Russia Is Offering a $100,000 Reward to Anyone Who Can Crack Tor
If you want privacy while you’re browsing the Web, Tor is a solid anonymity service to turn to. It’s a network that uses thousands of volunteer relays worldwide to bounce Internet traffic around until you can’t tell where it originated. Not surprisingly, there are a lot of groups (mainly governments) that would rather this system not work. The Russian government is even offering 3.9 million roubles—about $111,000—to the person or research group that can figure out who uses Tor.
The Daily Dot reports that the Russian Ministry of Internal Affairs issued an open call for Tor-cracking proposals that runs through August. In particular, the MIA wants people to “study the possibility of obtaining technical information about users and users' equipment on the Tor anonymous network.”
Tor seems like it's everywhere lately. Information from NSA documents obtained by Edward Snowden indicates that the NSA devotes significant resources to trying to crack Tor and de-anonymize its users, even though the U.S. Navy invented Tor and the federal government gives it financial support. And German journalists recently discovered that the NSA considers people who facilitate/use anonymizing services like Tor to be “extremists.”ProPublica realized that the NSA was using Tor's list of directory servers to take names. Merely searching for high-security services like the operating system Tails draws NSA scrutiny.
According to the service’s own data, Tor had a fairly steady number of users—a little less than 1 million per month—before Snowden’s whistleblowing began. Usage spiked dramatically in September 2013, reaching almost 6 million users at its peak. Since then use has fallen gradually to about 2.5 million monthly active users now.
You have to be a Russian citizen to submit an MIA proposal, so everyone else is out of luck. But if you're a privacy advocate, or just want to know that it is possible to achieve anonymity online, you probably should be using Tor instead of working against it anyway.
Finally, It Will Be Legal to Unlock Your Own Cellphone
Congress has approved a bill that will make it legal for Americans to unlock their cellphones so they can switch between wireless carriers.
The bill, authored by Sen. Patrick Leahy, reverses a 2012 ruling by the Library of Congress that made cellphone unlocking a violation of federal copyright laws. That meant that people were stuck with their existing carriers—like AT&T or Verizon—even after their contracts had expired.
Now, assuming Obama signs the bill, cellphone unlocking will once again be exempted from a highly controversial statute in the 1998 Digital Millennium Copyright Act called Section 1201. That section makes it illegal for consumers to circumvent technologies that control access to a copyrighted work. The Library of Congress first exempted cell phone unlocking from that statute in 2006, but then closed the exemption in 2012.
That outraged activists who saw it as a way for wireless carriers to grab power from consumers by limiting what they can do with their own cellphones. The grassroots protests coalesced around a 2013 WhiteHouse.gov petition written by Sina Khanifar, a 27-year-old San Francisco entrepreneur. Against the odds, the petition gathered more than 100,000 signatures and eventually drew a supportive response from the White House.
Even then, action from the FCC and/or Congress seemed unlikely. But activists pressed on, and in the end both the FCC and Congress addressed many of their concerns. Friday’s passage of the Senate bill came seven months after U.S. wireless carriers reached a voluntary agreement, under FCC pressure, to unlock customers’ cellphones for them on request once their contracts expired.
The new law doesn’t necessarily mean people can unlock their phones whenever the want, however. Many wireless contracts still prohibit the practice for as long as the contract remains in force (often two years), even when customers are traveling abroad. Still, advocates view Congress’ approval of the bill as a rare and much-needed blow for consumer rights in the digital age.
“It’s been a long road against powerful, entrenched interests,” Khanifar said, adding that the cellphone unlocking skirmish is part of a much bigger battle over digital copyright laws. “Hopefully this is beginning to highlight how ridiculous the 1201 process really is,” he said.
Update, July 25, 2014, 4:26 p.m.: President Obama confirmed to Bloomberg that he looks forward to signing the bill.
Previously in Slate:
What Sci-Fi Movies Get Right and Wrong About Time Travel
In movies, time travel methods are mostly explained along the lines of “something something plutonium something wormhole.” But physicists do have some idea of methods that might allow for actual time travel—though they might not necessarily prevent you from killing your own grandfather.
One trope in time travel science fiction is slightly plausible, if physically impossible—traveling faster than the speed of light. The crew of the U.S.S. Enterprise did this in Star Trek IV: The Voyage Home, by using the sun’s gravitational pull to accelerate their spaceship to super-light speed. If it were possible to travel faster than light (Einstein calculated it would take an infinite amount of power), it is theoretically possible for signals to be sent back in time; it’s questionable if the same method could work with people.
