19 October 2009 Date: Mon, 19 Oct 2009 08:50:02 +0200 From: Eugen Leitl <eugen[at]leitl.org> To: cypherpunks[at]al-qaeda.net Subject: Re: Kaspersky wants to make Tor illegal and supports a globalized policed internet. ----- Forwarded message from Jacob Todd <jaketodd422[at]gmail.com> ----- From: Jacob Todd <jaketodd422[at]gmail.com> Date: Sun, 18 Oct 2009 15:14:55 +0000 To: or-talk[at]freehaven.net Subject: Re: Kaspersky wants to make Tor illegal and supports a globalized policed internet. User-Agent: Mutt/1.5.20 (2009-06-14) Reply-To: or-talk[at]freehaven.net On Sun, Oct 18, 2009 at 04:38:57AM -0700, Kyle Williams wrote: > I just read two articles that moved me to bring this to the attention > of others. Kaspersky Labs thinks anonymity is the problem with the > Internet. > > http://www.theregister.co.uk/2009/10/16/kaspersky_rebukes_net_anonymity/ > > In Kaspersky's world, services such asB PsiphonB andB The Onion Router > (Tor)B - which are legitimately used by Chinese dissidents and Google > users alike to shield personally identifiable information - would no > longer be legal. Or at least they'd have to be redesigned from the > ground up to give police the ability to surveil them. That's not the > kind of world many law-abiding citizens would feel comfortable > inhabiting. > " > > He's talking about supporting a police state, where the "law" can > watch everything you do. > > http://www.zdnetasia.com/insight/security/0,39044829,62058697,00.htm > " > [Q:] Are you saying that people often don't understand the > complexities of the work security researchers are involved in? > Consumers, businesses and even governments? > [A:] Governments do understand because they are more and more in touch > with these problems. Enterprises, big enterprises, some of them have > dedicated teams of security experts and they really understand what's > going on. Consumers generally have no clue, but they don't need to > understand. > " > > The only thing that works better than his A/V software is a well > informed and educated user. > My mom didn't know shit about what to do and not to do on the Internet > and downloaded everything that was free, and that's why I would have > to "fix" his computer every few months even though she uses AVG and > SpyBot. Finally I sat her down, explained to her why this was > happening, and told her not to do that anymore if she wanted her > computer to work right. She listened, and hasn't had any serious > problems for a few years now. > > From the same article... > " > [Q:] If you had the power to change up to three things in the world > today that are related to IT security, what would they be? > [A:] Internet design--that's enough. > > [Q:] That's it? What's wrong with the design of the Internet? > [A:] There's anonymity. Everyone should and must have an > identification, or Internet passport. The Internet was designed not > for public use, but for American scientists and the U.S. military. > That was just a limited group of people--hundreds, or maybe thousands. > Then it was introduced to the public and it was wrongb&to introduce it > in the same way. > I'd like to change the design of the Internet by introducing > regulation--Internet passports, Internet police and international > agreement--about following Internet standards. And if some countries > don't agree with or don't pay attention to the agreement, just cut > them off. > " > > This is scary talk from a man who owns the largest anti-virus company > in the eastern hemisphere. Read these articles, and you'll see this > guy talks about a global "Internet police" or "Internet Interpol". > That's serious globalization talk from someone who millions trust to > protect their computers. All they need to do is label some code as > malicious, and it'll be removed from your PC after the next A/V > update....even if you use it to regain lost civil liberties. How long > until Kaspersky labels Tor a trojan or virus? If that happens, then > what? > > People who seek to control society fear society having anonymity, for > it's with anonymity that society can stand up against corruption of > the state when it occurs. The latest Iran election and the actions > that followed are a great example of this, and it's was technology > such as Tor that helped them get the truth out about what was being > done. When was the last time a trojan horse or virus helped a country > regain liberty or help bypass censorship? To treat Tor as such > malware is down right insulting to people's rights everywhere. > > Normally I would never think about the following, but as a developer, > I'm weighing the idea of detecting, disabling, and/or deleting > Kaspersky before installing any of the projects I work on. Such > action should be brought to the users attention, and the action to do > something about it should be evoked by the user. However, if > Kaspersky does go too far and labels Tor as malware, you can be damn > sure JanusVM, *maybe* Tor VM, and Chromium Browser VM will take > automated action to prevent itself from being attacked by Kaspersky > products, and will do so in a very harsh way. > > Something worth noting, today's A/V solutions do not scan inside > virtual machines and would not be able to detect Tor easily. Use > encryption with the VM and it'll be impossible for any A/V product to > scan the data inside. If you use an external anonymity device like > januspa or a linux router + Tor, then you would not feel the affects > of bad A/V software against your anonymity. > > Personally, I will be encouraging everyone I know to stay as far away > from this company and their products simply out of principle at this > point. I had no problem with Kaspersky until I read this. If > Kaspersky is going to treat non malicious software as malware, then we > might as well treat their software