 Okay, hi. I'm Miles Long from Cult of the Dead Cow, and I just wanted to introduce Mr. Steve Toplitz, a.k.a. Arrakis here from our Hacktivismo branch, who has some nice things to tell you folks about this evening. Oh, yeah! Who are you kidding? All you suckers are in here for the free internet. It's okay, you don't have to. Okay, so about four months ago, I was sitting in the doctor's office waiting, and it's a Lasik office, and I'm pretty upset and scared because I'm about to walk in and have somebody blow a tissue from my eyes with a laser, my only pair of eyes, and then I'm going to be blinded for some amount of time. Now, I was pretty reticent going into it, and when the whole process was said and done, I was blind. And my girlfriend took me home, and I was there sitting in bed, totally blind, listening to music, thinking about my situation. I've got bandages covered over my eyes, some amount of blood, I'm sure. I'm thinking, how did I get into this situation? What if I can't ever see again? And I thought, privacy must be a lot like this for people who don't understand it. You're blind, you're in a situation that's more complex than you can handle. It's a little scary, and it's better handled by people who know more about it than you do. It's typically one of those things that you don't do it yourself if you're average Joe consumer. So, you have to wonder, while you're there, what's going to happen to be the outcome? And a nurse told me there's something called expectation management, and when she told me about it, I kind of thought I knew what it meant. She said, you can only get as good a vision as possible if you're the perfect candidate. So, you can't expect a perfect outcome. And so, when I was sitting in bed thinking about privacy that translated to, you can never have perfect privacy unless you're just in the perfect situation. And even then, there will be new exploits that come up, new threats. So, it's unreasonable to expect perfect privacy. So, that leads me to my next question. What is a reasonable expectation of privacy? Well, there is a legal stance on this, and there's two points to it. It's actually a test. The first one is... All right, hold on a second. I want to speak a little bit more about the privacy issue just for a second. Does this privacy end at your fingertips? I mean, is privacy just in your head? So, what would constitute an inappropriate invasion of privacy? So, back to the two-part test. The first half of the test is what to have a reasonable expectation, what is the reasonable expectation, and the second half is if society will uphold that expectation. It's reasonable to expect that a whispered conversation between lovers is private. And it's reasonable to expect what goes on in your own home is private. It's reasonable to expect that your email and your documents are private. And prior to 2005, it would have been reasonable to expect that your phone conversations and financial transactions are private, and perhaps it's still reasonable to expect those sort of things. While it's reasonable, those expectations are faulty, because society increases in its failures to uphold what we find acceptable in an expectation of privacy. I'm not here to tell you that privacy is dead, but I'm here to point out where the bedrock of privacy lies, so you don't build your house on sand. So, I'll state it pretty clearly. You have no rights except those which you can forcibly exercise. Let me to clarify that. According to the United Nations Declaration of Human Rights, you have the right to life, liberty, and the security of your person. You have the right to freedom of opinion and the expression thereof. You have the right to be free from arbitrary interference with your privacy. And I'll say it again. You have no rights except those which you can forcibly assert. This is the difference between a right and a law. A law only gives you consent to exercise a right you must already be able to assert. While I can't advise you about the assertion of those other rights I mentioned above, exercising your right to privacy will definitely go a long way to ensuring you don't have to. So, how do you enforce your rights? First, we have to determine the framework that we're working under. We're a very mobile and interconnected society. Most of us has traveled here a long distance, and I don't think any of us have stopped communicating, talking, paying for things, going around, except, well, considering our present company, we may be doing so a lot more guardedly. Okay. In fact, I would say that we've probably increased in all those transactions for interconnectivity, and it's important to have the tools which properly match our behavior. Our behavior dictates that we need portable privacy. Portable privacy is that privacy space that surrounds you. It surrounds your home, it's with you at work, at the ATM, at a restaurant, and it's with you when you sleep. It's that zone which your own personal space has, and it expands and contracts depending on your environment. It's the area that we have a strong expectation of privacy and that it's totally reasonable. But we must be willing to assert over it. Don't make any mistake, there is a war being waged for your privacy. And it's regardless of politics, and it's regardless of the legitimacy of the intrusion. So, this discussion is about maintaining that real estate. Some interesting devices have been created to help you enforce your personal privacy space. Recently, cultivated cow member Lady Ata released the Wave Bubble. Now, the Wave Bubble is a portable, self-tuning, frequency jamming device. It essentially allows you to block out all frequencies, be it Wi-Fi, Bluetooth, GPS, what not, within a 20-foot radius of yourself. Pretty cool. Now, undoubtedly it's a portable privacy device and a pretty cool one. One of the problems with it is that the FCC doesn't like it very much, and that's totally reasonable, but let's think about it for a second. The FCC declares that devices have more rights to intrude and permeate our systems than we have to deny those from entering our personal privacy space and blocking them out if we choose. So, in essence, the FCC is saying these little electronic devices have more rights in that regard than we