Our technical paper Chip and PIN is Broken explains how. It has been causing quite a stir as it has circulated the banking industry privately for over 2 months, and it has been accepted for the IEEE Symposium on Security and Privacy, the top conference in computer security. (See also our FAQ and the press release.)

The flaw is that when you put a card into a terminal, a negotiation takes place about how the cardholder should be authenticated: using a PIN, using a signature or not at all. This particular subprotocol is not authenticated, so you can trick the card into thinking it’s doing a chip-and-signature transaction while the terminal thinks it’s chip-and-PIN. The upshot is that you can buy stuff using a stolen card and a PIN of 0000 (or anything you want). We did so, on camera, using various journalists’ cards. The transactions went through fine and the receipts say “Verified by PIN”.

It’s no surprise to us or bankers that this attack works offline (when the merchant cannot contact the bank) — in fact Steven blogged about it here last August.

But the real shocker is that it works online too: even when the bank authorisation system has all the transaction data sent back to it for verification. The reason why it works can be quite subtle and convoluted: bank authorisation systems are complex beasts, including cryptographic checks, account checks, database checks, and interfaces with fraud detection systems which might apply a points-scoring system to the output of all the above. In theory all the data you need to spot the wedge attack will be present, but in practice? And most of all, how can you spot it if you’re not even looking? The banks didn’t even realise they needed to check.

This attack is both academically and practically significant. We get reports weekly from different victims of phantom withdrawals, and these include large numbers of stolen cards used to make purchases in the window between theft and the cancellation of the card. Currently these victims are denied refunds by their banks, but this attack could explain some of the frauds we are seeing. The fact the receipt says “PIN Verified” when actually it wasn’t raises a whole load of legal and evidential questions which call into question the banking industry’s claim that their systems work (and log) properly. Merchants will be none too pleased either; the system no longer protects their interests but only those of the issuing bank.

There’s been some confusion, possibly even misinformation, about our attack and its effects. Cartes Bancaires in France were so concerned that they briefed the press way in advance of our plans for publication. We can set the record straight on a few things:

• the attack applies to cards used online (where the merchant POS contacts the bank) as well as offline;
• the attack works regardless of the amount of money spent (not just for small value amounts that are below floor limit);
• the attack doesn’t work once a card has been cancelled by the bank — just like stolen cards in the past can only be used for a certain window of time once the cardholder discovers the loss;
• the attack doesn’t work at ATMs (cash machines);
• the failure applies to bank card schemes based on EMV – the most widely deployed standard for smartcard payments. Older national smartcard schemes may or may not be vulnerable; we don’t know.

So what went wrong? In essence, there is a gaping hole in the specifications which together create the “Chip and PIN” system. These specs consist of the EMV protocol framework, the card scheme individual rules (Visa, MasterCard standards), the national payment association rules (UK Payments Association aka APACS, in the UK), and documents produced by each individual issuer describing their own customisations of the scheme. Each spec defines security criteria, tweaks options and sets rules – but none take responsibility for listing what back-end checks are needed. As a result, hundreds of issuers independently get it wrong, and gain false assurance that all bases are covered from the common specifications. The EMV specification stack is broken, and needs fixing.

We’re really worried that if something isn’t done to fix this problem, and the many others we’ve found in EMV, other regions adopting it (like the USA) are going to make the same mistakes again and again – and that means customers stay vulnerable.

That’s why again we’re arguing that Chip and PIN is broken. We don’t want people keeping their money in shoe boxes – we want the problems fixed. That means getting decent governance for the system that involves all the stakeholders – banks, regulators, merchants and customers.

Update (2010-02-11): ZDNet UK have some in-depth press coverage, and the story has also been picked up by the Telegraph and Daily Mail.

via www.lightbluetouchpaper.org

                        

Gloomy new hack-and-slash action game Dante’s Inferno meticulously reinterprets its influential source material: With perfect reverence, it replicates every nuance, every glorious note, from Sony’s God of War.

Oh, and there’s also some plot stuff in there based on some poem by a dead Italian guy.

The story line of Electronic Arts’ latest PlayStation 3 (reviewed) and Xbox 360 game comes from Dante Alighieri’s The Divine Comedy. At first blush, it might seem silly to create an action game around a 14th-century epic poem. But developer Visceral Games embraces the conceit wholeheartedly, executing the entire affair without even blinking.

Dante’s Inferno, released Tuesday, is Alighieri’s singular vision of hell, transformed for the Doom generation. Sorry, literature nerds, but it works. If only the gameplay weren’t so utterly derivative.

