Flaws Could Expose Users of Privacy-Protecting Software: Researchers

Advertisement
By Reuters | Updated: 24 July 2014 22:09 IST
Flaws Could Expose Users of Privacy-Protecting Software: Researchers
Researchers have found a flaw that could expose the identities of people using a privacy-oriented operating system touted by Edward Snowden, just two days after widely used anonymity service Tor acknowledged a similar problem.

The most recent finding concerns a complex, heavily encrypted networking program called the Invisible Internet Project, or I2P. Used to send messages and run websites anonymously, I2P ships along with the specialized operating system "Tails," which former U.S. spy contractor Snowden used to communicate with journalists in secret.

Though a core purpose of I2P is to obscure the Internet Protocol addresses of its roughly 30,000 users, anyone who visits a booby-trapped website could have their true address revealed, making it likely that their name could be exposed as well, according to researchers at Exodus Intelligence.

"People shouldn't trust something wholeheartedly just because Snowden says," Exodus Vice President Aaron Portnoy told Reuters. "Generally, we assume the things we can find, others can find."

Tails launches from a DVD or USB stick and is designed to maintain privacy even when a computer or network has been hacked.

(Also see: Snowden Seeks to Develop Anti-Surveillance Technologies)

Much more than I2P, Tails relies on Tor, the better-known anonymity system that it uses for all software connections to the Internet. But leaks in the past year have shown that Tor is also a major target for the U.S. National Security Agency and others, and researchers at Carnegie Mellon University said they could have identified hundreds of thousands of Tor users.

Those researchers planned to detail their technique next month at the security conference Black Hat. After Tor developers complained to Carnegie Mellon, the university told Black Hat to cancel the talk.

Tor programmer Roger Dingledine conceded that the researchers had found a flaw, and he said his team was now working to fix it before any public disclosure exposes dissidents and other types of users on Tor to greater risk of attack.

The I2P flaw will likewise be fixed, in what a spokesman for the I2P project called the "near future." In the meantime, he said, users should disable the programming language JavaScript.

Tails did not respond to an email seeking comment. It was not clear how many Tails users would be vulnerable, since the I2P application does not launch automatically when the operating system is opened. The I2P spokesman said a user would have to have chosen to run I2P to be vulnerable.

Exodus is one of a dozen or more companies known to sell secret security flaws to intelligence agencies, law enforcement and other customers in a controversial marketplace.

No system is failsafe
But in this case, Exodus alerted I2P and Tails to the problem and said it would not divulge the details to customers until the problem has been fixed. Portnoy declined to say what the company would do if a government client asked him to find a similar flaw in the future.

The Tails and Tor episodes show that no anonymity system is failsafe, Portnoy said, and those in jeopardy should focus on compartmentalizing their efforts so that a single breach would not expose everything about them.

"Tor works for most purposes, but a determined adversary will always find a way," he said.

In one such high-stakes case, the FBI used a flaw in a Firefox Web browser that came bundled with Tor to identify a man suspected of hosting child pornography, according to Irish media reports.

Leaked NSA documents show that the NSA logged the IP addresses of many Tor users and may have scanned emails for users living outside of the United States and its four closest intelligence allies, German media reported this month.

© Thomson Reuters 2014

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Advertisement

Related Stories

Popular Mobile Brands
  1. Vivo X200 FE Global Launch Confirmed; Design Teased
  2. Poco F7 Launch Date, Price in India, Design and Key Features Leaked Online
  3. Vivo Y400 Pro 5G India Launch Date Confirmed; Design Revealed
  4. OnePlus Nord 5 Series, OnePlus Buds 4 to Launch in India on This Date
  5. Oppo Reno 14 5G Series, Watch X2 Mini, Enco Buds 3, Pad SE to Launch Globally
  6. Hisense U7Q Mini-LED TV Launched in India With These Features
  7. Oppo K13x 5G India Launch Date, Price Range and Key Features Revealed
  8. Realme Narzo 80 Lite 5G Launched in India With 6,000mAh Battery: See Price
  9. Tecno Pova 7 5G Series Confirmed to Launch in India Soon
  10. Vivo T4 Lite 5G to Launch in India Soon; Battery Capacity Revealed
  1. Meta and Oakley Announce New Smart Glasses Collaboration, Launch Set for June 20
  2. WhatsApp Announces Ads in Status, Channel Subscriptions, and More Features for Businesses
  3. Bitget Partners UNICEF Unit to Expand Blockchain Training Across India, Other Countries 
  4. WhatsApp Reportedly Working on Ability to Scan Documents on Android Smartphones
  5. ElevenLabs Expands Eleven V3 Text-to-Speech Model With Support for 41 New Languages
  6. Vivo T4 Lite 5G India Launch Confirmed; Battery Capacity, Price Range Teased
  7. TikTok Pushes Deeper Into AI-Generated Video Ads With New Tools
  8. Apple Risks Fresh EU Charge Sheet Over App Store Curbs
  9. The Witcher 4 Will Target 60 FPS on Consoles, but Series S Will Be 'Extremely Challenging' Says CD Projekt Red
  10. Oppo Reno 14 5G Series Global Launch Teased Alongside Watch X2 Mini, Enco Buds 3 and Pad SE
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.