On June 20th, police raided five locations across Germany, nicely coordinated at 6:00 in the morning: The private homes of all three board members, Jens, Juris and Moritz, our registered headquarters in Dresden (a lawyer’s office), and the home of a previous board member.
Please check the bottom of this page for links to various press reports about these raids detailing what happened. We will update that section regularly.
The brief summary is that a German left-wing blog “Krawalltouristen” (ruckus tourists) called for protest actions around the right-wing AfD party convening in Augsburg, Germany. Law enforcement argues that this includes calls for violence.
The German police were interested in finding the authors of said blog, and deemed it appropriate to not ask for information or go after the email provider the blog happened to be using, riseup.net, but after the German entity Zwiebelfreunde.
Zwiebelfreunde has a partnership with Riseup Labs, a US non-profit, and manages donations via European wire transfers for the Riseup collective. We spend the money in collaboration with the collective on software development, travel reimbursements, and for Riseup’s Tor infrastructure.
We will update this post as the story evolves. For more details, please see publications by other media.
First of all, here’s a list of things we have strong reason to believe are not affected, and can still be considered safe:
They seized most of our electronical storage equipment (disks, laptops, PCs, GnuPG Smartcards/Yubikeys), but it is safe to assume that they will not be able to break the encryption (or the smartcards). They also took our mobile phones, but even if they were to break into them, no login data or anything else affecting our infrastructure or communications is stored on those phones.
We nevertheless revoked our shared contact PGP key, and will replace more and more keys and passphrases over time. Our new key is 0x74A312092938F2F0, signed by our previous key.
Apart from encrypted media, they had the legal right to seize documents related to our Riseup bank account starting from January 2018. They also went and got those from our bank, the GLS Gemeinschaftsbank. However, we have to keep records and receipts of all expenditures for tax reasons. These documents were “safely” kept in a secure fire-proof safe.
Despite our protests, they additionally seized all printed documents relating to our own and partner projects since the inception of the association in 2011.
This includes highly sensitive personal data of donors, identities of activists that received reimbursements or payments, and a list of our members.
If you have ever donated to Torservers, or Tails or Riseup via a European bank transaction, your data is very likely now in the hands of the German police. (IBAN account number, name of account holder, amount and date)
We did everything in our power to avoid a data breach like this, and are now doing everything we can to fight it:
Our lawyers kindly asked for our equipment back. Most of the equipment does not belong to Zwiebelfreunde, and some of it is not even ours. They refused. We are now going to court over this.
The warrant lists specific items. This was not respected.
We argue that even the original warrants and seizures were clear overreach, and that this was used as an excuse to get access to member data and donor data. We have nothing to do with Riseup’s infrastructure. During the raids, the police forces clearly gave the impression that they knew we had nothing to do with either Riseup or the “ruckus tourist” blog. None of us had even heard of that blog before!
We are grateful for the quick and unbureaucratic financial support by Renewable Freedom Foundation, the logistical support of the Chaos Computer Club, and all the kind offers of help by various communities. Thank you!
If you’re not afraid to donate to accounts that are probably being monitored, you can still do so, at https://www.torservers.net/donate.html.
On April 12, Russia celebrated Yuriy Gagarin’s first flight in space. In the meanwhile, a young Russian scientist, mathematician and FOSS activist Dmitry Bogatov spends the Space Day in detention center. His involvement in decentralized web projects, his interest to privacy and anonymity, his activities as an administrator of tor exit node have brought him under suspicion of the FSB. Accused of “incitation to terrorism” because of some messages posted from his IP address, he will stay detained till June 8 at least, and risks up to 7 years in prison if the Investigation committee ‘proves’ his guilt.
Though, the very nature of Bogatov case is a controversial one, as it mixes technical and legal arguments, and makes necessary both strong legal and technical expertise involved. Indeed, as a Tor exit node operator, Dmitry does not have control and responsibility on the content and traffic that passes through his node: it would be the same as accusing someone who has a knife stolen from her house for the murder committed with this knife by a stranger. In the past other exit node operators in Russia had conversations with police. For example, Sergey Matveev aka Stargrave been witnessing several times on the cases related to the crimes commited under his IP adress (mostly, related to financial fraud and hacking). Though, as Sergey states himself, he “has never been accused, but was only a witness”, as his cases were not related to “extremism” On 2016-02-02 his devices were seized for 2 weeks for inspection but he has never been detained, after explaining to the police how Tor actually works.
