Q and A with An East African Human Rights Activist

by ailanthus | April 5, 2016


Can you tell us about your work?



I'm from East Africa. My background is in political science and I focus on the idea that consent in political systems helps build stability. I've been thinking about how to help communities circumvent or push back against information controls. When whistleblowers talk about corruption, there should be safe avenues of sharing that information without threatening their lives or their families.

How did you learn about Tor?

I didn't know that a web site could be blocked--I thought it was a problem with my computer--but then I saw in the comments section of a subreddit on Africa--it's mostly political--that some people could access a political web site. You want to know how they do it--you don't want to ask right there on reddit--so you research "access" "blocked" "website" as the key words.

This took me to Wikipedia and the article about circumvention tools. Then I learned about the routing through different servers to hide the source of a request.

I downloaded and installed Tor and it is slow--I thought it was a problem with my connection. But it worked! I could access websites that I could not access otherwise. Ethsat was blocked--a political and alternative media site that critiques the Ethiopian government and publishes info that is critical of government corruption.

[Ethsat is now blocked by CloudFlare and the site prohibits Firefox, which also means that it prohibits Tor. To circumvent this: Using the Tor browser, go to StartPage.com. Search for http://ethsat.com/, and click on the “proxy” link next to the search result. The disadvantage of this approach is that StartPage can see that a Tor IP address is visiting the website--but they won't know it's you. If you were to write your name on that website, you would de-anonymize yourself both to the website--and to StartPage. Thanks to Samdney for sharing this hack!
]

What was your reaction to CloudFlare CAPTCHAs when you first saw them?

You think the government is interfering or someone is playing around with it. You can't keep doing CAPTCHAs and they aren't working--you think something is broken here.

Doing one CAPTCHA is enough to identify if I'm human or not. [With repeated CAPTCHAs] I will run away from Tor. I won't use it. If CloudFlare really cares for security, then they should let people use Tor. Treat Tor like any other browser traffic.

What is your advice to other people in your country?

Use Tor -- For hundreds of thousands of people, it's the only way to access critical news.

Advice to other people like yourself?

You cannot purport to be fighting for society if you yourself are not secure. If you are not secure, you cannot secure others. The cobbler has no shoes. You are only as secure as your weakest browser. I most definitely would recommend Tor to frontline human rights defenders and journalists.

Any final thoughts?

Some people take it for granted that you can access any web site on the open Internet, but an Internet in which some web sites are blocked is not complete.

Other people are not as privileged--and Tor is giving them a fighting chance.

Comments

Please note that the comment area below has been archived.

April 05, 2016

Permalink

Why do you say ethsat is blocked by Cloudflare? I just went there with Tor Browser solved one CAPTCHA and was in.

April 06, 2016

Permalink

Don't use cloudfare and tell everyone to boycott it as well as companies that use their services. That is always the best way to deal with rogue companies. Loss of income will always change commercial enterprises and teach them they are not the rulers of the internet.

April 06, 2016

Permalink

Now more than ever, the world needs human rights activists, civil liberties activists, privacy activists, privacy/encryption developers, cybersecurity researchers, and political dissidents!

Thanks to all these people all over the world for your courage and good work.

Activism, like charity, begins at home--- and your efforts on behalf of your fellow citizens will ultimately help people everywhere.

And thanks to Ailanthus for highlighting the critical role played by Tor (and WhatsApp and other applications) in protecting whistleblowers and human rights activists.

Last year comments in this blog highlighted that fact that the Kenyan government tried to hire the notorious Italian cyberespionage-as-a-service company Hacking Team:

http://allafrica.com/stories/201507201584.html
Kenyan Government Asked Hacking Team to Attack Dissident Website
Daniel Finnan
20 Jlu 2015

> Kenya's government negotiated to buy sophisticated spy software from Italian surveillance company Hacking Team, according to leaked emails published by WikiLeaks. Messages obtained through an attack against Hacking Team reveal that a representative of the government requested an attack against a website critical of the Kenyan government as a "proof of concept".
>
> "There is a website we would wish you urgently bring down, either by defacement or by making it completely inaccessible," said an email from a Kenyan representative sent to Hacking Team on 6 May 2015. It referred to the Kahawa Tungu website, which focuses on alleged corruption within the Kenyan government.
> ...
> "We've always suspected that there is some snooping around certain websites and around certain emails," Grace Githaiga, an associate of the Kenya ICT Action Network, told RFI. "Finally we're getting information publicly that the government has been making such requests to bring certain websites down."