do. I happen to disagree. So I think her little device that allows you to create a black sphere around you, just totally devoid of usable signals, is pretty cool kung fu. One of the main investors to portable privacy is the same things you'll find in regular computing. It's going to be communications, your data storage, your transactions, and some of your computing environment. And there's solutions for each of these vectors, however, they're uniquely different. They have to respect the principles of portable privacy, which are portability, elegance, and trustworthiness. Now, portability recognizes that the program itself has to reside locally on the portable media or be accessible remotely and executable remotely. This is not applicable to simply having a program that can be stored on a USB drive and can install, unless the program itself can uninstall when the program's closed and pretty much leaves no tracks behind. The second issue is trustworthiness. Now, we have to think about who are the people that are using these programs. They aren't going to have the same idea of trustworthiness that we will. Trustworthiness is a lot different than trust. Trust is something that you may have explicit in somebody else. Trustworthiness is a property that you can evaluate. So, trustworthiness is the principle of the program and privacy in the data handling it that can be trusted to some extent. And that degree has to be clearly stated by the program. Admittedly, trustworthiness is subjective to the user. If one has near theological beliefs about the software or the person who wrote it, then instead they've imbued it with trust instead of trustworthiness, and it completely bypasses the need for trustworthiness. Okay, for a program to be trustworthy, it should at least be source-viewable, if not entirely open source. For a program to be trustworthy and open source isn't just enough. Just because it's open source doesn't mean that anybody's gone through it and audited the code. It could still have all kinds of things inside it. Take, for example, JAP. It still has a piece of code in it that allows people to track you if they wanted to turn it on. The importance of source-viewability is not to prove that the program doesn't have malicious code, but to avoid the impropriety of appearing to have something to hide. If a program is closed source in the firm that's produced software doesn't have a built-up trust in the mind of the consumer, then it creates a disincentive for the consumer to actually use it. And, incidentally, it also creates a target for the infoset community. The license of a program can also be important. It may impart additional security to the program if one has assurity in the reputation of the author. For example, GPL provides a totally free software, but there are some other license out there that are pretty interesting as well. Take, for example, the Hesla license. It's put out by Hack to Vismo. And what the Hesla license does is it allows you to put out a program and state that this program is pretty much open source except for you can't modify it to contain spyware, viruses, malware, whatever, or use it to insert code that could compromise somebody's identity. So in order to be trustworthy, another property is the program has to fail securely. Bouchnier succinctly described the issue as a system defaulting to insecure. That means if the system failed, we would have to knowingly or unknowingly revert to a less secure system. For example, if you're running VPN that uses point-to-point tunneling protocol, does the bitstream leak if the connection is suddenly dropped? The practical application of failing securely would be typically to have an all-or-nothing situation. Either you get your connectivity, you get to where you're going, or it fails and it lets you know that it fails. So the upshot is when you open the browser, you used it. Did it get to Google or did it fail securely and did it break and you didn't see anything and it told you that the proxy was refusing the connections? So another important piece of trustworthiness is, and it's perhaps the most important, it's knowing the level of privacy that's imputed by the program that you're using. If it communicates securely, is it anonymity? Is it privacy? Is it just plain encryption or is it a warm fuzzy feeling? Okay, so, and other than the privacy aspect of it, you still have to be fully aware of who their client is and if they have a very high political or legal risk in the environment that it's running in due to being incorporated in the US or somewhere else. So, some commercial services such as Find Not have design flaws in their anonymity systems. Relying on leaky protocols like SOCs without forcing remote DNS lookups and it makes you think of, well, you should really be using another program like FreeCap or SoxCap or something else. The result is that while you're surfing anonymously, the websites that you're requesting are getting transmitted in plain text and that totally compromises your anonymity. That's even worse than if you hadn't been using an anonymous program at all because you've got this false sense of security that you have some sort of privacy going on and you may be more apt to do things that you wouldn't normally do and you'd be exposing yourself that much further. On the other end of the spectrum is the Tor network. Alright, this is a system based on Onion Routing. Onion Routing is an anonymization method where a datagram is wrapped up in three layers of encryption and it's hopscotched across the internet and then where it goes out in plain text and then it's wrapped back up in three levels of encryption and hopscotch back to you. Alright, so when the final layer of this three hop is done, you get it back and it's pretty secure. You know that it hasn't been tampered with unless the exit node was playing around with the data. So, I expect we're going to see some more rising of commercial routing networks in the future. From what I've heard about, there's actually three or four commercial Onion Routing networks, but only one of them has actually been released to the public yet. There are a few more coming. Okay, regarding elegance, never before has aesthetics and technology been so important. We