Verzeichnis
JonDonym News CenterPrivate and secure web surfeing
Vietnam currently regulates access to the Internet extensively. Together with infrastructur management like DNS blocking, IP blocking and content filtering a climate of self-censorship is enforced by the gouvernment. (see: Profil Vietnam at OpenNet.net)
The Vietnamese government has issued a new draft decree of a law in online censorship that is expected to be issued in June and would have grave implications for 30 million country’s netizens and foreign internet companies.
- No anonymous speech: Internet users are "strictly prohibited" from providing fictitious personal data.
- For usage of Social Networks real names are requiered too.
- Website administrators have to report any instances of prohibited online activities to authorities.
- Bloggers will be held personally liable for all the published content on their blogs.
- The draft require foreign internet companies to relocate their data centers to Vietnam.
- Foreign internet companies are compelled to provide information and cooperate with Vietnamese government agencies in internet censorship.
Google and Facebook have millions of user in Vietnam. In similar situations in India and China both companies cooperated with the gouvernments.
Stand der Umsetzung der EU-Richtlinie zur Vorratsdatenspeicherung (neusprech: Mindestspeicherdauer) in Deutschland:
- Bereits 2006 hat der Wissenschaftliche Dienst des Bundestages ein Rechtsgutachten mit schweren Bedenken gegen die Vorratsdatenspeicherung vorgelegt.
- Die Auswertungen der Kriminalstatistik des BKA und der Polizeistatistik Niedersachsen für den Zeitraum 2008-2011 zeigen, dass die Umsetzung der Vorratsdatenspeicherung im Jahr 2009 keinen positiven Einfluss auf die Aufklärungsrate von Straftaten hatte.
- Eine Studie des Max-Planck-Instituts (MPI) für ausländisches und internationales Strafrecht kommt zu dem Schluss, dass die deutschen Strafverfolgungsbehörden keinen schlüssigen Nachweis für die Notwendigkeit der Vorratsdatenspeicherung erbracht haben.
- Der Bundesdatenschutzbeauftragte P. Schaar hat anlässlich des Beschlusses zur fünfjährigen Speicherung von Fluggastdaten in der EU darauf hingewiesen, dass man die einzelnen Maßnahmen zur Überwachung unseres alltäglichen Verhaltens nicht getrennt betrachten kann. Angesichts der bereits umgesetzten Protokollierungen gäbe es keine Spielraum mehr für eine Vorratsdatenspeicherung der Telekommunikationsdaten.
- Dem Europäischen Gerichtshof wurde im Januar 2012 die EU-Richtlinie zur Prüfung vorgelegt, ob die Grundrechte der Nutzer respektiert werden, wie sie in der europäischen Grundrechtecharta verbrieft sind.
- Politiker von CDU/CSU und SPD drängen weiterhin auf eine schnelle Umsetzung der EU-Richtline, obwohl eine Prüfung des EuGH Überarbeitungen erfordern könnte.
Anlässlich des heutigen Tages Jahrestag des Inkrafttretens des Grundgesetze haben der Chaos Computer Club, AK Vorrat und Foebud eine neue Kampagne gegen die Vorratsdatenspeicherung gestartet: Verdachtsfrei - Anlasslos - Nutzlos.
Es geht bei der Kampagne darum, den Menschen zu zeigen, warum es gefährlich ist, wenn anhand der alltäglichen Kommunikation detaillierte Freundschafts- und Bewegungsprofile erstellt werden. (W. Hülsmann)
The Swedish television program Uppdrag granskning is focusing on investigative journalism. The investigative report Black Boxes showed, Sweden’s telecommunications giant TeliaSonera is selling authoritarian regimes high-tech surveillance gear to spy on its citizens.
TeliaSonera has enabled the governments of Belarus, Uzbekistan, Azerbaijan, Tajikistan, Georgia and Kazakhstan to spy on journalists, citizens and particularly members of the political opposition. The Black boxes were used in Belarus to track down, arrest, and prosecute protesters who attended an anti-government protest rally following the 2010 Belarusian presidential election. One Azerbaijani citizen says he was interrogated solely due to the fact that he voted for the Armenian representative in the 2009 Eurovision song contest.
TeliaSonera is the latest Western company revealed to be selling high-tech surveillance technology to authoritarian regimes.
The Syrian Electronic Army (SEA) operates with at least tacit support of the government. In the last weeks it targets Facebook and Youtube accounts of Syrian activists to get the login credentials and infect the computers with malware.