Defacing an opposition blogger's website was a little too much for some HT employees, who urged the CEO to refuse the job. But HT was perfectly willing to work for the government of Ethiopia in targeting their own dissidents:

https://www.hrw.org/news/2015/08/13/ethiopia-hacking-team-lax-evidence-…
Ethiopia: Hacking Team Lax on Evidence of Abuse
Leaked Documents Show Need to Regulate Surveillance Sales
13 Aug 2015

> (New York, August 13, 2015) – The Italian spyware firm Hacking Team took no effective action to investigate or stop reported abuses of its technology by the Ethiopian government against dissidents, Human Rights Watch said today. A comprehensive review of internal company emails leaked in July 2015 reveals that the company continued to train Ethiopian intelligence agents to hack into computers and negotiated additional contracts despite multiple reports that its services were being used to repress government critics and other independent voices.

And Nigeria:

http://www.nigeriacommunicationsweek.com.ng/news/dickson-bayelsa-govern…
Dickson, Bayelsa Governor Pays N100m to Italians to Hack Phones in Nigeria
10 Jul 2015

> Bayelsa state government paid close to one hundred million naira to Hacking Team, an Italian firm, to hack computers and phones in Nigeria, according to Premium Times... new information emerging from the firm’s leaked internal data reported that Hacking Team is notorious for equipping governments with tools to hack citizens’ computers and phones, was itself hacked Sunday night and 415 gigabyte of internal data leaked to the public.
>
> Researchers have been pouring through the leaked documents since it was first leaked Sunday night, throwing up many shocking details of the firm’s secret dealings with Bayelsa state and other repressive governments, including Sudan, Russia, and Bahrain. Documents seen by Premium Times show that the Bayelsa government, a small state in Nigeria’s oil rich Niger Delta, paid Hacking Team N98 million to carry out internet attacks, in what appears to be the most ambitious hacking project by a Nigerian state government.
>
> The contract was signed in late 2013, Hacking Team’s internal documents, leaked after the Sunday night hack attack on the company, show.

And a whole host of other governments around the world:

https://www.theguardian.com/technology/2015/jul/11/hacking-team-hack-st…
Hacking Team hack casts spotlight on murky world of state surveillance
Alex Hern
11 Jul 2015

> In contrast to many of the private companies performing outsourced aggressive surveillance work for the world’s spy agencies, Hacking Team doesn’t try to hide behind a generic corporate identity. Gamma International, Academi and QintetiQ could be companies doing anything, but Hacking Team – well, it doesn’t take a genius to guess what line of work they are in. It sells its Remote Control System (RCS) software to law enforcement and national security agencies around the world, letting them hack into targets’ computers and mobile devices, install backdoors, and monitor them with ease. The company’s promotional material advertises its abilities: “Hack into your targets with the most advanced infection vectors available. Enter his wireless network and tackle tactical operations with ad-hoc equipment designed to operate while on the move … Remote Control System: the hacking suite for governmental interception. Right at your fingertips.”
> ...
> Back up for a minute to 2013. Reporters Without Borders (RSF) published an extensive report into “digital mercenaries” such as Hacking Team, who provide the technical expertise which underpins Snowden-era electronic surveillance. In it, the group named five “corporate enemies of the internet”: Hacking Team, Britain’s Gamma Group, Germany’s Trovicor, France’s Amesys, and America’s Blue Coat Systems. All of them, it said, “sell products that are liable to be used by governments to violate human rights and freedom of information”.

The HT leaks also showed that on behalf of someone tied to the Czech government, HT had targeted the Riseup mailserver:

https://wikileaks.org/hackingteam/emails/emailid/629790

This shows that a HT client using an address tied to the Czech police posted a request to an HT forum for an IE exploit (malware) (which, following the playbook recommended by Riseup to its clients, he could attach to a phishing email he planned to send to an unnamed Riseup user). And on 21 Nov 2014, an HT help desk employee forwarded the request to the HT malware developers:

> Ticket ID: MOO-684-39569
> URL: https://support.hackingteam.com/staff/index.php?/Tickets/Ticket/View/36…
> Name: Richard Hiller
> Email address: uzc.v3.data@pcr.cz
> Creator: User
> Department: Exploit requests
> Staff (Owner): -- Unassigned --
> Type: Issue
> Status: Open
> Priority: Normal
> Template group: Default
> Created: 21 November 2014 11:21 AM
> Updated: 21 November 2014 11:21 AM

> Please craete exploit Internet explorer
> Url: https://mail.riseup.net/rc/
>Thank you
> Rene
> Staff CP: https://support.hackingteam.com/staff

The HT developers then responded with a brief reply containing this ominous attachment:

> Attached Files
> # Filename Size
> 286575 agent_89f2e58782f7.exe 383.7KiB

Riseup plays a crucial role in Tails development (the Tails Project uses Tor, and is a Tor Project partner), but also provides anonymized forums to people fighting corruption and drug cartels in Mexico and other locales, to anti-austerity activists in Spain, to disability rights activists and environmentalists worldwide, and many other important and sometimes highly dangerous activities.