Dante, the one in the game, is no poet. Instead, he’s a war-ravaged crusader with serious post-traumatic stress disorder. But he has his domestic side, too. In fact, the game opens with him sewing a tapestry. Into his flesh.

Once he’s embroidered his taut, bare chest with a homemade superhero emblem, Dante sets out on a quest for salvation that will lead him through the nine circles of hell.

You see, Dante has a lot to make up for. In a series of rough and bloody animated sequences, we witness each and every sin he committed while fighting the not-so-good fight in the Holy Land. Yeah, the guy deserves his damnation. But his girlfriend, Beatrice, gets a raw deal and is dragged to hell on a technicality. So Dante does what any videogame hero would do — he takes the fight to the devil.

And so begins a long, arduous crawl south of heaven. Dante, armed with an oversize scythe pulled from the Grim Reaper’s cold, dead hands, descends through a series of trials, tests and boss battles.

Throughout, the game clings with near-religious adherence to its sacred text. No, not La Divina Commedia, the Book of Jaffe. Just like God of War, Dante’s Inferno is a series of locked-room battles against waves of monsters, spaced out with a few puzzles, climbing sequences and fights against screen-filling monstrosities.

Dante handles much the same as God of War badass Kratos. He’s like a dumbed-down translation of the heroes of baroque Japanese brawlers like Ninja Gaiden and Devil May Cry. There’s no crime in making smash-and-slash action more accessible and less like homework, but Dante doesn’t seem to have a single innovative trick up his sleeve. The two-tiered system of upgrades, equippable relics that boost abilities, and customizable spell powers all work well, but the game never floats a single original idea.

Instead, Dante’s Inferno coasts on sheer daring, playing off the classic tale with envelope-pushing violence and sex.

Playing the game is like strolling into the nightmares of Bosch and Goya. The rivers of blood, countless writhing souls and vats of boiling gold for torturing the greedy are something to behold.

The overtly phallic imagery that crops up as Dante treads through the circle of Lust is about as blue as you’ll ever see in a videogame that isn’t rated Adults Only. Definitely make sure the kids are put to bed, because Dante’s Inferno doesn’t hold back on the gore or the T&A.

The game’s best moment is when it goes big. The reveal of Dis, the massive city of the dead, is striking: Just before Dante batters down the doors and starts trashing the place, the camera pulls back to reveal the citadel’s smoldering walls. Dante, atop a giant demon, is dwarfed by this metropolis of the damned. Hell feels like a big, big place brimming with unfortunate souls.

The Old Testament morality of Dante’s Inferno got into my head after hours of sin and punishment. By the time I made it to the final circle, where traitors, liars and politicians suffer, I made a mental note to do my best to be nice to others. After centuries, fire and brimstone still do the trick.

Sadly, Dante’s Inferno commits its worst sin in its eleventh hour: It flinches and becomes a little too much like a game.

Dante’s last trials before facing off with Beelzebub are a series of challenges that break the fourth wall and undermine all the moody atmospherics and slick action that came before. Locked in room after room, the player is asked to kill some arbitrary amount of enemies, or keep a bad guy in the air for seven seconds.

These are the types of silly tricks game designers are supposed to reward with tongue-in-cheek achievements, or at least reserve as post-game diversions. But these lame challenges act as the gatekeepers to the final, exhausting fight with Old Scratch in Dante’s Inferno.

What the hell?

WIRED: A ballsy take on literature that worships at the altar of God of War.

TIRED: Adds nothing new to formula it pilfers.

$60, Electronic Arts

via Review: Dante’s Inferno Commits Sin of Game Theft | GameLife | Wired.com.

                        

1870: President Ulysses S. Grant signs a bill creating what we now call the National Weather Service. Forecasting models were simple but generally effective.

It had been obvious for centuries that weather in North America generally moves from west to east, or southwest to northeast. But other than looking upwind, that knowledge was little help in predicting the weather until you could move weather reports downwind faster than the weather itself was moving.

The telegraph finally made that possible. The Smithsonian Institution in 1849 began supplying weather instruments to telegraph companies. Volunteer observers submitted observations to the Smithsonian, which tracked the movement of storms across the country. Several states soon established their own weather services to gather data.

Congress thought the nation needed a centralized weather office, and that the new system would be best served by military precision and discipline. Hence, the resolution signed by President Grant in 1870 required the Secretary of War:

to provide for taking meteorological observations at the military stations in the interior of the continent and at other points in the States and Territories … and for giving notice on the northern [Great] Lakes and on the seacoast by magnetic telegraph and marine signals, of the approach and force of storms.

