protecting your privacy with freebsd and tor
play

Protecting your Privacy with FreeBSD and Tor Christian Brffer - PowerPoint PPT Presentation

Oct 05, 2023 •113 likes •465 views

Protecting your Privacy with FreeBSD and Tor Christian Brffer brueffer@FreeBSD.org MeetBSD Warsaw, Poland November 18, 2007 Overview Who needs anonymity anyway? Anonymization concepts T or FreeBSD What else to take

  1. Protecting your Privacy with FreeBSD and Tor Christian Brüffer brueffer@FreeBSD.org MeetBSD – Warsaw, Poland November 18, 2007

  2. Overview ● Who needs anonymity anyway? ● Anonymization concepts ● T or ● FreeBSD ● What else to take care of? ● Demonstration ● Summary MeetBSD 2007 2

  3. Overview ● Who needs anonymity anyway? ● Anonymization concepts ● T or ● FreeBSD ● What else to take of? ● Demonstration ● Summary MeetBSD 2007 3

  4. Who needs anonymity anyway? ● Journalists ● Informants, whistleblowers ● Dissidents (China, Myanmar...) ● Socially sensitive information (abuse, AIDS) ● Law enforcement (anonymous crime reporting, tips, surveillance...) ● Companies (research competition...) ● Military (covert operations...) MeetBSD 2007 4

  5. Who needs anonymity anyway? ● You? – EU data retention directive ● connection data gets stored for 6 – 24 months ● phone, SMS, IP, e-mail, dial-in data ● (finally we'll be safe from all those terrorists!) – which interests do you have? – who do you talk to? MeetBSD 2007 5

  6. Who needs anonymity anyway? ● Criminals – already do illegal stuff – no problem doing more illegal stuff to get anonymity ● identity theft ● renting bot-nets ● creating bot-nets ● cracking one of the thousands of insecure computers in the net MeetBSD 2007 6

  7. Who needs anonymity anyway? ● Very different groups ● All with the same goal anonymity needs diversity MeetBSD 2007 7

  8. Overview ● Who needs anonymity anyway? ● Anonymization concepts ● T or ● FreeBSD ● What else to take care of? ● Demonstration ● Summary MeetBSD 2007 8

  9. Anonymization concepts ● Proxy (Source: http://www.at-mix.de ) MeetBSD 2007 9

  10. Anonymization concepts ● Proxy – fast – simple – single point of failure MeetBSD 2007 10

  11. Anonymization concepts ● Mix (Source: http://www.tm.uka.de/itm ) MeetBSD 2007 11

  12. Anonymization concepts ● Mix cascade (Source: http://sarwiki.informatik.hu-berlin.de ) MeetBSD 2007 12

  13. Anonymization concepts ● MIX cascade – slow ● public key encryption ● mixing – distributed trust – one MIX secure connection anonymous MeetBSD 2007 13

  14. Overview ● Who needs anonymity anyway? ● Anonymization concepts ● Tor ● FreeBSD ● What else to take care of? ● Demonstration ● Summary MeetBSD 2007 14

  15. T or ● The Onion Router ● Open source, BSD license ● TCP-overlay network ● Provides SOCKS interface ● Available on many platforms: – Windows, Linux, MacOS X – FreeBSD, OpenBSD, NetBSD – Solaris, other UNIX systems MeetBSD 2007 15

  16. T or ● Aims to combine positive attributes of proxies and mixes – speed (fast) ● session keys ● TCP multiplexing – distributed trust ● Design goals: deployability, usability, flexibility, simplicity MeetBSD 2007 16

  17. T or (Source: http://www.torproject.org ) MeetBSD 2007 17

  18. T or (Source: http://www.torproject.org ) MeetBSD 2007 18

  19. T or (Source: http://www.torproject.org ) MeetBSD 2007 19

  20. T or ● Exit policies (for nodes) – control which TCP connections can exit your node – default policy blocks SMTP, NNTP and some others – allows the rest (HTTP, SSH...) – reject everything: middleman- or entry-node MeetBSD 2007 20

  21. T or ● Hidden Services – Services with no published IP address – Cannot be physically found – Can be provided anywhere connection to T or network is possible – Resist Denial of Service – Resist censorship – Addresses: duskgytldkxiuqc6.onion MeetBSD 2007 21