with the same regard. > > Spread the word, Kaspersky Labs is not a friend of Tor. > > Best regards, > Kyle > > "All that is necessary for the triumph of evil is that good men do > nothing." - Edmund Burke > *********************************************************************** > To unsubscribe, send an e-mail to majordomo[at]torproject.org with > unsubscribe or-talk in the body. http://archives.seul.org/or/talk/ Thanks for the link. While I don't see this as a threat in the US, some East Asian countires wouldn't surprise me if they did similar to this. -- Jake Todd // If it isn't broke, tweak it! ----- End forwarded message ----- Date: Mon, 19 Oct 2009 04:29:02 -0500 (CDT) From: "J.A. Terranson" <measl[at]mfn.org> To: cypherpunks[at]al-qaeda.net Subject: Re: Kaspersky wants to make Tor illegal and supports a globalized policed internet. > ----- Forwarded message from Jacob Todd <jaketodd422[at]gmail.com> ----- > > > of others. Kaspersky Labs thinks anonymity is the problem with the > > Internet. > > My mom didn't know shit about what to do and not to do on the Internet > > and downloaded everything that was free, and that's why I would have > > to "fix" his computer His mom is a guy? > > Spread the word, Kaspersky Labs is not a friend of Tor. Amen. He's no friend of people in general-remember this product's history. > Thanks for the link. While I don't see this as a threat in the US, some East > Asian countires wouldn't surprise me if they did similar to this. Yhis is VERY MUCH a threat in the US, and anyone who doesn't see that needs to look again. //Alif -- Yours, J.A. Terranson sysadmin_at_mfn.org 0xF6D40CF5 0xpgp_key_mgmt_is_broken-dont_bother "Never belong to any party, always oppose privileged classes and public plunderers, never lack sympathy with the poor, always remain devoted to the public welfare, never be satisfied with merely printing news, always be drastically independent, never be afraid to attack wrong, whether by predatory plutocracy or predatory poverty." Joseph Pulitzer 1907 Speech Date: Mon, 19 Oct 2009 02:04:35 +0000 (UTC) From: John Case <case[at]sdf.lonestar.org> To: or-talk[at]freehaven.net Cc: cypherpunks[at]al-qaeda.net Subject: Re: Kaspersky wants to make Tor illegal and supports a globalized policed internet. On Sun, 18 Oct 2009, Jacob Todd wrote: >> http://www.theregister.co.uk/2009/10/16/kaspersky_rebukes_net_anonymity/ >> " >> In Kaspersky's world, services such asB PsiphonB andB The Onion Router >> (Tor)B - which are legitimately used by Chinese dissidents and Google >> users alike to shield personally identifiable information - would no >> longer be legal. Or at least they'd have to be redesigned from the >> ground up to give police the ability to surveil them. That's not the >> kind of world many law-abiding citizens would feel comfortable >> inhabiting. As far as any authority is concerned , one bit of SSL traffic is indistinguishable from any other bit of SSL traffic. So while current anonymity models may not be workable in 5 or 10 years, if people are generating strongly encrypted traffic to arbitrary hosts, _some_ models will be workable. Multinational, corporate interests will not allow information security (SSL, VPNs) to just go away. Further, if TPTB have "broken" SSL, they aren't going to tip their hand to the rest of the world to blow the nym you access twitter with. I am pessimistic about the march of freedom and the limits of state power, but these are now basic to all commerce and infrastructure worldwide. The cats out of the bag, I'm afraid. >> He's talking about supporting a police state, where the "law" can >> watch everything you do. >> >> http://www.zdnetasia.com/insight/security/0,39044829,62058697,00.htm >> " >> [Q:] Are you saying that people often don't understand the >> complexities of the work security researchers are involved in? >> Consumers, businesses and even governments? >> [A:] Governments do understand because they are more and more in touch >> with these problems. Enterprises, big enterprises, some of them have >> dedicated teams of security experts and they really understand what's >> going on. Consumers generally have no clue, but they don't need to >> understand. He's lobbying. He sees the money that cisco, et. al, have made building the great firewall and he wants a piece of the action. >> I'd like to change the design of the Internet by introducing >> regulation--Internet passports, Internet police and international >> agreement--about following Internet standards. And if some countries >> don't agree with or don't pay attention to the agreement, just cut >> them off. Let's say this is successful ... it will simply lead to a parallel, mostly wireless network that is even more decentralized than the current Internet. How much does it cost these days to link 10mbps across 10 km ? In a few years, with "n" hardware flooding the market, how much will it cost to link 100mbps across 50 km ? >> Something worth noting, today's A/V solutions do not scan inside >> virtual machines and would not be able to detect Tor easily. Use >> encryption with the VM and it'll be impossible for any A/V product to >> scan the data inside. If you use an external anonymity device like >> januspa or a linux router + Tor, then you would not feel the affects >> of bad A/V software against your anonymity. >> >> Personally, I will be encouraging everyone I know to stay as far away >> from this company and their products simply out of principle at this >> point. I had no problem with Kaspersky until I read this. If >> Kaspersky is going to treat non malicious software as malware, then we >> might as well treat their software with the same regard. Will there really be any intersection between end users using reactionary, clueless, least-common-denominator snake oil like this, and users of Tor ?