The War Department assigned the new function to the Signal Service Corps, where Brig. Gen. Albert J. Myer matter-of-factly named the new unit the Division of Telegrams and Reports for the Benefit of Commerce.

The network went online Nov. 1, 1870. Observers at 24 stations in the eastern United States started taking synchronized readings at 7:35 a.m. and telegraphing them to the division’s headquarters in Washington, D.C.

Cleveland Abbe, a private forecaster who (name notwithstanding) operated out of Cincinnati, had a reputation for consolidating telegraph reports into top-notch weather maps. The Army hired him as Special Assistant to the Chief Signal Officer. Abbe began work in January 1871 and made his first official forecasts the following month. He soon exceeded public expectations with daily weather reports like this:

Synopsis for past twenty-four hours: The barometric pressure had diminished in the southern and Gulf states this morning; it has remained nearly stationary on the Lakes. A decided diminution has appeared unannounced in Missouri accompanied with a rapid rise in the thermometer which is felt as far east as Cincinnati; the barometer in Missouri is about four-tenths of an inch lower than on Erie and on the Gulf. Fresh north and west winds are prevailing in the north; southerly winds in the south.

Probabilities: It is probable that the low pressure in Missouri will make itself felt decidedly tomorrow with northerly winds and clouds on the lakes, and brisk southerly winds on the Gulf.

In 1872, Congress extended the Signal Service’s weather responsibility to include the entire country. The weather division was renamed the U.S. Weather Bureau and transferred to civilian control as part of the Agriculture Department in 1891. President Franklin D. Roosevelt moved it to the Commerce Department in 1940.

The bureau was renamed the National Weather Service in 1970, when it joined the U.S. Coast and Geodetic Survey and the Bureau of Commercial Fisheries in the Commerce Department’s newly created National Oceanic and Atmospheric Administration.

Abbe served the government’s weather service in various capacities until 1916, the year of his death, and is often called the “father of the U.S. Weather Bureau.”

Source: NOAA

Photo: Sometimes you can see the weather coming, but often that’s not soon enough. This time-lapse photograph captures multiple cloud-to-ground lightning strokes during a nighttime thunderstorm in Norman, Oklahoma, in March 1978.
Courtesy NOAA

This article first appeared on Wired.com Feb. 9, 2009.

                        

We’re breaking into an elevated enemy base surrounded by jungle. We have the benefit of cover, lush overgrowth and ancient ruins. But the enemy has the advantage. The approach to their base becomes Hamburger Hill. I die over and over, sniped by a hundred unseen gunmen, trying to push my way toward the goal. The fight starts feeling pointless.

Am I getting too old for this crap?

I’m currently embedded in MAG, the new PlayStation 3 shooter that puts up to 256 players on the same battlefield. And at first, the notion of running and gunning with so many other people is exhilarating. But after all these shots to the head, I feel like this most complex of shooters may only be navigable by younger players with the free time to learn how to handle a hundred human foes.

I’m 37, and I’ve been gaming since the Atari 2600. Last year, at the peak of Modern Warfare 2 mania, I found myself in a hip Hollywood bar celebrating the birthday of an old college buddy. We’re all in our mid-thirties. As usual in a crowd of aging, buzzed geeks, the conversation veered toward videogames — specifically, the prowess of the young punks swarming the Call of Duty servers.

“They’re too good,” said the birthday boy. “And now they’re killing you with knives before you even have a chance to shoot them. It’s bullshit.”

Everybody in the bar agrees: Young gamers are somehow better than older gamers. Is it because they have fewer responsibilities and more free time? Or is it their youth that keeps them sharp?

And what the hell can us old-timers, with one foot in our gamer graves, do about it?

“The hottest new kid on the Halo 3 circuit is 14,” says Rod Breslau, a journalist who covers competitive gaming associations like Major League Gaming. He says kids are just wired better for shooters. The world’s top Quake players are 16, 17 and 20, he says, and their raw reflexes give them the edge.

Wisdom from Grandpa Walsh

David Walsh is the oldest player in Major League Gaming. The kids call him “Grandpa Walsh.” He is 25.

“The younger guys have much more refined motor skills, [having grown up] with more-advanced systems,” Walsh says. In other words, they cut their teeth on Halo 2 while we were playing Pac-Man.

“I don’t feel like getting older means getting worse,” he says. “I just think that the younger guys are getting so much better.”

