петак, 04. октобар 2013.

The FBI busted Silk Road, but not the 'dark web' behind it

Silk Road, the underground website where dealers sold illegal drugs, was supposed to be safe. The site was nestled deep in the dark web, accessible only through the anonymizing network Tor. All transactions were done in the anonymizing virtual currency Bitcoin. Its owner-operator, Dread Pirate Roberts, was said to be a criminal mastermind and technical wunderkind who never left a trail. It was all very hackerish and clandestine. And yet, today the FBI shut down the site and arrested Dread Pirate Roberts. "This is supposed to be some invisible black market bazaar. We made it visible," an FBI spokesperson told Forbes after the bust. "No one is beyond the reach of the FBI. We will find you." This was all very alarming for the community of Silk Road users who believed that technology was keeping them safe. Actually, it was alarming for anyone who uses the Tor network for privacy — which includes journalists, activists, and even law enforcement. How could FBI take down a site protected by Tor, the gold standard for anonymity? How could the FBI take down a site protected by Tor, the gold standard for anonymity? Tor stands for The Onion Router, a reference to its layers of security. Tor has two main functions: one for users, one for website operators. First, Tor protects users who want to mask their activities on the web; connect to Tor, and your data will be bounced around, making random stops, until its true origin is nearly impossible to identify. "The idea is similar to using a twisty, hard-to-follow route in order to throw off somebody who is tailing you — and then periodically erasing your footprints," according to the nonprofit Tor Project, which leads development on the open source software. Users who bought and sold on the Silk Road were all signed into Tor at the time. The second use case for Tor is to protect websites by requiring that all traffic to the site be untraceable. These "hidden services" are only accessible through Tor, creating a second, secret internet that some call the "dark web." These sites are invisible to Google's spiders, and there is no search engine for the dark web. Users must be signed into Tor and must know the exact address of where they're going. In theory, assuming other precautions are taken with the actual software running the server, Tor should protect websites from revealing the location of their servers. The FBI managed to locate the server that was hosting Silk Road, however. So does this mean Tor failed? "Tor is not broken." While it is possible that the FBI discovered some vulnerability in Tor that was not disclosed in the criminal complaint, it seems much more likely that this was old-fashioned police work. Dread Pirate Roberts made a number of errors, according to the FBI, including connecting to the Silk Road server using only a Virtual Private Network and not Tor and using an email address that contained his real name in a way that could be traced back to Silk Road. The police even intercepted a Silk Road package containing nine pieces of fake identification with the photo of the man they eventually arrested. "Tor is not broken," Karen Reilly, development director at the Tor Project, said in an email. "According to the criminal complaint, the accused was found through mistakes in operational security. Tor can not protect you if you use your legal name on a public forum, use a VPN with logs that are subject to a subpoena, or use any other services that collect personal information that is freely given or collected in the background." In other words, it looks like this was a case of sloppiness. The FBI says in its complaint that it obtained an "image" of the Silk Road server, which is a technical term in computer forensics that refers to a bit-for-bit copy. That usually means the data was obtained from a service provider, Chester Wisniewski, a senior security advisor for network security firm Sophos, told The Verge. Even if the server was hosted outside the US, Silk Road was trafficking in drugs, guns, hacking software, child pornography, and even murder-for-hire. "That's the problem with Silk Road," Wisniewski says. "If you're dealing in stolen music and software, you can get away with that all day long. Once you start engaging in the variety of things that were going on at places like Silk Road, there's almost always a violation of the law. Any country at some point will comply with a lawful request for data." Having a copy of the server would have allowed the FBI to comb through private messages and turn up more ways to find Dread Pirate Roberts. The FBI has held back on releasing all the details of its investigative techniques, and some won't be revealed until a trial, if ever. The complaint refers to persons "known and unknown" who helped Dread Pirate Roberts, suggesting that maybe the FBI knew administrators or mods who could have been turned into informants. The FBI has held back on releasing all the details It's also possible that the data was obtained from the server through some kind of virus or malware injected by the FBI, which wouldn't be Tor's fault, either. The FBI has in the past used malware to compromise servers for hidden services, as it admitted two weeks ago in connection with the bust of a company that provided hosting for them. However, that doesn't seem to be what happened in this case. "Tor is still the single biggest leap forward in my lifetime for anonymity on the internet," says Steve Santorelli, a former Scotland Yard detective and spokesperson for Team CYMRU, a security research firm focused on the internet. "Literally, people's lives get saved because of Tor. But there are so many different ducks that need to be lined up for you to be completely bombproof. That's why people go to jail."