Indeed, reporting on cartel violence along the US-Mexico border is so dangerous neither US nor Mexican mainstream news outlets are willing to report on cartel shootouts. Far from helping citizens trying to expose the level of violence, time after time, corrupt US and Mexican "counter-narcotics" agents leak the names of citizen reporters to the very cartels which they know will respond by torturing and murdering anyone who threatens their illegal profits. Dozens of prominent bloggers have been murdered this way. By the numbers, their work is far more dangerous than the occupation of US police officer, or even US soldiers deployed in war zones.

A highly relevant irony: the HT data trove was obtained (and published, as a public service) by hacktivists:

http://www.engadget.com/2015/07/09/how-spyware-peddler-hacking-team-was…
How spyware peddler Hacking Team was publicly dismantled
Violet Blue
9 Jul 2015

> Early Monday morning, around 400GB of stolen internal company files belonging to Italian surveillance and intrusion software firm Hacking Team were distributed online through its freshly hacked Twitter account (changed to "Hacked Team").
>
> They were hacked by a hacker, or hackers. It was hackenfreude.
>
> And because Hacking Team -- a Reporters Without Borders "enemy of the internet" -- was so universally reviled by infosec professionals for their dealings with despotic governments (among other things), it became a group effort. Hackers around the world dug into the illicit files and all but completely dismantled Hacking Team's business, and reputation.

It is also notable that thanks to Wikileaks, anyone can search for their own country or suspect politician here (and I encourage everyone to do just that!):

wikileaks.org/hackingteam/emails/

But thanks to the USG's unceasing war on whistleblowers everywhere, even liberating information which needs to be free can result in lethal retaliation. Aaron Swartz wanted to free scientists from the stranglehold of publishers like Elsevier which hide the fruits of publically funded research behind outrageously overpriced "academic journal" paywalls. His actions resulted in his death at the hands of an cruelly overcharged prosecution by a politically ambitious DA. And now another activist has taken up the cause, and is also being targeted for government prosecution, although it remains to be seen whether the government of Kazakhstan will prove quite so lethal in targeting open access activists as the USG:

http://arstechnica.com/tech-policy/2016/04/a-spiritual-successor-to-aar…
A spiritual successor to Aaron Swartz is angering publishers all over again
Meet accused hacker and copyright infringer Alexandra Elbakyan.
David Kravets
3 Apr 2016

> ...
> Stop us if you’ve heard this before: a young academic with coding savvy has become frustrated with the incarceration of information. Some of the world's best research continues to be trapped behind subscriptions and paywalls. This academic turns activist, and this activist then plots and executes the plan. It's time to free information from its chains—to give it to the masses free of charge. Along the way, this research Robin Hood is accused of being an illicit, criminal hacker.
>
> This, of course, describes the tale of the late Aaron Swartz. His situation captured the Internet’s collective attention as the data crusader attacked research paywalls. Swartz was notoriously charged as a hacker for trying to free millions of articles from popular academic hub JSTOR. At age 26, he tragically committed suicide just ahead of his federal trial in 2013.
>
> But suddenly in 2016, the tale has new life. The Washington Post decries it as academic research's Napster moment, and it all stems from a 27-year-old bioengineer turned Web programmer from Kazakhstan (who's living in Russia). Just as Swartz did, this hacker is freeing tens of millions of research articles from paywalls, metaphorically hoisting a middle finger to the academic publishing industry, which, by the way, has again reacted with labels like "hacker" and "criminal."

The HT trove was one of the largest leaks in the public interest, but it has been eclipsed in size (and maybe in significance) by "The Panama Papers". The revelations in this rapidly developing story have already led to the resignation of the Prime Minister of Iceland and the FIFA "Ethics Officer" (now there is a contradiction in terms!), and has exposed some of the shady financial dealings of the political elite in dozens if not hundreds of countries all over the globe:

http://www.theguardian.com/news/2016/apr/06/panama-papers-reveal-offsho…
Panama Papers reveal offshore secrets of China’s red nobility
Disclosures show how havens such as British Virgin Islands hide links between big business and relatives of top politicians
Juliette Garside and David Pegg
6 Apr 2016

http://www.theguardian.com/news/2016/apr/04/panama-papers-ukraine-petro…
Ukraine’s leader set up secret offshore firm as battle raged with Russia
Petro Poroshenko registered company when his troops were being wiped out in eastern Ukraine, Panama Papers show
Luke Harding
4 Apr 2016

http://www.theguardian.com/news/2016/apr/06/mossack-fonseca-oil-firms-p…
Mossack Fonseca worked with oil firms owned by Iranian state despite sanctions
Documents show law firm at centre of Panama Papers leak carried on doing business with companies after learning of their real owners
Juliette Garside, David Pegg, Holly Watt and Helena Bengtsson
6 Apr 2016

http://www.theguardian.com/news/2016/apr/06/mugabe-zimbabwe-john-breden…
Alleged Mugabe cronies kept offshore firms years after UN alert raised
After sanctions were imposed, it took four years for all companies linked to John Bredenkamp to be shut down, Panama Papers show
Juliette Garside, David Pegg and Holly Watt
6 Apr 2016

https://www.truthdig.com/report/item/al-assad_familys_massive_stolen_we…
Panama Papers Revelation of Assad Family’s Stolen Wealth Helps Explain the Syrian Revolution
Juan Cole
6 Apr 2016

https://www.truthdig.com/report/item/the_panama_papers_and_middle_east_…
The Panama Papers and Middle East Leaders’ Secret Bank Accounts
Juan Cole
4 Apr 2016

