This may sound like a very stupid question, but with Tor I've seen URLs where they have whateverxx9191.onion, i'm guessing the first part is randomised, how hard is it for them to get the first part of their name?
Is there a program or script that just keeps generating until the minimum hit (redbook* would be acceptable etc) is made?
FYI I just checked and Shallot is entirely CPU based, so for brute forcing there is no point in using it at all - Scallion (open cl) will always be much, much, much faster.
If you run Windows, you've already handed over root access to Microsoft. Given that, if you're not interested in encrypted volumes that work across OS's, what reason would you have to not use Bitlocker?
Is there some sort of inside joke that I'm not aware of re: BitLocker?
By default, it does key escrow. It's pretty trivial to disable that. Other than that, I've yet to hear any substantive reason why I wouldn't use BitLocker.
Full-disk encryption is primarily used to protect offline volumes. If no one can boot your disk, it doesn't matter if Microsoft can upload its entire contents to the NSA once Windows is started. The concern is that a flaw in BitLocker's FDE would make it vulnerable to attacks while the volume is offline.
FDE doesn't really protect online volumes. Yes, the disk is still encrypted, but the OS transparently decrypts any requested sector, so other security measures are necessary to protect mounted volumes.
It's a reference to TrueCrypt being shut down, they are pushing BitLocker. The reason you in theory shouldn't trust closed source encryption solutions is because you have no idea if they have a way to decrypt your data internally. If such a thing were leaked or discovered in the black hat community, your data is now compromised (in theory).
90% of the reason is, IMO, people are just gunshy about all things Microsoft.
Which is kind of funny, really- if you are already running Windows, I wouldn't think it would matter whether you use TrueCrypt or BitLocker. Windows is the proverbial janitor with keys to all the offices. It's a little too late to keep Microsoft out.
Renting a server in a reliable jurisdiction that doesn't care about prostitution would be a giant first step. Germany or the Netherlands comes to mind.
The rest really depends on how much tech fiddling you can expect from the audience. Obviously, just using a normal SSLed website has the lowest barrier. You would have the option of using Tor on the client side, but you could still access the thing with a normal smart phone if need be.
The next step up would be a site that is reachable only via Tor. This would (within reasonable limits) give users privacy of connection. However, if they exchange real phone numbers and other contact data - which they probably need to - this advantage becomes moot.
Encrypting private messages between two or more parties so the host can't read them would require users to keep and manage their own key rings. That's not a reasonable expectation. In any case, the most important content would probably have to be available to all users, such as client information for screening or a general community support message board.
I don't know if there already is something like this.
But if there is i expect it to be fairly immature. The technology you need to build onion routing (what TOR does) are Peer-to-Peer connections. I think this would be doable using WebRTC data channels for which browser support is still lacking though [0].
I think with browser fully supporting P2P-WebRTC data channels it should be possibly to basically implement TOR as a website.
Notice though, I am by no means an expert on this topic, these are just my two cents. Also there will probably be a lot of problems in the implementation (node only active as long as website is open, which you could match with when the website was requested from the server etc.)
As I said I'm not an expert, so I guess the only thing I'm fairly certain about is that it will not be possible without Web-RTC.
Yes! The basic philosophy is called "unhosted"[1], and there are several libraries that are made to help build unhosted apps. For example, I made a library called byoFS[2] that let's users connect Dropbox as an encrypted data store. It has several proof of concept apps like an encrypted diary[3] and end-to-end encrypted chat[4].
I fail to see how this advice applies specifically to sex workers. What I see is a (good) guide on how to protect your privacy and keep your personal data from prying eyes in the general case. You will be at risk of seizure, surveillance or examination if you're doing less serious and more passive stuff than a sex worker has to do.
EFF could maybe come up with some advice that will narrowly target sex workers in this case. They mentioned MyRedBook was used to screen clients and keep from predators, so perhaps some advice on how to do that now the site's down will be valuable?
I mean that in the sense that a prostitute needs to consent,
and be able to consent, to have sex with a client, otherwise it's rape, not a business transaction.
Turns out, a large proportion, in some situations the majority, of prostitutes can't even consent. They are underage, drug addicts (often not through a conscious choice but through pimps forcing the addiction), regularly beaten and/or they often are illegal immigrants (less legal protection).
That is why I say people overestimate the "free will" involved in prostitutions. Especially in the lower end you will hardly find prostitutes with clear cut cases of "I do it for the money". In european countries often they could have a better life living on welfare.
And no, catching welfare payments is normally not more demeaning than getting essentially raped multiple times a day.
Let's assume you start with the premise that preventing surveillance if a good thing to do. In general, rational arguments won't get people to act. Drama might.
But this post does seems like a reasonable post if you try and imagine it through the eyes of someone who worked in myredbook.
> don't get into sex work.