  22. T or (Source: http://www.torproject.org ) MeetBSD 2007 22

  23. T or (Source: http://www.torproject.org ) MeetBSD 2007 23

  24. T or ● Legal issues – may be forbidden in some countries – crypto restrictions (Great Britain, “RIPA”) – special laws (Germany, “hacker paragraph”) – destination servers have Exit-Node IP in their logs ● node operator has to answer if there is trouble ● server may get ceized (happened before) ● ... MeetBSD 2007 24

  25. Overview ● Who needs anonymity anyway? ● Anonymization concepts ● T or ● FreeBSD ● What else to take care of? ● Demonstration ● Summary MeetBSD 2007 25

  26. FreeBSD ● Well suited for T or (node) operation ● Operational security – Jails (jail(8)) – Disk/swap encryption (geli(8), gbde(4)) – audit(4) – mac(4) framework ● Hardware crypto(4) acceleration ● Well maintained T or-related ports MeetBSD 2007 26

  27. FreeBSD ● Important ports – security/tor – security/tor-devel – www/privoxy – net-mgmt/vidalia – security/trans-proxy-tor MeetBSD 2007 27

  28. Overview ● Who needs anonymity anyway? ● Anonymization concepts ● T or ● FreeBSD ● What else to take care of? ● Demonstration ● Summary MeetBSD 2007 28

  29. What else to take care of? ● Name resolution – Some applications bypass configured proxy (hi Firefox < version 1.5!) ● Cookies, web-bugs, referrer – Disable cookies/referrer or better use Privoxy ● Connection Exit-Node <-> Destination – Not encrypted! Use secure protocols ● Services that require registration – T or cannot help you there MeetBSD 2007 29

  30. Overview ● Who needs anonymity anyway? ● Anonymization concepts ● T or ● FreeBSD ● What else to take care of? ● Demonstration ● Summary MeetBSD 2007 30

  31. Overview ● Who needs anonymity anyway? ● Anonymization concepts ● T or ● FreeBSD ● What else to take care of? ● Demonstration ● Summary MeetBSD 2007 31

  32. Summary ● T or useful for stealthy net usage ● Can be used to provide resilient services ● FreeBSD a very good choice as a platform All this very much needed in light of recent laws etc T or website: http://www.torproject.org MeetBSD 2007 32

  33. Questions? MeetBSD 2007 33

  34. Thank you for your attention! MeetBSD 2007 34

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

FreeBSD is not Linux Niclas Zeising zeising@FreeBSD.org what is FreeBSD what is FreeBSD

FreeBSD is not Linux Niclas Zeising zeising@FreeBSD.org what is FreeBSD what is FreeBSD

FreeBSD is not Linux Niclas Zeising zeising@FreeBSD.org what is FreeBSD what is FreeBSD complete operating system documentation over 30 000 packages a community history history patches to v6 Unix ex/vi, pascal Berkely Software

715 views • 28 slides
Privacy, Economics, and Immediate Gratification: Why Protecting Privacy is Easy, But Selling It

Privacy, Economics, and Immediate Gratification: Why Protecting Privacy is Easy, But Selling It

Privacy, Economics, and Immediate Gratification: Why Protecting Privacy is Easy, But Selling It is Not Alessandro Acquisti Heinz School, Carnegie Mellon University PGuardian Technologies, Inc. acquisti@andrew.cmu.edu Why do we have great

1.13k views • 73 slides
Privacy &amp; Security Matters: Privacy &amp; Security Matters: Protecting Personal Data

Privacy &amp; Security Matters: Privacy &amp; Security Matters: Protecting Personal Data

Privacy &amp; Security Matters: Privacy &amp; Security Matters: Protecting Personal Data Protecting Personal Data Privacy &amp; Security Project HIPAA: What it is Health Insurance Portability and Accountability Act of 1996 Also known as

445 views • 26 slides
Protecting Privacy in Connected Learning Linnette Attai Project Director, CoSN Protecting

Protecting Privacy in Connected Learning Linnette Attai Project Director, CoSN Protecting

Protecting Privacy in Connected Learning Linnette Attai Project Director, CoSN Protecting Privacy in Connected Learning and Trusted Learning Environment Programs Transforming Education Through Visionary Technology Leadership About CoSN:

640 views • 49 slides
Tracking FreeBSD in a Commercial Environment Warner Losh imp@FreeBSD.org The FreeBSD Project

Tracking FreeBSD in a Commercial Environment Warner Losh imp@FreeBSD.org The FreeBSD Project

Tracking FreeBSD in a Commercial Environment Warner Losh imp@FreeBSD.org The FreeBSD Project BSDCan 2009 Ottawa, Canada 8 May 2009 Background and Context FreeBSD Development Model Product Life Cycle Tracking Options SVK Hints