It’s tough to argue that free time, or the lack of it, isn’t a factor. Jason Thompson, a 30-year-old South Carolina middle-school teacher with a wife and a 6-year-old, struggles to find a spare moment to play Modern Warfare.

“It is frustrating to come back to the game and feel like I’ve been left behind,” he says.

Thompson is careful not to mix school and gaming — he politely declines requests to play with his students, preferring to mix it up with fellow dads. One of his teammates is expecting his first child, and the gamers discuss birthing classes and day care during firefights.

By building a strong team of grown-ups, Thompson believes he’s found a way to leverage his experience and stay competitive.

“We mostly play ‘Domination,’ which is a tactical game,” he says. “This requires us often to sacrifice our lives in the defense of our flag, or in the capturing of an enemy’s flag.”

“Most younger players,” he says, “are so obsessed with keeping their kill/death ratio high that they rarely play correctly in tactical games.”

Tactics and teamwork

Young players’ superior twitch reflexes might help them keep their kill counts high and their deaths low, but that’s not teamwork. Thompson’s teammate Dave Hill, 32, says cooperation is the secret to their success in modern war games: “We communicate well, play as a team, help each other out and usually stick to a predetermined plan.”

Some oldsters don’t even bother trying to outwit the kids with age and experience. “As you get older, your want to be schooled by a 15-year-old supergamer disappears,” says game writer Chet Faliszek, who works for Valve and worked on Left 4 Dead. “You know you can’t beat him.”

Faliszek says that many older gamers gather on the forums of his company’s Steam service to start private matches in Left 4 Dead, a cooperative shooter that forces four friends to work together to survive the zombie apocalypse. Online, it pits players against each other in teams: four humans versus four infected zombies. The situation seems crafted to suit older gamers like myself, who would rather play together than die alone.

That was supposed to be the hook of MAG. The game’s massive battles are meant to bring players together by throwing them into smaller units, each of which is led by a more experienced tactical player.

These leadership roles would seem to be tailor-made for the older gamer, interested more in tactics than being on the front lines. But the job of trying to transform a squadron of teenage strangers into a well-oiled machine must require the patience of a saint — like herding cats, if the cats stopped every so often to call you gay.

I sync my Bluetooth headset to my PS3 and fire up MAG one more time. None of my friends are playing the game, so I’m hoping I get lucky and stumble upon some good teammates.

I jump into a match. The chatter in my headset makes me feel like I just climbed onto a prison short bus in Mobile, Alabama. My knuckle-dragging squad mates drawl insults at each other, make fun of my handle and call everyone’s sexuality into question.

Maybe it is just a matter of being able to put up with it: Who else but a fellow teenager would stand for this constant abuse long enough to get any good at the game?

I no longer even care to find out if I can hold my own, and I turn off the PS3. After all, when you’re an old man like me, you’ve got to pick your battles.

Image courtesy Sony Computer Entertainment

via 21st-Century Shooters Are No Country for Old Men | GameLife | Wired.com.

                        

In Bob Fingerman’s hands, even the apocalypse is hilarious.

Talk-show tyrants and cannibal foodies experimenting with dipping sauces that complement long pig are just part of the fun as Fingerman laughs his way through the End Times in his invented memoir, From the Ashes, due in collected form Wednesday from IDW Publishing.

“I look at things like The Food Network as part of the problem with modern America,” the New York-based Fingerman told Wired.com in an e-mail interview. “Too much emphasis on food, food, food. And if it all came down, I think some people would start chowing down on their barbecued neighbors.”

The Cracked vet unleashes his biting satire on all manner of public figures, cultural traditions and political movements in his comic book series From the Ashes (see panels above and below). It’s a light-hearted romp through the post-apocalyptic landscape that’s lately been charted in deadly serious films as different as the environmental documentary The Age of Stupid and John Hillcoat’s The Road.

via Comics Smartass Bob Fingerman Laughs Off the Apocalypse in From the Ashes | Underwire | Wired.com.

                        

Predictions about the appeal of cloud computing were on the money. We increasingly share, communicate, socialize and entertain ourselves with software and media on remote servers rather than on our own computers. But a big catch prevents more of us from investing much time or money in ephemeral digital media or constantly-changing online services: It can be difficult, if not impossible, to grab your stuff and split.

Say you don’t like the latest redesign of Kodak Gallery, formerly Ofoto. Some complain that the site now uploads photos in the wrong order — by size instead of date, as customer service confirmed — while others don’t like the “buy one thing per year or lose your photos” feature the site unveiled last year.