recently saw one manufacturer start to really take it seriously. They religiously embrace the concept of elegance. So, take for example the Apple iPhone. Why is such a device so captivating? I mean sure it's marketing, it's branding and Apple fanboys have a lot to do with it, but none of the technologies in it are new or unique. A few people have mentioned that they combined all of these wonderful things into a single device, creating a multi-function device that's never been done before. Well, multi-function devices are the bastion of the uncreative. Convergence technologies have been the hype of marketing departments and the bane of sales ever since the advent of the radio alarm clock. You only have to look at monumental failure, the billion dollar monumental failure of AOL Time Warner to see that they can't combine these different things that don't necessarily fit together. We dilute ourselves into thinking that if we have two devices and we put them together that they're somehow new, even if they don't complement each other. Well, the iPhone combines complementary devices by the fact that everybody wants to carry a cell phone or an MP3 player and a PDA and a camera all in their pocket at the same time, you just don't have room. So what they've gotten common is that they all work together in a single device and they occupy the same amount of space. This was an excellent idea of elegance. So it seems that they have to have really great human-computer interface. It exhibits the characteristics of being intuitive, easy to use and self-contained. The technology employed within it is relatively transparent. You can't tell when you're switching between it being an MP3 player or a phone or anything else. It goes on pretty seamlessly. You don't have to wait 20 seconds for it to load up. Another great thing about it is it's got a single interface which can be used intuitively. And it's highly aesthetic with its intuitive touchscreen. Portable privacy product design should also follow suit and when they do their success is amazing. The largest impediment to wide acceptance and employment in privacy tools is that they're spartan and crude in design. The most important principle for acceptance in the portable privacy tool, sad to say, is elegance. So having cluttered and mysterious or non-existent interfaces limits the employment of the privacy tool to those who are either very privacy conscious or very technically inclined. So while that fits the definition of most of us here that is not going to fit everybody else because products live and die by the whim of the masses. So think about all those projects that you've seen that have gone nowhere. The information superhighway is littered with the carcasses of dead projects that died because they were in elegant or difficult to use. So while you may have a great idea for your project or you may love something that's coming out, unless it can gain wide acceptance and it's very easy to use and it's intuitive, it's going to fail. That brings me down to survival of the fittest. Most of these road kills were pretty incoherent and unrefined. And with survival of the fittest we're aware that if you're more aware of the plight of the panda rather than the Sega antelope it should be more aptly named survival of the most beautiful. Due to the high level of integration required for portable privacy, the tools for enforcing your privacy have to be user-friendly as user-friendly as possible in order to get you to try them for the first time and keep using them. This means that they must not only be portable and trustworthy but they have to observe the principle of elegance. So elegance contains qualities that are appealing, intuitive and easy to use, self-contained, transparent and informative. So things have to be appealing, they have to be aesthetically attractive. And to be intuitive the use of the product and its interface has to either be obvious by design or by previous familiarity. For example Torpark here, it looks exactly like Firefox except it's got a few extra buttons added to it and Missila did a great job designing Firefox. Alright, to be easy to use it has to rely on little or no user input or configuration. Einstein perfectly understood the idea of easy to use. Make everything as simple as possible but no simpler. So that means you can't oversimplify your controls. You have to know exactly what the user wants and meet exactly that or as close as you can. Now there's other areas where you may want to jump back in and add more configuration in the back and that's fine but make it so only the more technically inclined access that area and the regular user doesn't jump into that area. Okay, it has to be self-contained meaning the program should be standalone. It shouldn't require any additional downloading or component relying on pre-existing installations of certain connectivity software. Now this isn't to say the operating system because obviously you have to have that. Okay, to be informative the software has to not only let you know that it's running but it also has to provide a status indicator of the privacy behind it. So it has to be a color coded icon in a system tray or a notification bar or something that lets you know that it is working and I'll show you some software programs out there that are really great in their design ideas but in their implementation and their HCI they're absolute nightmares. Okay, to be transparent is the greatest accomplishment of all. Transparency means that when you're using the product it's nearly the same as not using the product at all except that you've got the conveyed benefits of the product. So with perfect transparency you notice no degradation in your performance you don't notice it getting any slower. The reason you would worry about it getting slower is let's say you've got an anonymous browser product out there and suddenly it's difficult to use or it doesn't always work all the time. You're more likely to switch it off and go without a condom and get yourself into a lot of trouble that way simply because well it was easier, it was faster, well sorry you just messed yourself up and whose fault is that? Is that the user's fault? No, it's more of a design issue or the user has to know what to