Russia counts 230.000 Tor users everyday and only 46 exit nodes. Tor is extremely popular after a bunch of laws restricting usage of Internet and enforcing the lawful interception procedures (obliging ISPs to store all metadata for 3 years, and the traffic - even though encrypted - for 6 months). However, the Bogatov case has had an influence on the perception of Tor by ‘end users’. We’ve observed several group chats on Russian most popular IM app, telegram, dedicated to anti-Putin protests: these chats gather from +500 to +1500 users, and a lot of them use different privacy enhancing tools. The Bogatov case was discussed widely. These discussions have shown that users do not fully understand the difference between running a relay and an exit node, and also between relay operators and tor browser users. They perceive Tor as being vulnerable to deanonymization. Misunderstanding, lack of feedback from Tor community or ‘expert’ users underrepresented in these chat rooms leads the discussion to a very dangerous direction: “we do not care about hiding things, because the police will anyway find everything about us - even Tor is not secure”.
Tor activists have launched a flashmob - “Run a relay in solidarity with Bogatov”. By April 13, in only 1 day, 18 new relays have been set up in different countries, wearing names like freeBogatov and KActionLibre, referring to Bogatov’s handle famous in FOSS and GnuPG forums. Bogatov’s personal exit node that he had been running from his own house was also wearing the ‘kaction’ name. It is the first flashmob that uses relays as form of international solidarity and the nicknames of relays become a means to transmit a message: Bogatov is part of the community, he is a valuable, trusted person who has been contributing to various open source projects and is recognized as a professional. Tor community also works on technical proof/explanations to help users and Bogatov’s lawyers to understand that, by the very architecture of Tor network, Bogatov can not be responsible for the things he is accused of. He also has alibi: he was absent when the messages were published, and video recordings from surveillance cameras are in posession of Bogatov’s lawyer. Another proof of Bogatov’s innocence is the fact that the user continued posting incendiary messages after Bogatov has been arrested. Also, the style of writing, the language, orthography do not correspond to Bogatov’s style - this can be proven by psycholinguistic expertise. However, FSB does not want to stop the process - they investigate the version of “terrorism”, that would mean a very hard penalty for Dmitry, and also does not correspond to technical, legal, psychological, social situation. The judge also claimed to not trust Dmitry because of his ‘‘high skills in new technologies’’ that may potentially help him “erase traces of his crimes” - to prove this weird hypothesis, the Investigation Committee has withdrawn all the technical equipment from Dmitry’s apartment - from USB drives to laptops, smartphones and cameras…
If you can, run a relay or an exit node and give it a name that contains Bogatov or KAction (Bogatov’s handle). By running more relays we increase anonymity and also show solidarity and demonstrate the power of shared responsibility.
The IP addresses of the Tor relays (middle relays and exit nodes) are publicly available and can be freely used by the tor users. The fact that relays are a publicly available resource doesn’t minimize or threatens the anonymity of a tor user in fact it can be used as a proof that an IP address of a server was a Tor at a given time.
Currently running Tor relays are enumerated to Atlas, a web application to learn about currently running Tor relays. In a similarly way the ExoneraTor service maintains a database of IP addresses that have been part of the Tor network. It answers the question whether there was a Tor relay running on a given IP address on a given date. ExoneraTor may store more than one IP address per relay if relays use a different IP address for exiting to the Internet than for registering in the Tor network, and it stores whether a relay permitted transit of Tor traffic to the open Internet at that time. Exonerator is a web service that can check if an IP address was a relay at a given time.
A different type of relays; bridges are Tor relays that aren’t listed in the public Tor directory. That means that ISPs or governments trying to block access to the Tor network can’t simply block all bridges. Bridges are useful a) for Tor users in oppressive regimes, and b) for people who want an extra layer of security because they’re worried somebody will recognize that it’s a public Tor relay IP address they’re contacting.
Run a Tor relay or exit node in solidarity with Dmitry Bogatov!
Tor activists launch a call to run relays and exit nodes in solidarity with Dmitry Bogatov, a FOSS contributor, GnuPG and privacy advocate and math teacher arrested and detained in Russia. By now 26 relays have been set up in different countries.
Bogatov will stay in detention till June 8 at least. He risks up to 7 years in prison as he is accused of having published messages with incitations to terrorism. A user ‘Airat Bashirov’ was indeed posting a number of messages inciting to organize mass rallies and protests, using Bogatov’s home IP adress. However, as a Tor exit node operator, Bogatov can not have access or be responsible for the content that passes by: Tor’s technical architecture is in itself a proof of his innocence.