> Initial reporting on the trove identified among the major political figures from the Middle East to possess such accounts were Alaa Mubarak (son of the deposed dictator), Ayad Allawi (former interim Iraqi prime minister under American occupation), Pakistani PM Nawaz Sharif, and Saudi King Salman.

Could any serious person even attempt to deny that this story has been published in the public interest? That these revelations may potentially benefit the citizens of dozens of countries?

But the USG is likely, at least in the short term, to focus on the fact that, according to the cofounder of the unsavory law firm at the center of "The Panama papers" scandal, this story has also resulted from hacktivism:

http://www.reuters.com
Panama law firm says data hack was external, files complaint
Elida Moreno and Enrique Pretel
5 Apr 2016

> The Panamanian lawyer at the center of a data leak scandal that has embarrassed a clutch of world leaders said on Tuesday his firm was a victim of a hack from outside the company, and has filed a complaint with state prosecutors... "We rule out an inside job. This is not a leak. This is a hack," Fonseca, 63, said at the company's headquarters in Panama City's business district. "We have a theory and we are following it," he added, without elaborating.

FBI is likely to heed Fonseca's warcry and focus on investigating the alleged cyberintrusion rather than the financial misdeeds of the political elites of "allies" such as Saudi Arabia in the so-called GWOT, exploiting the role of encrypted applications in organizing the year long investigation by more than 400 journalists at 100 news organizations around the world to further its agenda of endangering all the worlds journalists, dissidents, and activists by mandating secret weakening of the cryptographically protected tools we use every day (including Tor):

http://www.wired.com/2016/04/reporters-pulled-off-panama-papers-biggest…
How Reporters Pulled Off the Panama Papers, the Biggest Leak in Whistleblower History
Andy Greenberg
4 Apr 2016

> ...
> Obermayer tells WIRED he communicated with his source over a series of encrypted channels that they frequently changed, each time deleting all history from their prior exchange. He alludes to crypto apps like Signal and Threema, as well as PGP-encrypted email but declines to say specifically which methods they used. Each time the reporter and source re-established a connection, they would use a known question and answer to reauthenticate each other. “I’d say ‘is it sunny?’ You’d say ‘the moon is raining’ or whatever nonsense, and then both of us can verify it’s still the other person on the device,” Obermayer says.
> ...
> Obermayer declined to explain how their leaker sent Suddeutsche Zeitung hundreds of gigabytes or even terabytes of information at a time. That’s far too much to send over email, of course, though that quantity of data could easily be sent anonymously in the form of shipped encrypted hard drives. “I learned a lot about making the safe transfer of big files,” Obermayer says elliptically.
>
> The ICIJ’s developers then built a two-factor-authentication-protected search engine for the leaked documents, the URL for which they shared via encrypted email with scores of news outlets including the BBC, The Guardian, Fusion, and dozens of foreign-language media outlets. The site even featured a real-time chat system, so that reporters could exchange tips and find translation for documents in languages they couldn’t read. “If you wanted to look into the Brazilian documents, you could find a Brazilian reporter,” says Ryle. “You could see who was awake and working and communicate openly. We encouraged everyone to tell everyone what they were doing.” The different media outlets eventually held their own in-person meetings, too, in Washington, Munich, London, Johannesburg and Lillehammer, Ryle says.
> ...
> Weeks before contacting the subjects of the investigation, including Mossack Fonseca, Obermayer took one final precaution: he destroyed the phone and the hard drive of the laptop he’d used for his conversations with the source. “This may have seemed a little overachieving,” he notes, “But better safe than sorry.”

(One has visions of desperate FBI agents poking through every garbage dump in Germany, looking for pieces of iPhone. A noisesome job indeed.)

We concerned citizens who are poring over the Panama Papers hope that revelations of abuses by political elites will lead to positive change, by way of the kind of bloodless revolution which US Presidential candidate Bernie Sanders has been calling for.

US President John F. Kennedy once said something to this effect: those who would prohibit peaceful revolutions will guarantee violent revolutions.

Tor, WhatsApp and other tools are enabling peaceful revolutions.

USG agencies like FBI which are targeting Tor, WhatsApp and similar technologies will, if they succeed, prevent peaceful revolutions--- and thus to guarantee violent ones.

That is not unintentional, since it is "evidence" of violent revolutions which provide FBI with its raison d'être.