801 views • 45 slides
Firewalls in FreeBSD and OpenBSD What is firewall? firewall is a method of protecting hosts

Firewalls in FreeBSD and OpenBSD What is firewall? firewall is a method of protecting hosts

Firewalls in FreeBSD and OpenBSD What is firewall? firewall is a method of protecting hosts and networks connected to other hosts and networks against attacks from the outside and from the inside. a firewall is a network security system

440 views • 30 slides
FreeBSD Around the World! Deb Goodkin Executive Director The FreeBSD Foundation @dgoodkin

FreeBSD Around the World! Deb Goodkin Executive Director The FreeBSD Foundation @dgoodkin

FreeBSD Around the World! Deb Goodkin Executive Director The FreeBSD Foundation @dgoodkin Goals - Share FreeBSDs long history - What is FreeBSD and Why People Use It - Why you should use and/or contribute to FreeBSD - FreeBSD Foundation

1.1k views • 34 slides
UCL for FreeBSD A universal config language for (almost) everything in FreeBSD Allan Jude --

UCL for FreeBSD A universal config language for (almost) everything in FreeBSD Allan Jude --

UCL for FreeBSD A universal config language for (almost) everything in FreeBSD Allan Jude -- ScaleEngine Inc. allanjude@freebsd.org twitter: @allanjude Introduction Allan Jude 13 Years as FreeBSD Server Admin FreeBSD docs committer

863 views • 31 slides
How to Bootstrap a BSD Conference Li-Wen Hsu &lt;lwhsu@FreeBSD.org&gt; Something about Me Li-Wen

How to Bootstrap a BSD Conference Li-Wen Hsu &lt;lwhsu@FreeBSD.org&gt; Something about Me Li-Wen

How to Bootstrap a BSD Conference Li-Wen Hsu &lt;lwhsu@FreeBSD.org&gt; Something about Me Li-Wen Hsu ( ) tw.FreeBSD.org admin FreeBSD ports comitter since 2007 CI.FreeBSD.org maintainer twn.FreeBSD.org site admin

576 views • 43 slides
Protecting Personally Identifiable Information (PII) Privacy Act Training for Housing Counselors

Protecting Personally Identifiable Information (PII) Privacy Act Training for Housing Counselors

Protecting Personally Identifiable Information (PII) Privacy Act Training for Housing Counselors Presented by the Office of Housing Counseling and The Office of the Chief Information Officer Privacy Program August 12, 2014 1 Protecting

590 views • 43 slides
#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy across hybrid IT Farshad Ghazi - Moderator Mat Spitz Lacy Gruen #MicroFocusCyberSummit Reiner Kappenberger Cloud-based Data Privacy and Protection:

453 views • 10 slides
Crypto Acceleration on FreeBSD Philip Paeps philip@FreeBSD.org The FreeBSD Project meetBSD 2008

Crypto Acceleration on FreeBSD Philip Paeps philip@FreeBSD.org The FreeBSD Project meetBSD 2008

Crypto Acceleration on FreeBSD Philip Paeps philip@FreeBSD.org The FreeBSD Project meetBSD 2008 Mountain View, CA, USA 16 November 2008 Cryptography in FreeBSD The opencrypto Framework Performance Measurements Future Directions

228 views • 20 slides
FreeBSD in the cloud FreeBSD &amp; ZFS VPS from a users perspective Saturday, May 14, 2011

FreeBSD in the cloud FreeBSD &amp; ZFS VPS from a users perspective Saturday, May 14, 2011

FreeBSD in the cloud FreeBSD &amp; ZFS VPS from a users perspective Saturday, May 14, 2011 Whos talking? Unix admin since 1987 FreeBSD user since 1.1.5.1 Committer, 1999-2003 KFU.COM - ISP 1993-2001 (or so), now personal domain.