There’s no easy way for disgruntled customers to migrate their photos back to their own computers or to another service, although clever hacks exist. If you want your photos back, Kodak Gallery advises you to mouse over each photo and click to download them one-by-one.

Who has 60 or 70 hours to spare for downloading their own photos? Nobody we know.

Those who have been burnt by this sort of thing are less likely to trust another online service with memories, music, documents, books or anything else of import. Keeping media and other data locked up not only riles consumers, but could slow the growth of all sorts of online services.

Data portability is a rapidly growing movement among cloud-computing supporters. The idea that the online services we’ve herded ourselves into should let us at least pass from one pen to the next is key, although the nuts and bolts of how open standards will work are still being hammered out.

Out of this selection of prominent services, Google did particularly well. Only its YouTube site lacks a bulk-export option, and Google asks its users to vote on whether they want that feature added on DataLiberation.org, a Google website dedicated entirely to the data-portability issue.

“As people switch to ‘the cloud,’” explained Google spokeswoman Sara Jew-Lim, “we want to make sure they never feel like their data is locked into the web services they use, in some proprietary format or in some service they can’t extract it from (or that they have to pay to remove).”

For the user, the benefits of cloud computing outweigh the costs of administering one’s own services, which is why Tripod, the old DIY webpage-building site, is dead, while Facebook’s turnkey solution to creating an online presence continues to thrive. However, Facebook receives poor marks for data portability.

E-mails to Facebook’s press address were repeatedly referred to an on-vacation spokesman, so we couldn’t get an official response. But it offers no way to batch-download the photos, text or videos one has uploaded to the site, and it has a storied history of squelching users’ attempts to download their contacts. We understand that complicated data, such as relationships to friends and likes and dislikes, are difficult to share between competing social networks (although open standards embraced by Google Buzz and others, such as Activity Streams, Atom, MediaRSS and PubSubHubbub, can help with that). At the very least, you should be able to grab your own photos, videos and text. Like Google, Facebook is a member of the Data Portability Project, a consortium of companies whose aim is to enable data to pass more easily between platforms, so perhaps it will loosen these restrictions.

Hopefully, for everyone’s sake, Facebook and other companies make these changes sooner rather than later. Online service providers would like us to migrate our lives into the cloud because when we do stuff there we can encounter advertisements. In addition, plenty of ways exist to get people to pay for premium versions of free services once they become power users (free e-mail accounts reach their space limits, photo services offer printing, online music sales and subscriptions, and so on).

Services and customers alike stand to gain from data portability, and the answer could be as simple as a big red button on free and paid online services that says “Give me all my data now.”

Some of the companies peddling these services would balk at the notion of making it easier for customers to leave. But if people knew they weren’t going to be locked in, they’d be more likely to pay or make the substantial time investments that lead to paying.

In other words, if online services love their customers, they should set them free.

via What Do We Want? Our Data. When Do We Want It? Now! | Epicenter | Wired.com.

                        

In 1982, Rick Baker won the first-ever makeup artistry Oscar for his work on An American Werewolf in London. Since then, his bone-crunching, sinew-stretching lycanthropic transformations have become legendary. But Hollywood’s approach to makeup is changing as dramatically as those lupine metamorphoses: While working on a remake of The Wolfman, out February 12, Baker had to integrate his handcrafted artistry with the latest digital effects. He spoke to Wired about the hairy process.

Wired: When you have a dramatic actor like Benicio Del Toro playing a werewolf, it’s vital that he appear believable. How were makeup techniques and digital effects combined to create a look that’s convincing, not kitschy?

Rick Baker: I think it’s a letdown when a great actor like Benicio, who’s practically a wolfman anyway, suddenly becomes completely CG. So I’m glad the studio considered makeup an option. I wanted this werewolf to be an homage to Jack Pierce’s design for the 1941 original, but I updated it to be more ferocious.

Wired: You revolutionized the man-to-wolf transformation in American Werewolf and Thriller. Did you use the same methods for Wolfman?

Baker: The transformation in this film is all digital, but the wolfman is all my makeup. So I tried to anticipate how the CG effects would be used. Benicio’s wolfman is subtle: His teeth and hair grow, and his ears get pointed, but there are fewer physical changes than in American Werewolf in London.

Wired: Have you worried that your work can’t keep up with evolving technology?

Baker: I had that concern. I wondered whether today’s kids, who grew up on CG, would accept a guy covered in yak hair. But I actually embrace digital stuff now — I do it for fun. I was heavily involved in the digital work on The Curious Case of Benjamin Button. I like any trick that helps me achieve what I can’t with rubber. I try to make the right choice for the circumstances of the movie.