Google acquires Flutter to bring Kinect-like features to computers

Flutter, which builds gesture-recognition technology for desktop computers, has been acquired by Google. The year-old startup builds software allowing users to control their computers by making gestures in front of their webcams, initially describing itself as "Kinect for OS X." Its early efforts focused on letting users control music programs including iTunes, Rdio, and Spotify. Google released no statement on the acquisition, but the technology could one day find its way into the company's Chromebook line of laptops. In a post today on his company's site, Flutter CEO Naveet Dalal said joining Google would add "rocket fuel" to its research efforts. Terms of the acquisition were not disclosed. A graduate of the Y Combinator startup incubator, the company had raised $1.4 million from Andreessen Horowitz and others.

Target officially unveils Brightspot, a prepaid wireless program to compete with Straight Talk

Walmart is no longer the only big-box store with a cheap wireless plan for its customers. Target confirmed reports from earlier today that it will launch Brightspot, a direct competitor to Walmart's Straight Talk and other low-cost MVNOs, on October 6th. The prepaid wireless offering will use T-Mobile's network, with LTE support, for a monthly fee starting at $35. That plan includes unlimited voice and texting but no data; plans with data start at $50. As rumored, customers will get money back from Target for being Brightspot customers, in the form of a $25 gift card for every six months of paid service. Holders of a Target credit card get an additional 5 percent off.

Amazon reportedly has two phones in the works, one with a 3D user interface

We've been tracking rumors that Amazon has been working on a phone for some time now, but in the past few months they have been heating up a bit. Today, after an anonymous posting on Hacker News, TechCrunch says it has sources which corroborate a few surprising details on what's inside Amazon's Lab126 studios. Reportedly, the company is actually working on not just one, but two different phones. The first, currently code-named "Smith," apparently still involves 3D in some way, which the Wall Street Journal reported on last May. However, instead of a proper 3D screen, the Smith reportedly has four front-facing cameras that can track a user's head and then use it to position 3D effects within the interface. Apparently, the phone would be able to identify you so that only you would see the 3D perspectives, not others looking on. If the software ships with software that matches up to current rumors, users would be able to "peek" around interface elements and even see things beyond the edge of the screen. The phone also reportedly will be able to identify real world objects and match them to products in Amazon's store so you can purchase them. It all sounds like a wild (and not immediately useful) set of features, wild enough that it could be more of an in-house lab project than a product destined for actual sales. Either way, rumors suggest that it's not planned for release this year. The second phone presumably lines up with a more recent rumor — that Amazon would be offering it for free. It reportedly lacks all of the 3D features of the Smith and it also isn't likely to launch this year. The Hacker News posting includes unverified claims that Amazon has been struggling with staffing issues, but TechCrunch says that the company has been shifting engineers around to keep the projects moving forward. Whether either phone turns into a real product remains to be seen, but Amazon still has those new Kindle Fire tablets to sell and reportedly has a set-top box somewhere in the depths of Lab126 as well. Whatever happens, the company isn't giving up on the consumer electronics space anytime soon.