593 views • 30 slides
Protecting the Privacy of Investors: An Overview of the Regulatory Framework &amp; Tips on

Protecting the Privacy of Investors: An Overview of the Regulatory Framework &amp; Tips on

Protecting the Privacy of Investors: An Overview of the Regulatory Framework &amp; Tips on Avoiding Threats May 28, 2015 Malcolm Townsend, IT Research Analyst Overview Background Trends Threat landscape Privacy regulatory

102 views • 8 slides
The Future of OpenZFS and FreeBSD EuroBSDCon 2019, Lillehammer, Norway allanjude@freebsd.org

The Future of OpenZFS and FreeBSD EuroBSDCon 2019, Lillehammer, Norway allanjude@freebsd.org

The Future of OpenZFS and FreeBSD EuroBSDCon 2019, Lillehammer, Norway allanjude@freebsd.org Summary &amp; Introductions Allan Jude Klara Inc. FreeBSD Core Team FreeBSD Professional OpenZFS Developer Services and Support Covered in this

864 views • 29 slides
Improving the FreeBSD Translation Tools Warren Block wblock@FreeBSD.org The Importance of

Improving the FreeBSD Translation Tools Warren Block wblock@FreeBSD.org The Importance of

Improving the FreeBSD Translation Tools Warren Block wblock@FreeBSD.org The Importance of Translation bring FreeBSD to non-English speakers translators are ambassadors enlarge the community: Metcalfe's Law The FreeBSD Documentation books

477 views • 21 slides
NCAA Rules Education University of Missouri System Board of Curators June 10, 2020 OPEN -

NCAA Rules Education University of Missouri System Board of Curators June 10, 2020 OPEN -

NCAA Rules Education University of Missouri System Board of Curators June 10, 2020 OPEN - ASARED - Info 1-2 Board of Curators Summary of Topics 1. Institutional Control 2. Recruiting &amp; Boosters A. Definitions B. Recruiting:

386 views • 13 slides
Academic conduct: truth in reporting and conflict of interest Konstantinos Ameranis and Dina

Academic conduct: truth in reporting and conflict of interest Konstantinos Ameranis and Dina

Academic conduct: truth in reporting and conflict of interest Konstantinos Ameranis and Dina Bashkirova Content Allocation of credit Plagiarism Conflict of interest Dishonesty in academic report Data privacy and use

214 views • 20 slides
Operating a g an Effect ctive He Health Car Care Com Complian ance P Progr ogram Brent

Operating a g an Effect ctive He Health Car Care Com Complian ance P Progr ogram Brent

Operating a g an Effect ctive He Health Car Care Com Complian ance P Progr ogram Brent Wilson Deputy Chief Compliance Officer University of Utah Health ISB Health Law Section February 5, 2020 Why C Compliance Ma Matters DOJ FCA

321 views • 14 slides
Medical Event Reporting and Impact on Medical Licensee Patient Safety Culture Vasken Dilsizian,

Medical Event Reporting and Impact on Medical Licensee Patient Safety Culture Vasken Dilsizian,

Medical Event Reporting and Impact on Medical Licensee Patient Safety Culture Vasken Dilsizian, MD ACMUI Nuclear Cardiologist March 8, 2018 ME Reporting ME reporting has not changed significantly for many years. The annual number of

421 views • 20 slides
Department of Pediatrics Faculty Meeting September 30, 2019 Policy and Community Engagement

Department of Pediatrics Faculty Meeting September 30, 2019 Policy and Community Engagement

Department of Pediatrics Faculty Meeting September 30, 2019 Policy and Community Engagement Update Lisa Chamberlain Educational Faculty and Staff Development Opportunities Becky Blankenburg Patient Privacy Training Sondra

731 views • 58 slides
PCARD SUPER POWERS TABLE OF CONTENTS Policy and Procedures Page 3 Registration Page 9

PCARD SUPER POWERS TABLE OF CONTENTS Policy and Procedures Page 3 Registration Page 9

PCARD SUPER POWERS TABLE OF CONTENTS Policy and Procedures Page 3 Registration Page 9 Reconciliation for Cardholders Page 21 Reconciliation for Approvers Page 44 Mobile App Reconciliation for Cardholders Page 53 Mobile

1.03k views • 75 slides
Outline 1. Background 2. Learning from incidents as well as accidents i. Why is it important?

Outline 1. Background 2. Learning from incidents as well as accidents i. Why is it important?

Safety reporting and learning Ola Holmberg Head, Radiation Protection of Patients Unit Radiation Safety and Monitoring Section Division of Radiation, Transport and Waste Safety International Atomic Energy Agency Vienna, Austria IAEA

992 views • 64 slides
Complementarity of information found in media reports Complementarity of information found in

Complementarity of information found in media reports Complementarity of information found in

Multilingual Web Workshop, Pisa, Italy, 4 April 2011 1 Complementarity of information found in media reports Complementarity of information found in media reports across different countries and languages Ralf Steinberger &amp; the JRCs

240 views • 20 slides

More recommend