expect or at least have options. Alright, to exemplify it let's take a look at the Zero Bank browser that I wrote. Alright, in the past year this was known as Torpac. I released it last November. Since November we've had over 4 million downloads of it. I'd say that's pretty successful. It was published in 120 some odd publications. Alright, so we're getting about 700,000 downloads of this a month. It's nothing novel, it's nothing unique, but what did we do? We took some pre-existing technologies that were already out there, capitalized on them, wrapped them up together and made it super easy to use. There was nothing novel or new about Torpac and we didn't go with a different network. There was Provoxie out there which allowed you to take the socks and wrap it and send it through Torpac. Well, we found out that Firefox is capable of doing this right on its own and we also integrated Putty into it pretty seamlessly as well so you don't have to deal with it or any windows and I certainly doubt most consumers would want to deal with a Putty shell window. Okay, so we have our framework for the ideas and we know about our environment. Let's get to the current arsenal of digital armaments that we can use in this privacy war that's being waged against us. First there's the field of secure communications and let's break that down into popular groups. Alright, you got general communications, web browsing, email, chat, messaging and voice over IP. Regarding your general communications, you have a couple of really great programs. The first is the Janus VM. That means virtual machine. Okay, essentially it's a virtual router on your system and allows you to capture all your communications and by VPN it forces it through the virtual machine and the virtual machine routes it through the Tor network. Okay, so the advantage of this is it's extremely transparent and allows you to view rich media like Flash and Java and JavaScript without necessarily compromising your anonymity out there because such programs can bypass your proxy settings and phone home normally. But when you're employing it by VPN in the environment, that typically just doesn't happen unless they have some sort of special breakout. So that'd be an open VPN attack if they were going to make one. Okay, next we've got the ZeroBanks XB VPN. This is a portable version of open VPN and you can load it up on your client's software and typically you have to connect to a server somewhere else. So if you have a server, that's great. If you don't, maybe you need to set one up at work or wherever you're working on. There's also commercial services out there that have VPN servers so you can just take this piece of software, use it as your client, put in your configuration files, run it, you're done. Okay, so the way that it works essentially is that it allows you to push all your connections through a TLS encrypted pipe. So you get 128, 192 encryption and it's pretty seamless and transparent. So suddenly you were worried about your Skype program, you were worried about your browser and everything but now you don't have to do any additional configuration and it's all wrapped up, captured and pushed through the VPN. Of course this doesn't exactly solve all your problems. You could still have a program that could be on your system and gather informative information about your local network and send that back through the VPN tunnel. But for the most part this isn't a real threat because I can't imagine a whole lot of attackers finding use in finding out that my internal network IP is 192.168.0.100. Okay, we've got the Anonymizer's Anonymous Serping and that's the leading product in the field due to its excellent branding and maintaining a spectacular program design. There's a portable version of Anonymizer that can fit on a U3 drive and it runs on both XP and 2000. This product nails both portability and elegance. The design is extremely transparent because it appears to use DLL injection to capture your outgoing traffic and force it through port 80. That means that you don't have to change your browser, you don't have to pick between Firefox or Internet Explorer or Opera, whatever you're using. It inserts itself between the browser and the network transmission and reroutes all of those HTTP and HTTP requests through Anonymizer. I've tried routing requests through it before that weren't necessarily the right traffic that should be going through and it still worked. This could be useful to you or not. I don't know exactly what speeds Anonymizer is pulling down. When I checked out their network I was able to get somewhere between 200 and 400 kbps. Okay, now Anonymizer is great on the elegance issue, it's great on the design, it's great on the portability, but it absolutely fails at trustworthiness. The service doesn't give any indication of the privacy offered, neither in their tools or their website. Additionally, when you're using the service, the default settings make sure that you fail insecurely. In the default settings, alarmingly I found out that when you download it and you run the program that it doesn't even encrypt your outgoing traffic unless you explicitly tell it you want it to. I just couldn't believe what Anonymizer was doing considering the role of responsibility that they had placed themselves in as market leader. Okay, so another aspect of Anonymizer is that it's closed source. That means that we don't know anything about the program and instead we have to rely on the author's own reputation. And it's not to say that the author doesn't have a great reputation, but we have no idea of what's going on in the program or the privacy level it implies. Another problem is that Anonymizer is formed in the US. Now let's think about that for a second. What does it mean for an anonymity corporation to be formed in the US? They're commercial enterprise and they're a single hub that exists. We don't know very much about their network at all and that also means anytime they're exposed to a national security letter that they have to turn over the information. There's no question of, oh, should we or shouldn't we? The arm is behind their back and either they're going to seize their assets and shut them down or they're going to turn you over. Now