Mostly Harmless

A couple of weeks ago I was wondering on what happened to Anonym.OS. After a little searching around I came across xB Machine.

Xerobank appear to be one of those “secure browsing for a fee” organisations offering browser plugins and networks in order to protect your privacy while on the web in exchange for a fee. xB Machine can operate over this commercial network or over the free to connect Tor Network.

There is however one very important difference, whilst Anonym.OS ran as a live CD, xB Machine is only currently available as a set of images that reside on your hard disk that must be run through VMWare or Qemu (I didn’t have the familiarity to get it going in the latter and precise instructions aren’t currently available on the site). In order to alleviate concerns about this, the user session takes place within an encrypted container and there is a “self destruct” routine which can supposedly wipe this. Full details however on how these two aspects operate do not currently appear to be available on the download page or support wiki entry.

Those wishing to try the software should beware of the fact that it is a development pre-release, that does not appear to be open sourced or have undergone peer review. That said, it is good to see a tool like this released freely, even if it is ultimately supported by the option to use commercial networks.

Rowan :: Jan.23.2008 :: Internet Anonymity, Security :: No Comments »

Roll your mind back to the beginning of 2006 and you might remember Anonym.OS the idea of which was that you could pop a CD into your coffee cup holder, reboot and have nice (relatively) secure and anonymous browsing via TOR in a nice locked down BSD session.  My mind is a little hazy on how it performed in detail, but I remember that in general it worked, which is more than can be said for a lot of security tool releases…

It is somewhat sad to see that the project doesn’t seem to have been maintained. Should a notification be posted to the sourceforge, freshmeat etc pages to say that the versions of software included have security issues? I’m not really qualified to say but I would generally expect something coming up for 2 years of age to have some security issues a user would wish to be aware of.

The developers of the disk kaos did publish a pdf on making a BSD live cd and a document on hardening an OS for secure internet activity, but I’d be interested in knowing if the reason the project hasn’t had further releases is simply time constraints or something more fundamental about the idea itself.

If anyone knows the status of the projects, or a worthy alternative, do drop a comment into the box below…

Rowan :: Dec.04.2007 :: Internet Anonymity :: 1 Comment »

Article on the BBC about search sites indexing information from social networking sites as well as the usual sources such as websites and newsgroups.

The interesting thing is that these sites don’t really change anything - yes they provide a “picture” of sorts of a person’s dalliances online that is accessible to the ordinary person but they don’t give you much more than a little fiddling with Google could have done.

In my case (and I have a pretty unique name) all you get is a rather fetching picture with a christmas hat from myspace that isn’t currently on this blog. So far so not very revenue generating for the site in question. A few scraped links to technical queries on online forums and mailing lists also aren’t very interesting to anyone, given that the email addresses and topics under discussion will be a few years old now.

What most people already knew to be true hasn’t changed - for piece of mind online just don’t use your real name. Given that I’ve got profiles across several social networking sites, this blog and quite a few domains in my name as well as profiles on numerous forums the level of information scraped by these sites is really pretty piss poor. Yes, these personal info aggregation sites do pose a major risk to those teens currently posting deeply personal stuff publicly over the web, but really that is the fault of the parents who let them have access to something unsupervised that they don’t really understand the implication of themselves.

If you do have a lot of information on a profile (such as facebook) including telephone numbers, address and birthday then that should really be a friends only page anyhow (don’t join a network) - unless you’re the type who writes your details in pub toilet stalls hoping for a “friend request”…

The sites also seem to suffer from the usual “common names” problem - they can tell me that Dan is a councillor in Eastbourne and was a governor at a local school but not one of them managed to link both of these pieces of information to the same name. One of the sites picks up my boss (who has a pretty unique name) but again simply by pulling a myspace entry which links you to one of the sites that she owns.

From the point of view of unique features, if the site is simply trawling other social networks and the web then it’s in danger of dying of irrelevance - myspace, facebook etc could easily partner with a search company if they wanted to trawl information from other sources for users to add to their profiles but most people don’t want that anyway - I have absolutely no interest in auto populating a profile of mine with out of date information or detail of online support requests to the MythTV project. Most people’s profiles are highly tweaked to a specific picture they want to provide at that moment.

I’m not saying that an upstart service couldn’t combine Google style search algorithm power and social networking into something massively wonderful / privacy threatening depending on your perspective but what I am saying is that the level of technical acumen and capital required to achieve such a thing makes it pretty unlikely. Pretty much the only thing these sites seem to do at the moment is provide an ever useful reminder to be careful what you attach your name to.

Rowan :: Aug.08.2007 :: Internet Anonymity, Personal Entries :: No Comments »