And whenever factual evidence is not available, FBI is perfectly willing to make stuff up. They call that a "sting operation"; see The Intercept for many excellent articles exposing this particularly contemptible FBI activity, which overwhelmingly targets vulnerable highly suggestible people with low IQ. To cite just one example:

https://theintercept.com/2016/03/30/fbi-honeypot-ensnares-michigan-man/
FBI Honeypot Ensnares Michigan Man
Trevor Aaronson
30 Mar 2016

> KHALIL ABU RAYYAN was a lonely young man in Detroit, eager to find a wife. Jannah Bride claimed she was a 19-year-old Sunni Muslim whose husband was killed in an airstrike in Syria. The two struck up a romantic connection through online communications.

Since its inception during WWI as the Bureau of Investigation, FBI has primarily functioned as an agency which targets domestic political dissent, including social justice reformers such as the Rev. Martin Luther King. (Suspicions remain about just far FBI was willing to go in targeting King--- and FBI undercover agent was actually standing on the balcony with King when he was assassinated. And FBI cannot deny the irrefutable documentary evidence that FBI Director-for-Life J. Edgar Hoover authored a poison pen letter urging King to commit suicide, which was accompanied by a selection of illegal FBI audiotapes of his bedroom.)

FBI's unceasing PR war on end-to-end encryption not only directly threatens the lives of the courageous volunteers performing the most dangerous acts on Earth but ultimately will, if the agency succeeds, guarantee violent revolution at home.

Very smart, Director Comey, very smart.

April 06, 2016

Permalink

What's with Google-search?

Without javascript -you know why(-:- you get neverending captchas.

April 07, 2016

Permalink

Ethsat is now blocked by CloudFlare and the site prohibits Firefox

I am viewing the site directly with Tor Browser. I don't see any issues.

April 07, 2016

Permalink

A landmark white paper from Amnesty International seems relevant to the discussion:

https://www.amnestyusa.org/research/reports/encryption-a-matter-of-huma…
Encryption: A Matter of Human Rights
21 Mar 2016

> Government attacks on the encryption of online communication threaten human rights around the world, warned Amnesty International in a briefing published today as tech giant Apple challenges the US Federal Bureau of Investigation (FBI) in court over an order to provide software to bypass iPhone encryption.
>
> The briefing, Encryption: A Matter of Human Rights, which is Amnesty International’s first official stance on encryption and human rights, says that people everywhere should be able to encrypt their communications and personal data as an essential protection of their rights to privacy and free speech.
> ...
> “Encryption is a basic prerequisite for privacy and free speech in the digital age. Banning encryption is like banning envelopes and curtains. It takes away a basic tool for keeping your private life private,” said Sherif Elsayed-Ali, Amnesty International’s Deputy Director for Global Issues.
>
> “Governments trying to undermine encryption should think twice before they open this Pandora’s Box. Weakening privacy online could have disastrous consequences for free societies, particularly for the human rights activists and journalists who hold our leaders to account.”
>
> The briefing warns against attempts to make companies create a “backdoor” in encryption software. It says these measures violate international human rights law, because they indiscriminately undermine the security of the communications and private data of anyone using the software.
> ...
> Such “backdoors” not only threaten online privacy, but can also have a chilling effect on the exercise of free expression and expose online communications and individuals' data to security threats such as criminals stealing credit card data.
> ...
> “Opening a “backdoor” in security for governments risks opening the door to both cyber criminals who want to hack your phone and governments around the world who want to spy on and repress critics.”
> ....
> With online censorship and surveillance a growing threat to human rights, undermining encryption could threaten the ability of people around the world to freely communicate and use the internet, such as human rights activists who challenge the authorities, journalists who uncover corruption, and lawyers holding powerful governments to account, Amnesty International said.
> ...
> Several countries already limit who can encrypt their communication or the strength of encryption allowed, such as Cuba, Pakistan and India. Others, such as Russia, Morocco, Kazakhstan, Pakistan and Colombia, sometimes go as far as banning it altogether.

April 08, 2016

Permalink

That's very good to hear some users' voices from parts of the
world where using tor is not only required to access the internet
but also needed to protect yourself from invasive surveillance.
Thanks for sharing this story.

