During their Freedom Hosting investigation and malware attack last year, the FBI unintentionally obtained the entire e-mail database of popular anonymous webmail service Tor Mail. And now, they've used it in an unrelated investigation to bust a Florida man accused of stealing credit card numbers. [more inside]
Pond provides end-to-end encrypted forward-secure asynchronous messaging that uses Tor to resist traffic analysis, i.e. metadata collection (threat model, technical, github). [more inside]
Today The New Yorker unveiled Strongbox, a service that allows sources to share information with TNY journalists securely and anonymously. As explained in this infographic, Strongbox relies on the Tor network, a dedicated server, PGP encryption, VPNs, and multiple laptops and thumb drives to prevent files from being intercepted or traced. The codebase, which is open source, was designed by the late Aaron Swartz (Previously). Kevin Poulsen, one of the organizers of the project, chronicles how Swartz developed the code and how the project managed to carry on after his death. TNY hopes that Strongbox will help the magazine continue its long tradition of investigative journalism.
TorChat is an instant messaging protocol based upon Tor hidden services, making it perhaps the only instant messaging protocol with any substantive resistance to traffic analysis. [more inside]
The Haystack application aims to use steganography to hide samizdat-type data within a larger stream of innocuous network traffic. Thus, civilians in Iran, for example, could more easily evade Iranian censors and provide the world with an unfiltered report on events within the country. Haystack earned its creator Austin Heap a great deal of positive coverage from the media during the 2009 Iranian election protests. The BBC described Heap as "on the front lines" of the protesters' "Twitter revolution", while The Guardian called him an Innovator of the Year. Despite the laudatory coverage, however, the media were never given a copy of the software to examine. Indeed, not much is known about the software or its inner workings. Specialists in network encryption security were not allowed to perform an independent evaluation of Haystack, despite its distribution to and use by a small number of Iranians, possibly at some risk. As interest in the project widens and criticisms of the media coverage and software continue to mount, Heap has currently asked users to cease using Haystack until a security review can be performed.