealing where that product is “based” -or worse, downloaded/interfaced-for-fee, makes the product’s effectiveness doubtful, if not “impossible” (much as I hate that word).

This is the paradox of that which your topic seeks. “When you find it easily” it is unlikely to be effective! Because all the “bad guys” know about it, and start watching the traffic and analyzing the product -for means to defeat it. Sad, but true. For example, I was drafted, and by curious coincidence, worked in ArpaNet. Many of my former colleagues (who stayed in military or GS service) tell me that the first xBbrowser site was monitored by NSA, and those who sought to download the file were actually downloading a NSA-modified file, that gave the NSA the “back door keys” to every installation. Unfortunately, our true “enemy” is often BOTH the agencies designed to “protect us”, as well as those who seek to harm us!

best regards to all,
“DanaSaur”