As an active FOSS contributor, he also has a support from the peer community and has a strong alibi - he was in the sport center and then in the supermarket at the moment when the messages were published. Moreover, after Bogatov’s arrest the same user continued posting incendiary messages.
If you can, run a tor relay or an exit node and give it a name that contains Bogatov or KAction (Bogatov’s handle). By running more relays we increase anonymity and also show solidarity and demonstrate the power of shared responsibility.
]]>At the moment all of these exit nodes are down and we advise you to not use them in case they come back. Below you’ll find a listing of all exits in question. We informed the Tor project, and at the time of writing all of these relays should already be blacklisted and not able to rejoin the network. We will not reuse the server hardware in case they become available again.
Amsterdam datacenter:
Miami datacenter:
The Tor Project will soon release further information about the takedown and probable explanations. EDIT 2014-11-09: Here’s the Tor blog article.
]]>Reporters Without Borders and Torservers.net have joined forces to create and maintain 250 additional relays for the Tor network.
“In doing this, our two organizations are thumbing our noses at the entire world’s censors,” said Grégoire Pouget, the head of the Reporters Without Borders New Media desk. “Whatever the technical means deployed to control information, there will always be circumvention methods that many organizations including ours will not hesitate to deploy.”
“Anonymity is important for the full expression and realization of civil liberties. On the Internet, safe and unmonitored communication can only be established through methods of trusted decentralized anonymizing services like the Tor network.”, added Moritz Bartl, the founder of torservers.net.
Tor is free software and an open network that helps to improve protection of privacy and the security of Internet communications. Using the Tor network ensures protection against a form of network surveillance known as “traffic analysis.” This type of surveillance can be used to discover who is communicating with who and, in some cases, even to identify who you are and where you are located.
Journalists use Tor to communicate in a safe and anonymous manner with sources, whistleblowers and dissidents. Tor can also be used to circumvent website blocking in many countries. Many Internet users in China, Iran, Pakistan and Turkey use Tor to access Facebook, YouTube and Twitter.
In some countries that want to monitor and control all Internet connections, public access points to the Tor network are blocked. In partnership with the Tor Project and torservers.net, Reporters Without Borders has therefore created and will maintain 250 new entry nodes to the Tor network. As these entry nodes will not be made public, authoritarian governments will not be able to block them.
To find an entry node if Tor is blocked in your country, you can contact the Tor Project at help@rt.torproject.org or Reporters Without Borders at wefightcensorship@rsf.org.
Reporters Without Borders will also make the details of these non-public bridges available within its network and during the seminars on circumventing censorship and protecting communications that it organizes throughout the world.
Torservers.net is an independent, global network of organizations that help to protect human rights to freedom of opinion and expression by running high bandwidth Tor relays.
Juris Vetra
Zwiebelfreude e.V.
c/o DID Dresdner Institut für Datenschutz
Palaisplatz 3
D-01097 Dresden
Germany
Fax: +49-(0)911-30 844 667 48
Phone: +49-(0)351-212 960 19
press@torservers.net
Torcollect is written in Python and uses paramiko to establish ssh-connections to it’s designated servers. It also uses the module pygal to display the recorded data graphically.
https://github.com/torservers/torcollect
Starting development i first developed a database scheme capable of storing all data we need and even add a few additional features, for example the ability to store, that certain organizations were given specific bridges, so we can create reports that only concern the bridges of those organizations. I continued with gathering some static data, like a complete list of countries and their abbreviations and a collection of flag images for all of them (thanks to koppi for assembling a great image library).
After completing the prerequisites i wrote some code to extract data from the bridge servers. The processing of the data is mostly done on the side of the bridge server to minimize the amount of transported data and thus increasing performance. Doing so, I struggled a little with the permissions that Tor enforces on it’s server files. I had to do a workaround, that involves copying the relevant file to a location which the torcollect user has access to. This has to happen everyday via a cronjob. I find this solution to be sufficient but not very pretty as it complicates the process of introducing a new server to a torcollect system. Maybe someone from the Tor community has a better idea or I may come up with a better solution. The data is being extraced by appropriately using grep and find. Then I wrote the “collector”, which is a piece of code that enters the collected datasets into the according relations in the database.