we have a commercial anonymity network that we run out of a few different countries and we've got one in a really high privacy jurisdiction, you know, Germany, and we take things very seriously there. We get somewhere about 50 to 100 requests per year from courts and subpoenas and whatnot and we get rated. Now not one of our users has ever been compromised in that way and we've been doing this for about six years and we can show all our documents in the last 12 months of those attempted raids. You have to wonder about the claims that an anonymity service makes when they say, oh, in the last 12 years we've been operating, we haven't had a single user ever be compromised and that's an ambiguous statement at best. What do they possibly mean by compromised? I was thinking that they would have to be operating under the assumption that they never provided any privacy or security at all in order to somehow convince themselves that that was the case. Okay. So the service doesn't give any indication of level privacy offered and neither did the tools in their website. One of the previous administrators of Anonymizer had summed up their author as being privacy for soccer moms. It's also thought that whatever privacy it offers can be bypassed by leaky plugins such as Adobe Flash and Adobe PDF viewer which phone home. I haven't subjected it to tests yet but I'm sure Stephen Jay Murdock if he's out there can tell you what happens. Alright. The program itself is both portable and it's elegant but the service that it uses crippled by the product relying solely on the reputation of the developer Lance Cottrell. That's because it's closed source and as I said we don't know what's going on with the network and they're incorporated in the USA so how seriously can you possibly take them? They say that there's not any risk and it gives no indication of the privacy that implies but you're still banking on Lance Cottrell's reputation and that's not to say that there's nothing going on there. Lance Cottrell has a great reputation. Some time about ten years ago he created Mixmaster, the anonymous remailing program and that's pretty awesome. Alright but luckily for Anonymizer these problems can be remedied by simply being more forthcoming about what's going on in their software what's going on in their network and perhaps telling the truth about what's going on with those national security letters and if they've been honey potting this whole time. So the question is are they going to do that? Probably not. There's a specific financial disincentive to do something like that and considering that they've been around since 1996 we can say that the disincentive is substantial if the case is that they've had a national security letter on their desk every day saying operate as a honey pot or else. And there is a disincentive for them to keep going. It's something to the effect of well they get to keep the reputation in business and they get to keep collecting a hell of a lot of money. Okay so the next portable privacy app that we've got for browsing is XB Browser from Zero Bank. It goes under many names and it went as Torpark and Democracy Browser and it was designed by me. And it was originally based on the portable Firefox code. I designed it from the bare bones of the program after being exposed to a sharp and treacherous learning curve of setting up a tour client and a tour server if you have no exposure to it at all. XB Browser is available for windows. It goes all the way from 95 all the way up to Vista. It should run on most versions of 95. What it does is it not only runs on 95 but we've also gotten it running under Wine and I think there are some copies that are running under Mac OS 10. But no guarantees there. So XB Browser typically runs on the tour network and it's upgradable to the high speed Zero Bank A non-immunity network and I'll tell you a little bit more about that in a second. So the degree of elegance in XB Browser is pretty high. It's a suite of programs that's Firefox, Tour and Putty but it transparently operates through a single program. It's just a wrapper. So the program is intuitive since it's designed and behaves mostly like Firefox and as I said Mazzilla did a really great job with that. The program is easy to use, it's preconfigured for direct internet connections but if you're operating behind a firewall or a proxy it'll pop up a notification saying hey we had some trouble connecting do you want us to try and auto-detect your proxy situation or do you want to enter in your credentials right now. Okay so that's pretty good. The product's informative because when you're using the tour network it tells you the user status. It tells you if tour is on, if tour is off, it tells you what's going on and it also fails securely meaning that if for some reason you can't connect it to you because the tour network is slow or a server is unresponsive or alternatively you did something wrong and it messed up and you broke it which is a good thing. You don't want it to keep going. Okay so we had a lot of users complaining, I mean we had, we suddenly opened up shop and overnight we had 500,000 Chinese download the program another 500,000 US and Europeans download the program and a lot of them complained oh my gosh what is going on? Suddenly the network is unusable and that's not to say anything bad about tour but when you suddenly get an exponential increase in people suddenly using the network and you have a limited amount of resources that didn't scale up with the network use you're going to see some loss of connectivity there. So about the 10,000 request I had for what can we do to speed it up I thought well you know there's probably some tweaks I can do, I can distribute maybe a directory of long lived nodes within the set itself but I don't know that probably wouldn't work. So after they asked me I thought well there is something that we can do. We could create a private anonymity network out there that was specifically made for to be broadband speed. Now regarding the zero bank network it allows you to surf anonymously at those broadband speeds we talked about and I say anonymously because we've blinded ourselves from the identity of who our client is. When somebody signs up and they pay us