- May 2011 a man-in-the-middle attack against the HTTPS version of the Facebook site was launched with support of most syrian ISPs. It seems, the Syrian Telecom Ministry was involved too.
- February 2012 CNNtech reported the deployment of computer viruses like Backdoor.Breut against Syrian opposition activists
- 3 waves of attacks were reported by EFF.org in March 2012. At first a PDF document was delivered via Skype message from a known friend. It installed a remote administration tool called DarkComet RAT, which can capture webcam activity, disable the notification setting for certain antivirus programs, record key strokes, steal passwords, and more.
- Afterwards links to a fake YouTube page were distributed by email and chats. Visitors were attacked in two ways: it requires to enter YouTube login credentials in order to leave comments, and it installs malware disguised as an Adobe Flash Player update.
- During the third attack in March 2001 phishing links were spread in pro-revolution forums on Facebook to get Facebook login credentials of activists.
- April 2012 the Facebook security application FacebookWebBrowser.exe was promoted for Syrian activist in Facebook comments. The FacebookWebBrowser.exe is a malicious application which logs keystrokes and steals login credentials for email accounts, YouTube, Facebook, Skype, and others.
- Since a few days a Skype Encryption Tool is promoted for Syrian activist. The application does not encrypt anything. Instead of encrypting Skype traffic, the application downloads malware.
In may cases compromised accounts were used for malware distribution and people may think, the message is comming from a friend.
Attacks on facebook accounts are not a new idea by Syrian Electronic Army. The Agence Tunisienne d'Internet (ATI) used Javascript Injection to get login credentials of Facebook accounts a year ago. But this intensity of attacks is new in cyberwar.
- Iran is investigating a suspected cyber attack on its main oil export terminal. A Stuxnet like computer worm was detected inside the control systems of Kharg Island - which handles the majority of Iran oil exports. The communications systems of Iran's Oil Ministry and of its national oil company were infected too. (Reuters)
(By some experts it was not yet clear whether the virus was, like Stuxnet, seeking to corrupt industrial processes to cause physical damage, or was a simple data virus.)
The High Council of Cyberspace of Iran published a "Request for Information" (RFI) seeking details on new types of censorship tools that are available in the market. The RFI calls for proper conditions for domestic experts in order to build a healthy Web and organize the current filtering situation. Iran invests millions of dollar in internet control and censorship technique, mainly build by the the Chinese telecom company ZTE. (EFF.org, ars technica)
The Pentagon says it is making measurable progress in developing new defensive and offensive weapons for the cyberspace. (Reuters)
Präsident Obama signed an Executive Order targeting people and companies facilitating human-rights abuses with technology (surveillance technology for the purposes of computer or network disruption, monitoring, or tracking of individuals) to Syria and Iran.
The order is solely focused on Syria and Iran, leaving out - most notably - Bahrain, where protesters were killed last weeks by police forces. Bahraini human rights groups have documented the use of Trovicor (formely Siemens/Nokia) technologies in surveillance there.
2003 US-Congress defunded the Total Information Awareness project (TIA) of Bush Administration's. TIA was part of the counterterrorism program of Bush Administration's and was qualified as a massive Orwellian technology-driven surveillance and data mining initiative.
2004 President Bush signed an order that allowed the NSA to eavesdrop Americans without the usual requisite warrants. The domestic surveillance program ramps up.
In December 2005 the cooperation of AT&T with NSA spying program was dicovered to the public by the whistleblower Mark Klein.
- The NSA has unlimited real-time access to the telefon and internet communication of AT&T costumers.
- The NSA has unfettered access to the 300 TByte large Daytona database of AT&T with fon and mail communication records.
- A fiber-optic splitter was installed in San Fransisco that copies all internet traffic passing through the system into a NSA computer system.
According an ex-NSA member, AT&T has similar operations in place in as many as 20 other sites. These surveillance activities are in violation of the privacy safeguards established by Congress and the U.S. Constitution. Civil liberties proponents like EFF.org and ACLU sues AT&T and NSA to stop warrantless eavesdropping.
2008 The Obama Administration's would give phone companies retroactive immunity for breaking the law in cooperation with the NSA warrantless eavesdropping program! At first the bill was rejected but it passed the Congress in 2011 with FISA paragraph 802a.