April 10, 2016

Permalink

In a huge development which will no doubt be celebrated by human rights activists all over the world, the export license of the Italian malware-as-a-service company Hacking Team has just been yanked by the Italian government! This has been a specific goal of human rights organizations like Citizen Lab, HRW and Amnesty International for years, so this is a huge success.

http://www.theregister.co.uk/2016/04/07/hacking_teams_export_authorisat…
Hacking Team's export authorisation hacked by Italian government
The ministry giveth, and the ministry taketh away
Richard Chirgwin
7 Apr 2016

> The Italian government has revoked the blanket export license that allowed Hacking Team to ship its surveillance tools around the world. According to Italian outlet Il Fatto Quotidiano (here in Italian), the license decision applies to the company's Galileo spyware, formerly okayed for export to 46 countries.
> ...
> Il Fatto Quotidiano couldn't get the Ministry of of Economic Progress to explain the reason for pulling the company's blanket license, beyond saying it's no longer in the public interest. Countries on the list [of countries to which Hacking Team can no longer export malware services] were Australia, Azerbaijan, Bangladesh, Bahrain, Bolivia, Brazil, Canada, Switzerland, Chile, Colombia, Cyprus, Dominican Republic, Ecuador, Egypt, Etiopia, Guatemala, Honduras, Indonesia, Israel, India, Iraqi Kurdistan, Jordan, Japan, South Korea, Kuwait, Kazakhstan, Lebanon, Morocco, Mongolia, Mexico, Malaysia, Nigeria, Oman, Peru, the Philippines, Paraguay, Qatar, Saudi Arabia, Singapore, South Africa, Thailand, Turkey, United Arab Emirates, the United States of America, Uzbekistan, and Vietnam.

Note that USA appears next to UAE, Uzbekistan, and Vietnam. So FBI Director Comey is certainly keeping some bad company these days.

> Last year's Hacking Team hack revealed the company wanted to work with Boeing to put Galileo on unmanned aerial vehicles to inject spyware into public Wi-Fi networks.

Boeing's subsidiary Insitu makes the Scan Eagle drone, which has been much used by the US Navy for drone strikes in Africa. Ominously, these drones, which have a distinctive swept wing design, have been spotted flying near the research campuses of companies like Microsoft and Google. (Along with known FBI spyplanes; see Buzzfeed.)

Another Boeing subsidiary makes the DPI boxes used by NSA for its "upstream" dragnet surveillance programs. These are strategically located in the "internet chokepoints", the IX (Internet Exchange) facilities where ISP's hand off data to each other). They are described in James Bamford's third book on NSA.

> [Hacking Team's export] license [now revoked] was only granted in 2015 with an original expiry date of 2018. Galileo can still be sold within the European Union without special license, but other sales will require permission on a country-by-country basis.

It seems notable that it was enabled by the leak last year of a huge trove of internal documents (searchable at wikileaks.org), following a cyberintrusion by unknown actors into HT's rather poorly secured dragnet-surveillance-in-the-cloud network and mail server.

The Italian government stopped just short of saying it recognizes that the hack was in the public interest, but the implication seems perfectly clear.

April 11, 2016

Permalink

See a pattern here?

https://www.thestranger.com
The University of Washington Is Taking the CIA to Court
Seeking Justice for Survivors of a Massacre in El Salvador, the Center for Human Rights Is Suing the Agency Over Withholding Public Records
Ansel Herz
7 Oct 2015

> On October 5, the University of Washington filed a landmark lawsuit against the CIA, alleging the agency has been improperly withholding information it possesses about the massacre.
>
> The center filed Freedom of Information Act (FOIA) requests in 2013 seeking information about Perez, who trained at the Inter-American Defense College in Washington, DC, and is reported to have commanded the military detachment involved in the attacks. Newspapers quoted him as saying he had launched a "cleansing" operation in the area. He told Reuters: "I truly believe that the population cannot be neutral. No one can be neutral."

https://thestranger.com
Two Weeks After It Sued the CIA, Data Is Stolen from the University of Washington's Center for Human Rights
Ansel Herz
21 Oct 2015

> Earlier this month, I wrote about a landmark lawsuit filed by the University of Washington's Center for Human Rights (UWCHR) against the Central Intelligence Agency seeking information about possible war crimes committed in El Salvador during that country's civil war. Over the weekend, someone broke into the office of Angelina Godoy, the center's director.
>
> "Her desktop computer was stolen, as well as a hard drive containing about 90 percent of the information relating to our research in El Salvador," the center said in a statement today.
>
> UWCHR continued:
>
> While we have backups of this information, what worries us most is not what we have lost but what someone else may have gained: the files include sensitive details of personal testimonies and pending investigations. This could, of course, be an act of common crime. But we are concerned because it is also possible this was an act of retaliation for our work. There are a few elements that make this an unusual incident. First, there was no sign of forcible entry; the office was searched but its contents were treated carefully and the door was locked upon exit, characteristics which do not fit the pattern of opportunistic campus theft. Prof. Godoy’s office was the only one targeted, although it is located midway down a hallway of offices, all containing computers. The hard drive has no real resale value, so there seems no reason to take it unless the intention was to extract information. Lastly, the timing of this incident—in the wake of the recent publicity around our freedom of information lawsuit against the CIA regarding information on a suspected perpetrator of grave human rights violations in El Salvador—invites doubt as to potential motives.

https://www.thestranger.com
Four Seattleites Want Answers From Twitter About "State-Sponsored Actors" Targeting Their Accounts
Ansel Herz
27 Jan 2016

> Four locals who are engaged in activism around the issues of transparency, privacy, and surveillance received strange notices from Twitter last month. The notices said:

> As a precaution, we are alerting you that your Twitter account is one of a small group of accounts that may have been targeted by state-sponsored actors. We believe that these actors (possibly associated with a government) may have been trying to obtain information such as email addresses, IP addresses, and/or phone numbers.