After having the database collecting the data, I experimented with how to display the data. The first thing i implemented was an overall graph of the bridge usage. I implemented it in coffeescript, which generated a svg object in the DOM and puts it into the page. After I experimented around a bit, i discovered the pygal library, which produces very beautiful graphs with little effort, and changed the static HTML generator to use it. Further, I experimented with different efforts to display so called sparklines for each object that is represented in the daily reports (countries, bridges, pluggable transport protocols).
Sparklines are a bit tricky because the graphics that are generated sum up to huge amounts of data. This resulted in roughly 7 MiB per HTTP call even when using gzip compression, which obviously kills responsiveness of the site. I’d love to have this feature included, because they allow detecting sudden changes in only one glance.
The latest feature I added was creating monthly reports from the collected data. Those monthly reports can be created for either the whole system or only the bridges of a single organization.
My further efforts will be:
All in all this will be a very informal meeting. If you have any questions about Tor in general, this is a good place to come by.
Afterwards, the official members meeting of German Zwiebelfreunde e.V. will be held in the same room.
https://events.ccc.de/congress/2013/wiki/Session:Tor_Relay_Operators_Meetup
Starts at: 2013/12/27 03:00:00 PM
Ends at: 2013/12/27 05:00:00 PM
Duration: 120 minutes
Location: Hall 13
Dresden, December 13th, 2013 — Torservers.net has been awarded $250,000 over two years by the Digital Defenders Partnership to strengthen and improve the Tor network, the anonymity system crucial to journalists and human rights defenders using the Internet.
Tor is free software and an open network that helps internet users to defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security. It is used by hundreds of thousands of daily users worldwide to secure their online communication, avoid tracking, and circumvent censorship.
Tor protects users by bouncing communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location.
Torservers.net provides high bandwidth infrastructure for the Tor network since 2010. We have grown to 10 volunteer-run organizations in 8 countries. Torservers.net distributes donations and grants across independent organizations of IT security professionals, and helps build a sustainable network by teaching others how to run stable Tor infrastructure.
The Digital Defenders Partnership was established in 2012 to provide rapid response to threats to internet freedom. The Partnership aims at keeping the internet open and free from emerging threats, specifically in internet repressive and transitional environments. It also wants to increase and better coordinate emergency support for the internet’s critical users, such as bloggers, cyber activists, journalists and human rights defenders, whenever and wherever they are under threat.
Thanks to the newly awarded grant of $250,000 over two years, participating Torservers organizations will be able to sustain at least 3 Gbit/s of exit traffic, and 2000 fast and up to date bridges. Tor bridges are required in many countries with state-level censorship. 3 Gbit/s are 949 terabytes, almost a petabyte of user data, every single month, per direction.
To strengthen the Tor network and prevent attackers, it is crucial to spread operation across as many groups as possible. Thanks to the Digital Defenders, Torservers.net can now extend its work and help less technical organizations with the setup and maintenance of Tor services. The Institute for War & Peace Reporting (IWPR) is the first civil society organization to join the Torservers program with its Cyber Arabs group. This collaboration allows Cyber Arabs to give stable and working Tor access to activists and journalists in the Arab world. If you are part of an organization interested in supporting Tor, please contact Torservers.net. They have various options available, and are happy to teach tech staff and journalists.
“Since we started Torservers.net a few years ago, Tor finally became fast enough to be used for all Internet communications” comments Moritz Bartl, co-founder of Torservers.net. “New people also join the Tor network every day. With the help of the Digital Defenders, we have the chance to make the network bigger, safer and more resilient to the benefit of everyone with the desires to protect their online activities from surveillance.”
Juris Vetra
Zwiebelfreude e.V.
c/o DID Dresdner Institut für Datenschutz
Palaisplatz 3
D-01097 Dresden
Germany
Fax: +49-(0)911-30 844 667 48
Phone: +49-(0)351-212 960 19
press@torservers.net
For quite some time, people kept recommending the TrekStor CS USB stick , one of the few sticks available in Germany with write-protection switch. Turns out they use a new firmware, and now don’t support booting from it in read-only mode. The company confirmed this via email.
There are roughly no alternatives, and I figured I’m not the only one looking for USB sticks with write protection switch. Via alibaba.com, a “wholesale Chinese ebay”, I contacted various Chinese suppliers, and ended up ordering two samples. Even there, the selection of sticks with write protection is very limited.
I ended up paying paying 60€ for the 2 samples because of shipping and Western Union fees.