Baker’s Greatest Hits | An American Werewolf in London (1981) | Thriller (1983) | Men in Black (1997) | Planet of the Apes (2001) | Tropic Thunder (2008)

In an era when special effects make creatures more pixelated than predatory, it’s good to have Rick Baker on your side. Here’s how the monster makeup maestro added bite to Benicio Del Toro’s depiction of Universal’s classic wolfman.

                        

The Pentagon’s mad science agency has big plans for next year: crowdsourcing military intelligence, creating an “immune system” for Defense Department networks, and even research that might one day lead to editing a soldier’s DNA.

The Defense Advanced Research Projects Agency, or Darpa, just released its budget for the upcoming year. And, as you might expect from the Pentagon’s way-out science and technology division, there are some wild new projects on tap.

Military analysts are already overwhelmed by too much information. Instead of training more analysts or handing data over to computers, Darpa wants to improve how the military uses its intelligence info by turning it into an open call for contribution. The $13 million dollar project, called “Deep ISR Processing by Crowds,” looks “to harness the unique cognitive and creative abilities of large numbers of people to enhance dramatically the knowledge derived from ISR systems.”

Crowdsourcing is already used among businesses and other government agencies, to generate more innovative ideas that draw on as many sources as possible. Darpa wants that innovation to take over individual analysis and decision-making:

Novel frameworks will be developed to capture the experience base of users and systems to allow problem partitioning, quantitative confidence assessment, and validation in environments that may be partially compromised by adversaries.

When it comes to cybersecurity, Darpa’s taking inspiration from nature, with “Cyber Immune” — a defense model for the Pentagon’s computing systems that’s able to detect an attack, fight back and even heal itself automatically to prevent subsequent infiltration.

The current model for cybersecurity, dubbed “perimeter defense,” uses firewalls that hackers try to break through. Once they make it inside, they’ve got free rein, and the compromised system is vulnerable to ongoing outside attacks until the firewall is rebuilt. Instead of technicians who patch holes as they find them, Darpa wants a system with the instincts to go it alone, and that “assume[s] security cannot be absolute, yet … can still defend itself in order to maintain its (possibly degraded) capabilities, and possibly even heal itself.”

Of course, Darpa’s also living up to its mad-science rep, with ambitious plans to fast-track mastery over the human genome. Darpa’s budgeted $7.5 million in hopes of “increas[ing] by several decades the speed with which we sequence, analyze and functionally edit cellular genomes.”

Editing DNA could have widespread implications, but Darpa seems most interested in two: microchip implants that restore senses and movement in traumatic injury patients, and the ongoing Darpa goal of boosting troop performance in the field:

On the other end of the size scale, a primary goal is to apply microsystem techniques to soldier-protective biomedical systems. One example is an in-canal hearing protection device that will provide enhanced hearing capabilities in some settings, but be able to instantly muffle loud sounds of weapons fire. This one example will improve inter-personnel communications and at the same time drastically reduce the incidence of hearing loss in combat situations. For these examples and many more, the goal is to bring exceptionally potent technical approaches to bear on biological and biomedical applications where their capabilities will be significant force multipliers for the DoD.

Photo: USAF

                        

Bill McGonigle, of Lebanon, New Hampshire, decided to become a Tor volunteer when he learned that people in Iran were protesting the results of their June Presidential election. They were using the Internet to organize their meetings. The Iranian government was trying to censor their messages to one another. “I have a soft-spot for people trying to gain liberty for themselves,” he wrote in an email, “especially against tyrannical regimes. It became known that they were using Tor to get around the censorship, so at that point I put up a relay….The people I’d like to help are those living under violence-based oppression, most commonly orchestrated by dangerous and corrupt individuals posing as legitimate governments. I’d like to see an end to oppression wherever it exists.”

Get Tor

To become a volunteer, download this software.
To use Tor to protect your own privacy, download this software

How It Works

How Tor works is complicated. It uses fancy cryptography, which is difficult mathematics. It uses technical features of the Internet, which is difficult network engineering. The good news is that neither Tor volunteers nor Tor users need to know any of the hard stuff. Curious readers may enjoy technical explanations by the Tor Project programmers and classroom slides, written by Dan Boneh, a computer science professor at Stanford University specializing in cryptography. The inventors of the original Onion Router have published many papers, as has the team now working on Tor.