> The four are Jan Bultmann, who runs the Seattle Privacy Coalition Twitter account, Phil Mocek, Lee Colleton, and David Robinson. All have been quoted in The Stranger before; the Seattle Privacy Coalition—of which they are all members—was instrumental in the city's creation of a Privacy Initiative; Mocek and Colleton have also had their photos in the Seattle Times.
>
> They're among an estimated 50 Twitter users around the world who received the notices, and earlier this month, they joined 21 others in unveiling a website called "Twitter State Sponsored Attack" with a long list of questions they want Twitter to ask, including: When did this targeting of their accounts take place? How was the targeting detected? Who did this? Is Twitter’s silence the result of a gag order? Has Twitter received warrants, subpoenas, or National Security Letters [from the U.S. government] in connection with the attacks?

https://www.thestranger.com
Police Go on Fishing Expedition, Search the Home of Seattle Privacy Activists Who Maintain Tor Network
Ansel Herz
30 Mar 2016

> Seattle police descended on the Queen Anne condo of two outspoken privacy activists with a search warrant early this morning, leaving them shaken and upset. Jan Bultmann and David Robinson, a married couple and co-founders of the Seattle Privacy Coalition, said they were awakened at 6:15 a.m. by a team of six detectives from the SPD knocking on the door. Bultmann said were made to sit outside as the officers, who had a search warrant, examined their equipment. They claimed to be looking for child pornography. The SPD acknowledged this morning that no child porn was found, no assets were seized, and no arrests were made.
> ...
> The Seattle Privacy Coalition recently worked with [Mayor Ed Murray of Seattle] to develop the city's new privacy initiative. Asked to comment on the irony of helping the city with the privacy initiative, only to have his privacy violated this morning, Robinson said, "It's not ironic. It's worrisome. I was petrified."
> ...
> In an e-mailed statement, the SPD says it "served a warrant at the home while investigating information received from the National Center for Missing and Exploiting Children" involving the possible distribution of child pornography. A judge signed the warrant. And: "The department greatly appreciates the ongoing work and advocacy of members of the Seattle Privacy Coalition."

https://www.thestranger.com/
Judge Who Authorized Police Search of Seattle Privacy Activists Wasn't Told They Operate Tor Network
Ansel Herz
8 Apr 2016

> One week after Seattle police searched the home of two well-known privacy activists for child porn and found nothing, critics are questioning why the department failed to include a key piece of information in its application for a warrant—the fact that the activists operated a Tor node out of their apartment, in order to help internet users all over the world surf the web anonymously.
>
> "You knew about the Tor node," said Eric Rachner, a cybersecurity counsultant and co-founder of Seattle's Center for Open Policing, addressing the police department on Twitter, "but didn't mention it in warrant application. Y'all pulled a fast one on the judge... you knew the uploader could have been literally anyone in the world."
>
> At 6 a.m. on March 30, Seattle police showed up at the Queen Anne apartment of Jan Bultmann and David Robinson with a search warrant to look for child porn, based on a tip that traced an illicit video to their IP address. Six officers arrived with two vans and spent over an hour doing forensic searches on the computers in the home. One officer stood in the bedroom and watched as Robinson got dressed.
>
> They didn't find anything. Bultmann and Robinson, both board members of the Seattle Privacy Coalition, were released after being detained in a van, but they were left shaken and upset.
> ...
> the department said its detectives didn't know about the Tor node when they filed the warrant application on March 28. If true, this means detectives took notice of the Tor node after the judge approved the warrant, then carried out the exhaustive early-morning search two days later anyway.
>
> Robinson questions whether police deliberately delayed checking the IP address against the public list of Tor nodes in order to avoid sharing exculpatory information with the judge. He believes a sound investigation would have checked the IP address as soon as the tip came in. "Why spoil a perfectly good warrant with facts?" he asked.