even if they pay by credit card we have absolutely no idea who they are. All that we get is a transaction ID that's what the user gets and it's a sign for the payment. Once the payment goes through that transaction ID which is totally not associated with any customer information which we don't have by the way that transaction ID corresponds to an account and we flip on the account and it depletes for the certain amount of time that the person bought the account for. Okay, so what we've got are a couple of different networks out there. We have an SSH network that will give you between 200 kvps and about a half a megabit. We've also got a VPN out there and that will give you anywhere between one and a half megabits all the way up to about six megabits and most of the servers are located in Germany and Austria some are located in Southeast Asia, some are located in South America. I can't specifically say where but we'll get to that too. Okay, the amount of programming that had to go through it was pretty horrible. I wrote the program originally in INSIS because that's what the portable Firefox was written in and it was terribly easy to use I admit and I should have probably rewritten it in Python. We've got this program out there that was written in INSIS which is just an installer language from Nullsoft and it was never meant to do the things that it does but luckily it does them and it still works and it's probably leaking memory somewhere. We'll see, we'll find out. But inherently that's going to be a problem with Windows because let's take for example we can turn off Firefox and tell it don't keep a cache, keep your memory small and whatever the day if we get memory and it fills up more than the memory it's supposed to allocate or Windows feels like it, it'll suddenly take that memory and write it down to the cache so you've still got it somewhere existing on the hard disk. So unless your system is so great that you're wiping out all your free space and you're clearing your cache file at shutdown you're not going to be totally in the clear and it's not as though the program can withstand forensic analysis. If you're running on a computer somebody's going to know that Tor Parker, XP browser was actually run on that computer but that's not an attack we're trying to defend against. Typically it's going to be somebody who needs to walk into a internet cafe plug in their program and suddenly they're surfing the internet anonymously. Okay so we have the network services that the XP browser uses. First let's take a look at Tor. Tor is a distributed trust model and advanced algorithms for routing and balancing. It's totally open source and licensed under the three-class BSD license so by default Tor servers don't create logs and thanks to the fact that it's run on donated bandwidth anybody can participate. And it's physically distributed across multiple jurisdictions so it has a low legal risk and it has practically no financial risk at all because it's just people running it from donated bandwidth. Alright, another great thing about Tor and this probably isn't stressed enough as they have extremely close ties to the pro privacy and extremely litigious EFF so that helps them out a lot. One of the inherent problems with Tor is that you're trusting all of the exit nodes and all the plain text traffic that you pass through the exit nodes get to see and they can modify it or change it if they wish. Now let's think about that for a second. What does that mean? That means that you're using it, you're using XP browser and it's going through the Tor network. You're putting your trust in the very last person who's running that exit node. They can see everything that you do and everywhere you go online and it's possible unless you're running end-to-end encryption that they could turn around and insert some bit of malicious code in there. I've heard of other types of SSL certificate attacks but that's really not what the talk is about. This is a little bit more high level than that. One of the problems is that Joe Nobody decides to be a malicious guy and suddenly he could be sniffing your traffic for logins. It's a great place to hang out if you want to sniff people's traffic for logins and credentials and financial information if they were just they didn't know what they were doing. An unfortunate part of that is XP browser makes it really easy for somebody to accidentally use it and not entirely understand the environment that they're operating in. There are inherent risks with making software really easy to use because you're creating a powerful tool and putting it in the hands of somebody that doesn't necessarily know how to use it. While the Tor network is an excellent project with low political and legal risk and it's extremely trustworthy, nothing can overcome the fact that it's often excruciatingly slow. Eventually this will change over time and it will definitely speed up as designers concentrate on efficiency of the bandwidth usage. But regarding portable privacy and the aspects that it's got to address, it fails in this regard and it's not by any fault of the Tor network itself but the specific failing of it is the transparency. The transparency issue is that if it becomes too slow or the circuit becomes faulty, somebody's likely to stop using it entirely and that's just not a situation that you want to have. Okay so because of this problem, the SBI browser is upgradable to the ZeroBank network. Alright the ZeroBank anonymity lets evaluate the trustworthiness of it for a second. I personally think ZeroBank is the greatest thing since sliced bread but I'm biased because I'm an administrator at ZeroBank. Okay so the software that ZeroBank uses for their network is open source since mostly GPL and it includes an SSH interface and a TLS VP interface. The ZeroBank network doesn't log user activity unless the user has specifically violated our terms of service and in most cases we'll just take that account and we'll shut it off. ZeroBank networks are all their machines are running on encrypted disks in different jurisdictions. We've separated the user information such as the account information from the actual machines that are running the communication servers. Alright additionally those