The sticks are not very fast, but acceptable, and boot in read-only mode. They are not as slim as I hoped for, but the supplier is friendly, production and shipping was very fast. (less than 2 weeks altogether).
Logo printing is cheap ($0.15 per stick), so to try the quality I also had them print a logo on the samples.
I am still undecided whether I want the final sticks to have a logo, or simply be blank to not attract too much attention. If you have a nice idea for a logo, let me know. I want to order 100 sticks in time for Chaos Communication Congress 30C3. The production cost is $4 per stick (8GB), the final price (taxes, GEMA, shipping) will likely be around $15.
Pictures: http://share.pho.to/48Egt
[55679.884123] usb 2-1.2: new high-speed USB device number 5 using ehci_hcd
[55680.051089] usb 2-1.2: New USB device found, idVendor=058f,
idProduct=6387
[55680.051092] usb 2-1.2: New USB device strings: Mfr=1, Product=2,
SerialNumber=3
[55680.051094] usb 2-1.2: Product: Mass Storage
[55680.051095] usb 2-1.2: Manufacturer: Generic
[55680.051096] usb 2-1.2: SerialNumber: B6BA8F3F
[55680.051459] scsi9 : usb-storage 2-1.2:1.0
[55681.051827] scsi 9:0:0:0: Direct-Access Generic Flash Disk
8.07 PQ: 0 ANSI: 4
[55681.053860] sd 9:0:0:0: Attached scsi generic sg1 type 0
[55681.055544] sd 9:0:0:0: [sdb] 15937536 512-byte logical blocks: (8.16
GB/7.59 GiB)
[55681.056665] sd 9:0:0:0: [sdb] Write Protect is off
[55681.056676] sd 9:0:0:0: [sdb] Mode Sense: 23 00 00 00
[55681.057742] sd 9:0:0:0: [sdb] Write cache: disabled, read cache:
enabled, doesn't support DPO or FUA
[55681.176618] sdb: sdb1
[55681.179808] sd 9:0:0:0: [sdb] Attached SCSI removable disk
/dev/sdb:
Timing buffered disk reads: 54 MB in 3.07 seconds = 17.60 MB/sec
891+1 records in
891+1 records out
934471680 bytes (934 MB) copied, 170.058 s, 5.5 MB/s
Thus, I have to upgrade our Gbit/s servers from 8GB to (for now) 16GB RAM. While we’re at it, we will upgrade both NFOrce servers from 100TB to unmetered, dedicated Gbit/s. (price point: 725 Euro/month for 2x1Gbit/s servers)
I hope 16GB RAM will be enough.
]]>Tor hidden services provide anonymity for website owners, mail providers, chat systems and other Internet services. Hidden services are designed to be accessed using Tor Browser, which additionally provides anonymity for users of the service. Web gateways such as onion.to provide a convenient way to reach hidden services using a regular browser without having to install Tor. A side effect is that the broad world of hidden services are exposed to search engines and can thus be indexed and found. The trade-off is that users lose anonymity: Both the gateway and the hidden service can track users across visits, and determine the user’s IP address. That is why Zwiebelfreunde strongly encourages people to download Tor Browser instead.
“By exposing hidden services to the public, we hope to attract even more users and widen the spectrum of available services within the Tor network.”, says Zwiebelfreunde founder and president Moritz. “I can imagine privacy-friendly email services to be based fully on hidden services in the future, for example.”
The current gateway server is located in Iceland, and another one will be added in the near future.
An example hidden service can be found at https://duskgytldkxiuqc6.onion.to/
The German non-profit association Zwiebelfreunde e.V. serves as a platform for projects in the area of safe and anonymous communication. The organization facilitates and participates in educational events about technological advances in the area of privacy, and connects professionals to spread knowledge and experience on these fields.
“Zwiebelfreunde” is German for “Friends of the Onion”, as a reference to Onion Routing, the name of the concept behind Tor for anonymizing communication: Messages are passed through relays that each removes one layer of encryption, like peeling the skin of an onion. Contact
Moritz Bartl Zwiebelfreunde e.V. c/o DID Dresdner Institut für Datenschutz Palaisplatz 3 D-01097 Dresden Germany
press@torservers.net Tel.: +49-(0)351 / 212 960 18 Fax.: +49-(0)911 / 308 4466 748 https://www.torservers.net/ https://www.twitter.com/torservers/
]]>