To get started, a volunteer–for example, Bill McGonigle in New Hampshire–downloads a software program from the Tor Project, based in Massachusetts, that lets him share a small fraction of his broadband Internet connection with people who use Tor. He chooses how much bandwidth he will set aside for Tor users. It can be as little as 20 kilobits per second, a small fraction of a 1.5 megabyte connection. The person who wants privacy, let’s say Abigail, downloads a small program that adds a Tor button to her Firefox Web browser. When Abigail clicks on her Tor button, Tor encrypts the message that Firefox sends out, passes that message along three or more randomly-chosen volunteers’ computers, which may include Bill’s, and then connects her to the Web site she wants. Tor then encrypts and bounces the messages along the same path from the destination Web site back to Abigail. Each computer on the path know only which computer preceded it and to which computer it must relay the message. After a short time, Abigail’s Tor chooses a new, random path among volunteers’ computers for her messages to follow. The result: Abigail is using the Web anonymously. Companies, government agencies, and spies have a very hard time figuring out where Abigail is, what site she is visiting, what she is writing or learning, and, if they are monitoring the destination Web site, who is visiting it. Right now, volunteers worldwide are offering Tor on 1755 computers.

China Plays Cat, Tor Plays Mouse, or Is It the Other Way Around?

Zhan Bin, who teaches at the Business School of the Beijing Institute of Fashion Technology, has written forcefully in his blog in favor of more openness and freedom in China.

In a recent email, he said that he uses Tor every day to read Internet sites, because the Chinese government has blocked so many. If Tor became unavailable to him, he would immediately search for a substitute. At the moment, though, there is no substitute that is as secure or useful as Tor. Tor encrypts people’s messages, unlike most other proxy services. It then passes the messages through a far-flung network of computers not controlled by any single group. It also works with different kinds of Internet communication, such as instant messaging. Because the program is open source, any programmer can build it into his software.

On September 25, 2009, the Chinese government did its best to blockade Tor, possibly in preparation for China’s National Day on October 1. The Tor Project had, from its beginning in 2006, published a list of volunteers’ computers’ IP addresses on several Web sites. The government employees who run China’s Internet gateway simply looked up the Web site and added those publicly-listed Tor IP addresses to the long list of IP addresses whose messages could not enter China. Two days later, 80 percent of those relays were still blocked. The number of Tor relays inside China that could contact the outside world had fallen from over 60–before the blockade–to zero.

By January 5, 2010, though, Zhan Bin and many other Chinese were once again able to use Tor. The number of connections from China had recovered to roughly 40,000 per hour, about half the pre-blockade number. What happened? As Andrew Lewman, the Executive Director of the Tor Project, explained in a telephone call, he and his colleagues had long anticipated and prepared for China’s blockade. Many volunteers had set up secret relays, which were not listed on the public Web sites. Those secret relays are called bridges. On September 25, Lewman and his colleagues faced a challenge right out of a spy novel. How could they communicate the bridges’ secret IP addresses to people far away–and unknown to them–without the Chinese government intercepting the list? The solution: a widely distributed dribble. The Tor Project is releasing the list of bridges, a few at a time. They are using many methods: word of mouth, email, Twitter, other new social media, and Web sites. They reveal no more than one-eighth of the list by any one method. The Chinese government will intercept, and then block, some of the IP address, but not all.

This pouncing and parrying is a game of cat and mouse. Right now, though, Andrew Lewman, Karen Reilly, and the other staff members at Tor do not feel like mice. They say that they are confident that they can continue to move people’s words and photos in and out of China. What they need, they say, is more volunteers to run bridges.

Does the Chinese government feel like the mouse in this game? Half of the Tor Project’s $514,000 annual funding comes from the U.S. government, through the International Broadcasting Bureau, an independent agency that runs radio transmissions for the Voice of America, Radio Free Europe, and Radio Free Asia. Ken Berman, the IBB’s head of engineering, sought out Tor, according to Lewman, because he wanted to support new Internet software that circumvented censorship.

Paul Syverson, co-inventor of the original Onion Router, worked and still works in the cryptographic laboratory of the U.S. Navy. In other words, he makes codes for the U.S. Defense Department. As in a delicious paradox common to logic puzzles, after inventing the Onion Router, Syverson told his Navy bosses that the Onion Router could keep the Navy’s secrets secret only if the Navy gave away the Onion Router. Why? Only when people sending messages through the Onion Router network are indistiguishable from average Internet users, can hostile observers not tell which messages to capture and inspect. The more numerous, varied, and ordinary Onion Router users become, the more they camouflage one another. In this way, sharks can hide among minnows.