2012 Expansive new guidelines were signed, allowing the National Counter Terrorism Center (NCTC) to mirror entire federal databases containing personal information and hold onto the information for an extended period of time -even if the person is not suspected of any involvement in terrorism. It proposed fusing vast archives of electronic records — like travel records, credit card transactions, phone calls and more.
2013 the infrastructure for the Total Information Awareness project will be ready. The new NSA datacenter in Bluffdale (Utah) will be ready. This new datacenter for $2 billion will be a great storage for all sniffed telecommunication data like phone claas, e-mails, Google searches and so on. For more information about you may read The NSA Is Building the Country’s Biggest Spy Center in Wired magazine.
10 years after defunding by Congress the Total Information Awareness project was realized piecemeal by the administration. The effects in counterterrorism are very low, it generally played a limited role in counterterrorism efforts.
Update (23 Apr 2012): The William Binney was the key source for the wired article about the new NSA datacenter in Bluffdale. He served in the NSA for over 30 years. In his first first television interview since he resigned from the NSA he speeks about the Orwellian state surveillance. Other interview parnters are Jakob Apelbaum and Laure Poitras.
- Part 1: NSA Whistleblower William Binney on Growing State Surveillance
- Part 2: Questioned Some 40 Times at U.S. Airports (Laure Poitras)
- Part 3: "We Don’t Live in a Free Country" (Jakob Appelbaul)
- Part 4: The NSA is Lying–U.S. Government Has Copies of Most of Your Emails
During the last weeks we got more and more e-mails from Iran.
until today 13/Feb the ssl Protocole and https was blocked and access to gmail,yahoo and other services be imposible. Jondo program be able to pass the iran censorship (nor Ultrasurf and Tor be able to break this limit).
I'm contacting you from Iran .
My only hope for connecting free internet is your software .
you are the most experienced group of German hackers to break the Internet filters in Iran
I wish i could pay you for a new account in some way but according to these amount of sanctions and banking problems it seems impossible. any way ...
Now ; all of our bank and currency issues are effected by this War against us . Its both the problem of Government and USA . they are lots of banking problems for the people here. But ... believe me ... I'll try my best to send you , what you should get .
Since the Society for Worldwide Interbank Financial Telecommunication (SWIFT) is blocking all monetary transactions to and from Iran and due to economic sanctions against Iran it is hardly possible for iranian users to buy premium volumes for JonDonym anymore. Additionally, the currency Rial has been dropping in value significantly versus the Euro and the Dollar.
People that are talking with each other don't throw bombs
On March 15th, Ronny Edry posted a poster on Facebook (left side) . Within 24 hours, thousands of people shared the poster. The answer from Iran (right side) appears within hours.
Ronny Edry is raising money in order to produce more posters and keep the movement grow. You can support the campaign. May we prevent this war.
Pakistan:
In Pakistan substantial internet censorship already exist [1] {2]. Now the Pakistani government want to build a national Chinese-style censorship firewall. This would censor 20 million internet users!
It may be impossible to build this firewall without support of western IT companies. Pakistani government has put an ad in their national papers asking for companies to help them. Bidding deadline is this friday.
- At least five western IT companies have already said they won't participate (Websense, Cisco, Verizon, Sandvine, and OpenDNS).
- Bluecoat, Huawei, McAfee, Netsweeper, ZTE, and others did not refuse but also did not confirm to play a role in putting up the walls of censorship.
In our opinion the reason for this restraints to take this profitable job is a first success of the publicity of surveillance technology companies by Spyfiles (Wikileaks), BuggedPlanet or Surveillance Who's Who (Privacy International).
Update: It seems, Pakistan shelves its plans to install a Great Firewall.
Iran:
Supreme Leader of the Islamic Revolution Ayatollah Seyyed Ali Khamenei ordered the establishment of the High Council of Cyberspace and appointed a number of natural and legal persons to the council. The council will establish the National Center for Cyberspace that will allow gaining complete knowledge about the activities in cyberspace on domestic and international scales.
Additional Iran will launch the "halal" network (the closed national "internet") within weeks.
USA:
The Cyber Intelligence Sharing and Protection Act of 2011 (discussed in the Congress) will allow companies or the government free rein to bypass existing laws in order to monitor communications, filter content, or potentially even shut down access to online services "cybersecurity purposes". The bill defines cybersecurity purpose to include theft or misappropriation of private or government information, intellectual property, or personally identifiable information.
The government could proclaim that WikiLeaks constitutes a cybersecurity threat and have new, broad powers to filter and block communication with the journalistic website. Read more at EFF.org.