Bizarre shirts turn famous faces into Facebook-confusing camouflage

Facebook's ongoing efforts to use facial recognition software to identify its 1 billion users in the quarter-trillion photos shared on the social network is an ever divisive topic. Some Facebook users don't want to be automatically pointed out in a photo while others simply don't care. Simone C. Niquille, a design student in Amsterdam, is tackling this issue in her Sandberg Institute thesis called FaceValue, which includes a series of custom printed t-shirt covered in a creepy camouflage made up distorted faces of celebrity impersonators. The shirts, Niquille told Wired in an interview, aim to trick Facebook's facial recognition software into recognizing public figures that aren't really in the photos. However, the shirts won't stop Facebook from spotting your face — this is more about screwing with the world's largest social network than undoing its controversial tactics. With the shirt on, Facebook can still spot you Niquille's shirt set — which she calls Realface Glamouflage — includes an eerie Michael Jackson pattern, a disturbing Brittany Spears mashup, and an unsettling design depicting a smiling and waving President Obama. The student is selling the shirts online for 50 euros, or about $68, each. Nicquille explained to Wired that she decide on t-shirts as a way to fight against Facebook's facial recognition because she sees the clothing item as such a ubiquitous and mundane article. "I was interested in creating a tool for privacy protection that wouldn't require much time to think in the morning," she said. "An accessory that would seamlessly fit in your existing everyday. No adaption period needed."

Microsoft fires back at Yale professor who calls 'Bing It On' claims bogus

This week, a Yale law professor took aim at Microsoft's "Bing It On" campaign, which purports to show that users prefer the company's search engine to Google's in a majority of blind tests. Writing in Freakonomics, Ian Ayres writes that Bing's claims are misleading — and he set up a trial of his own to prove it. He worked with four Yale Law School students to run the blind test at BingItOn.com with 1,000 people recruited through Amazon's Mechanical Turk. And Ayres' results differed sharply from Microsoft's: "We found that, to the contrary of Microsoft's claim, 53 percent of subjects preferred Google and 41 percent Bing (6 percent of results were "ties"). This is not even close to the advertised claim that people prefer Bing 'nearly two-to-one.'" Ayres called Microsoft's Bing ads misleading and even suggested that Google could file a deceptive advertising lawsuit against the company. "We simply don't track the results." Today, Microsoft offered a rejoinder from Matt Wallaert, a behavioral psychologist at Bing. Wallaert argues that Ayres ignored key differences in the studies Microsoft used to generate its claims, and said the company would not release a complete data set from its trials because it doesn't track the data generated there for reasons of science and privacy. "It isn't conducted in a controlled environment, people are free to try and game it one way or another, and it has Bing branding all over it," Wallaert writes. "So we simply don't track their results, because the tracking itself would be incredibly unethical. And we aren't basing the claim on the results of a wildly uncontrolled website, because that would also be incredibly unethical (and entirely unscientific)." Wallaert sidesteps the question of why Google's results bested Bing's own in most cases on BingItOn.com. Notably, Bing performed best when it suggested queries to users taking the test. Ayres suggests that Bing is choosing queries that it knows generate better results on Bing; Wallaert says it took those queries from popular search terms in Google's 2012 Zeitgeist report. "it may be because we provide better results for current news topics than Google does," Wallaert writes. There's nothing definitive in Ayres' study to suggest that Microsoft is wildly overstating the claims from its "Bing It On" studies. At the same time, Wallaert can't quite shake the suggestion that the blind trial is a shoddy way of determining which search engine is superior in everyday use. A better way is to occasionally run queries on different sites and see which one performs better over time — something that most people concerned about the quality of their search results are likely already doing.

This video game photographer creates art out of virtual worlds

Critics might not agree whether video games are art, but it's hard to deny that they contain art within. That's what Duncan Harris, aka DeadEndThrills, seeks to capture with his virtual camera. He's been at it for a few years now, and the result is not to be missed: a collection of spectacular vistas and compelling portraits of people and places that never existed. You might have seen these games before, but never quite like this — perhaps because a user interface got in the way, or perhaps merely because you didn't stop long enough to smell the roses during your urgent video game mission. By applying photographic techniques to capture moments that would normally just fly by, you could argue that he's not merely discovering art, but also creating it at the same time. Here are a few samples of what to expect. Just click on them to see them in all their glory, or follow this link to view the entire DeadEndThrills collection to date.