Anonymity on a Disk

dipdude

Forerunner
To many privacy geeks, it's the holy grail -- a totally anonymous and secure computer so easy to use you can hand it to your grandmother and send her off on her own to the local Starbucks.

That was the guiding principle for the members of kaos.theory security research when they set out to put a secure crypto-heavy operating systems on a bootable CD: a disk that would offer the masses the same level of privacy available to security professionals, but with an easy user interface.

"If Granny's into trannies, and doesn't want her grandkids to know, she should be able to download without fear," says Taylor Banks, project leader.

It's a difficult problem, entailing a great deal of attention to both security details and usability issues. The group finally unveiled their finished product at the Shmoo Con hacker conference here Saturday, with mixed results.

Titled Anonym.OS, the system is a type of disk called a "live CD" -- meaning it's a complete solution for using a computer without touching the hard drive. Developers say Anonym.OS is likely the first live CD based on the security-heavy OpenBSD operating system.

OpenBSD running in secure mode is relatively rare among desktop users. So to keep from standing out, Anonym.OS leaves a deceptive network fingerprint. In everything from the way it actively reports itself to other computers, to matters of technical minutia such as TCP packet length, the system is designed to look like Windows XP SP1. "We considered part of what makes a system anonymous is looking like what is most popular, so you blend in with the crowd," explains project developer Adam Bregenzer of Super Light Industry.

Booting the CD, you are presented with a text based wizard-style list of questions to answer, one at a time, with defaults that will work for most users. Within a few moments, a fairly naive user can be up and running and connected to an open Wi-Fi point, if one is available.

Once you're running, you have a broad range of anonymity-protecting applications at your disposal.

But actually using the system can be a slow experience. Anonym.OS makes extensive use of Tor, the onion routing network that relies on an array of servers passing encrypted traffic to permit untraceable surfing. Sadly, Tor has recently suffered from user-base growth far outpacing the number of servers available to those users -- at last count there were only 419 servers worldwide. So Tor lags badly at times of heavy use.

Between Tor's problems, and some nagging performance issues on the disk itself, Banks concedes that the CD is not yet ready for the wide audience he hopes to someday serve. "Is Grandma really going to be able to use it today? I don't know. If she already uses the internet, yes."

Experts also say Anonym.OS may not solve the internet's most pressing issues, such as the notorious China problem: repressive governments that monitor their population's net access, and censor or jail citizens who speak out against the government.

Ethan Zuckerman, fellow with Harvard's Berkman Center for Internet and Society, works extensively with international bloggers and journalists, many of whom live under constant threat from their own governments. He see Anonym.OS as a blessing for some -- but not for those at the greatest risk.

"I think it's going to be tremendously useful for fairly sophisticated users when they are traveling, but where it may not be as effective as people would hope is in counties where the government is really seriously about locking down the net, constraining internet access," Zuckerman says.

Because most people in the developing world use the internet from shared desktop environments, services for them have to consider office place and cyber cafe-based computer situations. "Rebooting isn't often an option," explains Zuckerman, who would like to see anonymity solutions move toward minimally invasive strategies like the TorPark, a USB key that allows access to a Tor enabled browser without rebooting, and private proxies matched up one by one with dissidents.

But kaos.theory members say Anonym.OS is just the first step in making anonymity widely available. Future versions, they say, may run on a USB keychain. Additionally, they plan to implement Enigmail to allow encrypted e-mail for Thunderbird and Gaim Off The Record, which allows users to use instant messaging without their logs being tied to them.

David Del Torto, chief security officer of the non-profit CryptoRights group, says projects like Anonym.OS are heading in the right direction, but thinks the project overreaches by trying to be useful to everyone. "Grandmas are not the ones that need this right now.... My instincts tell me that it's a very small number of people (that can use Anonym.OS). You can't really solve this problem by simplifying the interface. It's almost impossible to anticipate everything a user can do to hurt themselves."
 
Back
Top