Today, because Navy officials did–maybe to their dismay–understand the unforgiving logic of espionage–anyone can read the Onion Router source code and contribute to it. It is a civilian project–the Tor Project–and a non-profit organization.

Roger Dingledine and Nick Mathewson, computer scientists trained at MIT,  do most of the research and programming to improve Tor. They are idealistic fellows. They say in their mission statement, “…for human rights workers, journalists, democracy activists and many others world-wide, anonymity online can be an issue of life and livelihood. The Tor Project believes that we should have the same expectation of privacy online as we have in the real world….”

Yet, how does Tor look to the Chinese government, or to the government of Iran, Syria, or even Russia? Or to zealous nationalists of those countries? They may look over the shoulders of Dingledine and Mathewson. They may see the propaganda arm and war machine of the West.

Ordinary People Help One Another

In so-called open societies, though, people see the issue differently. Most Westerners disdain censorship. The Tor button for Firefox has been downloaded three million times. Lots of those freeloading downloaders–the ones with a broadband Internet connection–could also be offering the Tor service. A remaining question: do home computer users have permission to run an Internet server program that gives services to people outside their house? The answer is: maybe.

The Acceptable Use Policy of many Internet Service Providers–such as Verizon and Earthlink–explicitly prohibits residential customers from running any Internet server program. AT&T and Comcast’s iBurst do not. To check any company’s policy, type its name and “AUP” into a search engine.

What are the prohibitive ISPs worried about? That a customer will run an enterprise using most of the contracted bandwidth round-the-clock. That traffic could strain the ISP’s gear, hurt service to other customers, and get the ISP sued. By prohibiting all server programs, the company saves its employees the work of researching each customer’s case.

A little arithmetic shows how harmless and costless to her ISP Abigail actually will be if she offers Tor to the world, instead of merely using it herself. Let’s say that she has a 1 MB broadband connection. She considers setting aside a maximum at any given time of 20 kilobits per second for a Tor bridge, since bridges are now needed most urgently. A bit is one-eighth of a byte. A kilobyte is one-thousandth of a megabyte. Abigail, at maximum burst, will have 1/400th of her broadband connection busy with Tor users. She is paying $50 per month. She will have to decide for herself what her conscience permits. Then she can help her grandchildren set up Tor on their computers.

A person who sets up a Tor relay gets to give it a name. Bill McGonigle, the man in Lebanon, New Hampshire, who was moved by the Iranian election protesters, also admires John Lennon’s music. He calls his relay, “imagineallthepeople.”

Legal guidance for people running Tor relays in the United States
Video of a talk by Roger Dingledine

via wildbee.org

                        

Kevin T. Singer filed a federal lawsuit against officials at Wisconsin’s Waupun prison, arguing that a policy banning all Dungeons & Dragons material violated his free speech and due process rights.

Prison officials instigated the Dungeons & Dragons ban among concerns that playing the game promoted gang-related activity and was a threat to security. Singer challenged the ban but the 7th U.S. Circuit Court of Appeals on Monday upheld it as a reasonable policy.

Dungeons & Dragons players create fictional characters and carry out their adventures, often working together as a group, with the help of complicated rules.

Singer, 33, has been a devoted player of the fantasy role-playing game since he was a child, according to the court ruling. After the ban went into effect, prison officials confiscated dozens of Dungeons & Dragons books and magazines in his cell as well as a 96-page manuscript he had written detailing a potential scenario for the game that players could act out.

Prison officials enacted the ban in 2004 after an inmate sent an anonymous letter expressing concern about Singer and three other inmates forming a “gang” focused around playing the game.

Singer was told by prison officials that he could not keep the materials because

Dungeons & Dragons “promotes fantasy role playing, competitive hostility, violence, addictive escape behaviors, and possible gambling,” according to the ruling. The prison later developed a more comprehensive policy against all types of fantasy games, the court said.

The appeals court said the prison’s policy was reasonable and did not violate Singer’s rights.

“After all, punishment is a fundamental aspect of imprisonment, and prisons may choose to punish inmates by preventing them from participating in some of their favorite recreations,” the court said.

Singer was sentenced to life in prison in 2002 after being found guilty of first-degree intentional homicide in the killing of his sister’s boyfriend. The man was bludgeoned to death with a sledgehammer.

Department of Corrections spokesman John Dipko said the department was pleased with the decision and will continue to enforce rules that are designed to maintain a safe environment.

Singer’s court-appointed attorney, W.C. Turner Herbert of North Carolina, also did not immediately return a message seeking comment.