April 14, 2016

Permalink

Want to make sure Tor Project people know about this:

https://tor.stackexchange.com/questions/10148/tor-and-orbot-not-working…
Tor and Orbot not working in Ethiopia

> The only ISP in Ethiopia (government owned) has been trying so hard to silence and disconnect bloggers, journalists and activists from the world ever since the current dictatorship came to power. Around May 2012 they blocked Tor and made the use of VoIP services like Skype regulated (in some cases illegal). Because of the monopoly, telephone costs are expensive and millions of us have been relying on VoIP services to communicate with and do businesses. Unfortunately as of April 2016 they completely blocked VoIP services and apps like Skype, Viber, Facebook, Whatsapp Messenger and many more because of the decreased revenue. Now I am not a blogger an activist or a political person. I am a good citizen who wants to work and contribute to my society. I am working on a big research and been communicating with scientists abroad and here via Skype and Whatsapp. The government's current actions have created immense pressure on our jobs. The only way of communication has become email and phone calls which is not enough. So me and my friends tried Tor via Bridges and Orbot on our phones. Most bridges are not working and the only bridge that worked on Orbot got blocked the next day. Dear people of the free world please let us know what we can do to connect to the world and do our jobs. Thanks a lot

If only more scientists realized as clearly as you do that all the world's intelligence agencies want your data! (Not just your own government, but any government which sees itself as a regional or global power.) "Western" climate scientists have mostly woken up to this, but most US/EU academics continue to dismiss the dangers, despite a mountain of evidence of deliberate attacks targeting scientists (at conferences, at their workplace, and in their homes) by GCHQ (UK government), NSA (US government), and a host of surveillance-as-a-service companies such as Gamma International.

Remarkably one of the worst of these loathsome companies, Hacking Team SRL, a notorious Italian company, just had its export license revoked by the Italian government, after hacktivists leaked a huge cache of emails from their survers, which proved that Hacking Team's customers include the government of Ethiopia and many other countries. Anti-censorship and human rights campaigners, privacy rights advocates, and civil libertarians have been working hard for years to shut companies like this down, so this event is a major victory for The People.

About bridges not working: I too have found that most bridge IPs I get at bridges.torproject.org (the only way I can since I use Tor exclusively) do not work, even right after I obtain them. It's possible this is owing to some undiagnosed misconfiguration of my SOHO router, over which I have little control since it does not use open source software. (Before someone sends me to OpenWRT: I want a wired-only router to slightly reduced insecurity, I hope, and I have never been able to flash OpenWRT on any device despite years of effort.)

I hope someone can help you figure out how to make Tor work for your project.

April 15, 2016

Permalink

Just wanted to say a big hello, high five, deep respect to our friend 'East African Human Rights Activist'
Thank you for sharing your self and your story
Thanks for your inspiration, clarity and reminding us of the importance of Tor

To all the Tor staff - I'm in absolute awe of you. Big gratitude. I just think you're amazing and the way in which you are supporting humanity and what is important
There is a discipline underlying your sentiments, perspectives and application which is also impressive
Right down to the little things like the way you respond to aggro comments in this comment section - poise and restraint characterise your replies

Thank you!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Any donation drives planned? Are you happy with the results of the one around Christmas? Anything you can improve on?

April 22, 2016

Permalink

CAPTCHAs is making the Tor useless > it doesn't work proper and appears before a routine website even loads > Security for What ??? > I'm viewing a website, make sure I'm human > this is total BS > since when do you need to prove you are human to view a webpage ?????? Nonsense something is very wrong and going on with this ! > And also whats with all this Goggle crap on your Browser ??? if I want Goggle in my business I would use the Goggle browser > Goggle is spying on what I do regardless of whether they know my IPaddress, and every time I do a search Goggle pops up even though I have Goggle deleted as a search provider > I have to switch to Duck Duck every time I do a search > what's with all this Goggle BS > this is not right and out of line with what Tor is Suppose to be ??? Whats going on ? Spying every way you look at it >>>>> Tor appears to be untrustworthy and in bed with Google >>>>> LCSR = Logic Common Sense & Reason > I coined this phrase > JC

> [Tor] doesn't work proper and [CAPTCHA] appears before a routine website even loads

That's how CloudFlare's anti-DOS system is designed to work. CloudFlare has no affiliation with Tor Project and indeed TP tries to persuade major websites to configure their CloudFlare installation not to autoblock Tor.

> CAPTCHAs is making the Tor useless

With a bit of patience I find I can still use Tor, which is not only useful but one of the *most* useful and reliable elements of my daily life.

> what's with all this Goggle BS... this is not right and out of line with what Tor is Suppose to be ??? Whats going on ? Spying every way you look at it ... Tor appears to be untrustworthy and in bed with Google

I too am concerned that as Tor Project seeks to diversify its funding sources, it may jump from the frying pan of USG sponsorship into the kettle of Google/Comcast/Amazon sponsorship. However, it is not necessary to reject *all* government or corporate funding, only to try to ensure that no one block of governments and no one corporate "trust" provides more than a certain percentage of TP's funding.

Funding diversity if a very difficult problem and it will take time to solve, but I applaud Shari for beginning the process. Ultimately I feel TP must become a user-supported organization like EFF (another invaluable group, where she was formerly an executive).

April 24, 2016

Permalink

Is duno where to ask this question. I downloaded tor for my android. (4.4.2) And if I want to go on this website it said " One more step ..... Security check" But when I want to tick the pictures in the box it just refuse to tick the box. What am I doing wrong?