Students of the Martin-Andersen-Nexö high school have analyzed which data traces the browsers Google Chrome Portable and JonDoFox Portable leave behind on a hard drive while being used on a USB flash disk.
Results:
- Google Chrome Portable leaves traces on the computer.
- JonDoFox Portable has not left traces on the computer.
The students were supervised by Stefan Köpsell, PhD (TU Dresden). We are glad to see the interest in privacy on the Internet of these students.
Download of the presentation (pdf, 10 pages, German)
What if your government was considering a policy that would force ISPs to provide unrestricted access to your data to law enforcement at any time, for any reason, and without a warrant? What would you do if your country's leaders were trying to rewire the Internet to support systems of constant digital surveillance? Canadians are facing these dangers in the form of Bill C-30, and Canadian Public Safety Minister Vic Toews (right) is bent on getting it passed despite strong opposition from the public.
The bill would allow authorities to demand access to subscriber information from both ISPs and telephone providers without needing to present a warrant - and would additionally require telecommunications providers to ensure that there was a back door entrance to allow all communications to be intercepted when desired.
ACCESS NOW is running a campaign against Bill C-30 
We will launch a new mix server software next time. At first the cascade "Dresden" will switch to the new mix version on next monday morning UTC. The other free mix cascades will follow a few days later and the premium services in the next but one week in case of no problems.
The new mix server software implements an improved protocol with integrity checks recommeded by scientific research at the University Trondheim (Norway). Old JonDo proxy clients below version 0.16.001 will not be able to connect to the mix cascades any more. If you were running an old version, please update your JonDo proxy client. The latest version you may find at the download page.
Some days ago the Iranian government has ramped up censorship in three ways: deep packet inspection (dpi) of SSL traffic, selective blocking of IP Address and TCP port combinations, and some keyword filtering. The blocks on SSL are not complete and not nationwide. It seems, only the central AS12880 is blocking SSL encrypted traffic.
May be, the shutdown is related to the 33rd anniversary of the Islamic Revolution, which is being celebrated by the government but has spurred protests in years past. In this case it may be possible the new censorship will be nullified in a few days (?)
We got some user reports from Iran about the results of the new censorship. SSL encrypted traffic and HTTPS to GMail, Yahoo! and other services with SSL/TLS encrypted login is imposible. For anonymisation services the situation is unequal.
- JonDonym is not shortened by the new censorship limits. The connection wizard of JonDo is able to detect this kind of blocking and circumvent automatically. Our anti-censorship forwarders are working well, if connections to mix cascades and infoservices were blocked by IP addresses. Time by time the connections slow down.
- Tor is not able to break the limits at the moment. The Tor metrics project shows a significant decrease of connections from Iran (direct connections and bridged connections):
In a short time Torproject.org will release new bridges with obfuscated encryption to circumvent SSL blocking.
- VPNs with SSL encryption (like Ultrasurf and others) are blocked too. Allmost all VPN providers does not have any idea how to circumvent this kind of blocking.
Please, support our work by using JonDonym premium services. The earnings are important for further development and for the people in censorship countries.
Update: (2012-02-15) It seems, the new censorship was nullified after 2-3 days. Tor is working well in Iran.
The FBI and the Department of Justice produced and distributed a set of 25 flyers to promote suspicious terrorist activity reporting. The flyers are not released publicly. The collection was compiled by the project Public Intelligence from a number of sources. It covers the information flyers for Airport Service Providers, Financial Institutions, Hotels/Motels, Internet Cafes, Shopping Malls .... Tattoo Shops.
Many of the suspicious activities described in the flyers are basic practices of any individual concerned with security or privacy online. The use of PGP, anonymisation services or any of the many other technologies for anonymity and privacy online are directly targeted by the flyer.
"Potential Indicators of Terrorist Activities" may be:
- use of anonymisation services (like JonDonym, Tor or VPN)
- use of encryption technique (like PGP, OTR or ZPHONE)
- use of anonymous payment methodes
MAXA Key Exchanger offers an easy way to exchange a secure key over unsecure connections like email or instant messaging. It uses Diffie-Hellman key exchange that allows two parties that do not know each other to jointly establish a shared, secret key for symmetric encryption. More information in the whitepaper (PDF).
Download: MAXA Key Exchanger (for WINDOWS Vista and newer)
MAXA Research Int'l Inc. is a cooperation partner of JonDos GmbH.