That's not a good reason for them to be exposed to harm.
I feel the EFF has overstepped. At the end of the day, these people were committing crimes, an article dedicating to protecting their privacy, and impeding the law, is in bad precedent and has little to do with internet activism and more to do with prostitution laws.
Your comment makes the fallacious assumption that all sex workers are breaking the law. The law on prostitution is VASTLY different between countries and states.
This stance seems to imply that those who may have transgressed somehow should enjoy less rights.
I would suggest thats a sloppy slope.
Is not the ability to take measures that prevent self-incrimination a marker of freedom/liberty?
I'm not sure if this is downvote worthy. It's certainly not upvote worthy. "Stick to glory holes, hookers!" probably puts it into the negative range.
In many cases sex workers are breaking the law. So are various journalists, bloggers, twitter users, homosexuals in a variety of countries. EFF & Tor often aim to protect people from official persecution under the law in their countries. Illegal does not necessarily equate to immoral.
This article and the articles it follows on from are in fact partially about protecting prostitutes from legal action and from the indirect consequences of legal action.
EFF: The seizure is part of a disturbing trend of targeting sex workers
Bay Area Sex Worker Outreach Project: we also lost extensive online forums for a community of sex workers to keep each other safe, screen clients, and blacklist predators.
The bigger context of the article is what it means for anonymity, freedom of association and free speech if an allegation and subsequent warrant can lead to extensive records of everyone associated with a site being collected and filed.
Imagine a forum dedicated to recreational drug use (one of the first online discussion groups). Various people participate anonymously. Crimes (eg selling supplying drugs are committed. The site is frequented by drug users, advocates, maybe even rehabilitation professionals. A warrant results in full records of every participant being leaked.
If you can't see the damage done to the right to free speech and association by that, you are blind.
The comment boils down to 'Prostitution is illegal therefore protecting their anonymity is wrong.' It doesn't understand the bigger point about the meta issues. It's unintelligent. Flavored with 'glory holes, hehe' it deserves a down-vote.
The thing is that in the United States, the right to free association has never been taken to be a right to associate for the purpose of committing crimes.
The 'glory hole' thing in the original post was crude and pointless, I agree. But the EFF here is straight up providing a guide to a category of persons who are vocational criminals on how to do a better job of hiding their crimes from the police. (The primary purpose of the site the FBI seized wasn't discussion, it was solicitation -- the EFF never gets around to admitting that, that I've seen, which AT BEST means they're unintentionally misleading people in the course of their advocacy.)
I think a lot of people who supported the EFF in the past did so with the understanding that they were protecting a lot of speech freedoms and privacy rights. And yes, prostitutes and their clients do have speech and privacy rights. But they're also breaking laws that have nothing to do with speech or privacy, and the website was taken down in accordance with a reasonable police investigation into such matters. If you think prostitution should be legal, that's an entirely separate discussion, to my mind. But the EFF is moving into something that seems really close to straight-up providing advice for criminals in how to get away with crimes. And these aren't crimes against repressive regimes, or civil disobedience, or anything related to what I would've thought of as the EFF's mission. It makes me a lot less comfortable with the EFF being the leading spokesman for digital freedoms.
IMO, there are several ways of looking at this. One way to see it, which is possibly the position of the EFF and the sex worker support organizations they cite see this is as an unjust law which amounts to legal but immoral persecution of vulnerable people, prostitutes. Parallels could be a gay dating site in Jamaica or a political dissident forum in China.
From another perspective, it's one of those grey areas where you agree the activity should be illegal but prostitutes should be treated as victims or vulnerable persons.
Parallels to an information site for recreational drug users or a needle exchange. Harm reduction instead of law enforcement. Association is important here.
This represents a loss of a resource which provides them support and helps them bring down their risk of harm. More worringly, it's bullying. Creating a fear of that any associations will be persecuted.
From the perspective most natural to the EFF, the problem is exposing everyone because a few are suspected of criminal activity. Not all sex workers are criminals. But because some (allegedly) criminal activities happened on the site, everyone associated with it is compromised.
All together, this amounts to tactics fro preventing free association and speech. It's staring off by targeting a group that no few will openly defend, prostitutes.
I personally am sympathetic to all these views. I think prostitution (to the extent that it is consensual) should be legal. I think that if it is to be illegal harm reduction is much more important than enforcement. Arresting prostitutes is like jail-time for illiteracy.
The most scary thing out of all of this is the exposure of anyone and everyone that has visited or registered on these site. It starts with some marginal group where many/most are breaking the law, some are breaking the law on the site and everyone is marginalized by society. From there we gradually get to a situation where any online criminality leads to massive data seizure and exposure of anyone associated with the site.
Logged in to a body building site where some people sold steroids on IM, on a list. Commented on a blog discussing civil disobedience where some petrol bomber hung out, on a list.