systems are also segregated from each other and they get audited on a regular basis. The only people that have access to those they've got access by key login only and the people that have access are the administrator for that server the CSO and the auditor and after the auditor comes in and checks everything the keys get changed and what the auditors do is they report back to the CSO and say okay our admins of those communication servers aren't doing anything malicious. So what that does is essentially solve the exit node problem. The problem being how do we know that people aren't monitoring our exit node traffic? Well we know that we're not logging and we even check our administrators to make sure that they haven't bugged the communication servers to monitor all the outgoing traffic. Okay all of our servers are distributed across multiple jurisdictions and they don't log any personally identifying information and they're pretty secure. So legal risks are relatively low because ZeroBank is owned by Tourify LLC which is incorporated offshore in the sovereign and post privacy state of NEVIS. A NEVIS LLC is relatively difficult to assail and conquer because it doesn't recognize judgments from the US or the EU. On top of all of this is the crown jewel of the ZeroBank client secrecy guarantee. The CSG states that ZeroBank has a contractual obligation to protect the privacy and identity of users against illegitimate demands for information. So because ZeroBank is an international business it has to decide for itself what the standard of a legitimate claim is. That standard is the United Nations Declaration of Human Rights. Thank you Hack DeVismo for giving us that great piece of information. Okay so what that means is if suddenly we get a subpoena from a jurisdiction like it's China and they say we would like you to turn over the information of the user XYZ for purpose whatever. We first look at that and think to ourselves okay we don't even have this guy's information and we don't have his traffic. And second that's going to be a pretty tall order because then we'd have to reverse our own systems go back and try and find out who it is that's connecting through what account. And even then we don't have the payment information to figure out who paid for this account. If they paid for it by EGOLD or some other anonymous method we would have to implement a live trace and somebody would probably have to be holding a gun to our heads to do it. So when we get an order from the US stating listen this is a matter of national security. We want to know if he was at the yogurt shop Friday night. Sorry guys that's just not going to cut it. Now there's a few other things that we have to take into consideration here. There's some other browsers that we should mention and I don't have a whole lot of time to continue this talk so they decided to give me 45 minutes so let's go with it. Alright there's the Maxthon browser for Windows and that runs on U3 drives. It's pretty great and it's extremely popular in China and supposedly they have 90 million downloads and it's totally possible for them to start using this. Unfortunately it doesn't have any privacy settings yet and doesn't have any anonymity but if somebody was really inclined to make a project out there you could sure get a lot of users real quick. Alright another program out there is Ghostzilla and this program gets an honorable mention. Alright Ghostzilla is portable and when you move your mouse away from it suddenly the screen you are working on disappears and you have to move your mouse back and forth to make the window reappear. Well it's pretty cool and it's entirely trustworthy but it's got an inelegant design and an inelegant interface because it's just a portable version of an old Mozilla browser that's honestly not that great. Okay another web surfing program out there is Browsar. Browsar gets a dishonorable mention. Browsar the website purports to be the fastest download out there for anonymous browsing and it's secure and what not but to be honest they tiptoe around using the word secure. They use the word secure very infrequently because it turns out that Browsar is simply a wrapper for internet explorer that puts on a cool little skin and clears your cache when you shut down when you close the browser window. Wow that's not exactly what they told us. Okay next on our list are the email clients. Alright there's a portable Thunderbird which is just a copy of Thunderbird that runs on your USB key. It's really great because Thunderbird it has LDAP for your servers in case you have an address book stored elsewhere and you don't want to store your address book on your local machine so if your machine's compromised people don't know who you know. It also supports TLS and SSL. It supports IMAP so if you want to have an offshore server where you keep your mail like we do at ZeroBank then suddenly anybody who gets your browser and doesn't have your master password they can't get any of your messages. Okay let's go on to Mobility Mail. For Mobility Mail it's just another version of Thunderbird except it's got a NIG mail which is a plugin that allows you to have GPG encryption and decryption in the program. So suddenly somebody can send you a message with PGP encryption and with a single click and a password later your message is decoded. What does this protect against? Well when you send an email out over the internet most of you all know it's like writing something on the back of a post card you don't have any reasonable expectation of privacy so what you do is you employ this encryption on there and suddenly you've got something pretty high level that if anybody is a casual observer they can't figure out what it is you've said except if you put it in the title of the email itself. Okay now we've got the instant messaging. Alright what we've got instant messaging currently consists of IRC which involves discussion channels and one-on-one messaging which most of us know as instant messaging but IRC anonymity is dead for the most part. Okay what took the place of that is SILC and there's a wonderful new program that we're going to get at that runs SILC and a host of other programs, sorry protocols. Okay it's Pigeon and it runs a small little add-on called Off the Record. Alright Off the Record allows people to have AES encryption in their chats it supports a gazillion protocols out there and it's also got perfect forward secrecy thanks to using Diffie-Hellman key exchanges. Okay. Some of the main risk vectors to portable privacy are what we've discussed but another bit that we need to talk about for just a little bit are cash. Now in the coming age of digital privacy we're going to have to be spending a lot more money online and there's systems out there that we need to be aware of. There's regular normal digital currencies, there's somewhat like PayPal where they know exactly who you are, there's numerous currencies where there's somewhat blinded about who you are and that's like eGold where you could have a number of account that it doesn't necessarily correspond to you where they don't exactly know who you are or eBullion and then there's upcoming currencies like Loom and eCash which are totally anonymous and they both use slightly different methods. I know eCash uses Xiaomi and tokens that they've blinded themselves from and they've currently got a central operation that they run inside the tour cloud. Okay, that gets us back to computing environments. Alright, we've got the Rocket Live CD, Anonymity Anywhere Incognito and the new XB machine which we've just released yesterday. Now, I don't have much time so I won't even cover those other ones at all. I'll move right to XB machine. The current winner though I think is the Incognito Live CD. That means that you can boot from it and suddenly you're anonymous and all of your connections and software are anonymous. So we're introducing today the XB machine and that's available from the Zero Bank website. It'll run on QMU and it'll also run on VMware and it's got a private network information only meaning that it's going to have a really hard time trying to compromise your anonymity even if it wanted to. The interfaces are all firewalled on it and it's a hardened version of Gintu. The clients that it runs for the anonymity network are Tor, the Zero Bank SSH connection, the TLS we talked about. Oh, and I see we've mentioned the Zero Bank onion routing network. Okay, this is more of what the structure of the program looks like. As you can see we've got all the programs in one area and the anonymity hardware are running on one instance and then on an encrypted partition running loop AES that also has a self-destruct key that you can put in. It's where all of your private data is kept and once you enter in that self-destruct key all of your settings are suddenly wiped out obliterated and unrecoverable and for your own appreciation you could do that if you wanted to reset the system and it'll recognize that. So it's got all of those wonderful programs that you wanted in it. It's got Firefox, it's got Thunderbird, it's got Pigeon with off the record and all the wonderful things that we discussed and eventually it's going to have anonymous wallets on there for anonymous digital currency. So suddenly you're going to be James Bond loading up this CD or this virtual machine anywhere you are and suddenly you're totally anonymous and the great thing about this is it follows all of the principles of portable privacy. It's totally transparent and easy to use it's really fast, it's upgradable to the Zero Bank network as y'all are about to see and it's got fantastic security. We spent about 400 hours hardening the system. Now we're not done entirely, it's still got its own flaws but let's take a look at what it looks like. This thing is pretty easy to use. It looks so simple that even a Windows user could directly plug in and start using it. That means that we're going to get a high amount of people who are willing to use it entirely. Okay, so it comes pre-configured to use the Tor network or you can shut off your network connections or with a single click you can upgrade to the Zero Bank network and suddenly you're browsing anonymously at, you know, six megabits. Good for you. Alright, now XB machine isn't perfect, it's got its own risks and some of those risks we'll get to but this is just a pre-release that we've released now and you can download it from the Zero Bank website and I'll give you the address for it now. It's not a live CD currently, it's just a virtual machine. Eventually we're going to put it into a live CD to allow you to boot from it as well. So what that does is it not only addresses the software problems that you had to deal with before but now it will address almost all of the operating system and computing environment problems that you would have dealt with. Your risks now other than those listed are going to be somebody looking over your shoulder or somebody's got a hardware key locker and there's probably something else we're going to add as a software keyboard to the login mechanism just in case. Okay, so you can download this address or you can surf over to Zero Bank and click on the drop-down menu and go to the Zero Bank. The XB machine drop-down. So once you get that it's about a 370 megabyte download and you can run it from VMWare or QEMew or whatever you like. Okay, some of the other things that Hack2Vismo asked me to mention before we pass out the free accounts are we're starting two new programs. One of them is Googleog and Google is about to find out about that the same way that Microsoft found out about back orifice. I had to talk with a Google security person yesterday and let him know that there's a new dragon coming. Okay, another thing that we wanted to make you all aware of and just let y'all know before I'm cut off here real quick is y'all heard about Yahoo probably and about a year ago they shut somebody off and had they had the guy, they took the guy out and he got in prison for 10 years for saying something the government didn't like. Well, we're coming up with something else for that. So if y'all know anybody out there or know anybody who knows anybody out there that's been affected by Yahoo or Cisco or Google or anything like that, I urge you to contact Hack2Vismo because we would definitely like to know. We're coming up with a documentation paper on it and we'll be having a project following up on it. Okay, and that ends our discussion.