What about going forward in time by going really fast? Any round-trip travel of any length will send you a little bit further into the future than your chronological aging would imply, since time dilation occurs at any speed. (In fact, an astronaut on a six-month mission aboard the International Space Station will have aged 0.007 seconds less than everyone on Earth.) Of course, if you have a light-speed or faster-than-light ship, you can increase this difference: spend a few decades traveling, and you might arrive at your destination to find that centuries have passed since you left. In 2011, faster-than-light travel appeared closer to reality than ever; CERN scientists thought they’d found subatomic particles traveling faster than the speed of light. But the measurement was later found to be an error, possibly due to a faulty connection between a GPS unit and a computer.
Wormholes are another possible route for traveling backwards and forwards through time. In the 1960s, New Zealand mathematician Roy Kerr calculated under the right conditions, a spinning star can collapse not into a point, but into a ring. If something passed through this ring, it might travel through a tunnel in spacetime called an Einstein-Rosen bridge, or wormhole. The two ends of the wormhole might connect to different universes, or to different points in the same universe (separated by time as well as space). Scientists have yet to actually find evidence for wormholes, but they do square with Einstein’s theory of gravity. Caltech physicist Kip Thorne took the theory of wormholes to another level later, showing that if you can move the openings around, the entrances and exits can exist at different moments in time.
Frank Tipler, an astronomer, came up with another possible method of time travel that might work for actual space travelers, though building it is a bit of a tall order: First, you need a chunk of matter 10 times the mass of the sun. Then you roll it up into a cylinder and set it spinning to a few billion rotations per minute. Stuff that travels in a precise spiral around the cylinder could end up on a closed timelike curve, a weird twist of spacetime that sends you on a loop back to the time where you entered it. But constructing one of these Tipler cylinders is going to take some time, as it has to be of infinite length.
Assuming you make it back to the past, what happens if you kill an ancestor of yours? Do you cease to exist? Does you ceasing to exist then mean you don’t go back in time in the first place to kill your grandfather? Russian physicist Igor Novikov developed a theory called the Self-Consistency Principle, under which the odds of any action that you might take creating a time paradox are zero.
“There is no global division of events on closed timelike curves into future and past,” Novikov wrote in the book Black Hole Physics. “Not only the future is a result of evolution of the past, but the past is a result of the future also … all events on closed timelike curves influence each other around the closed timelike line in a self-adjusted way.”
So it’s impossible to change the past because you’ve already been there in the past, taking actions that resulted in your future-present. Not all physicists (or philosophers, given the implications of Novikov’s principle on free will) agree; some think that actions during time travel may create new timelines (as seen in Back to the Future II; for more on theories of alternate universes, check out the World Science Festival program “Multiverse: One Universe or Many?”). Whichever theory of timelines you subscribe to, it’s probably best to play it safe and not kill anyone.
Should Stealing in Video Games Be Punishable in the Real World?
Video games aren’t real, right? The whole point is to use them for doing things you don’t normally do. But immersive, multiplayer games have some really real aspects. You might pay actual money just to access a game, and then buy additional items or services within the virtual world (still with real money). And if you buy something that someone then steals as part of the game, is that real, punishable theft? No. Wait, yes? Maybe!
Mike Weatherley, a member of U.K. Parliament who is also Prime Minister David Cameron’s chief intellectual property adviser, told BuzzFeed, “The perception from some people is if you steal online it’s less of a crime than if you steal physically. ... If it genuinely is someone who’s paid in the game and they’ve had that stolen, that’s probably no different to something in the physical world.”
Weatherley is advocating increased enforcement for major thefts and large organized efforts. He says that he's not looking to target minor thefts that are in the spirit of competition. For example, in World of Warcraft, a game that has a monthly subscription fee as opposed to in-game purchasing, people sometimes steal others’ entire accounts in order to get their character. And characters can effectively be worth a lot of money if their original owner paid for months of the game to level the character up and equip it with rare gear.
Another example is EVE Online, in which players are encouraged to use real money to buy in-game currency that in turn can purchase important gaming objects. But EVE also encourages reckless and lawless behavior, resulting in frequent thefts and battles that cost hundreds of thousands of dollars in real-world money.
Weatherley isn’t the first to call for real law enforcement when people steal in games. For instance, in 2012 the Dutch Supreme Court convicted a gamer of theft for holding another character at knifepoint and stealing a shield and amulet in the game RuneScape.
Weatherly said, “If you’ve spent £500 on building up your armed forces and someone takes them away online, I guess you can feel hard done-by and you want your £500 back. People shouldn’t be doing it.” At the extremes, it makes sense to look at huge in-game thefts while letting tiny ones go—these are games, after all. But there's a whole gray area in the middle where it's hard to know what's illegal and what's all in good fun. Especially if a game has "war" baked right into the title.
Google Grants a Majority of “Right to Be Forgotten” Requests—or Maybe None of Them
Good news for Europeans who want to hide their sordid or embarrassing pasts from casual Googlers: The Wall Street Journal reported Thursday that the Google has granted slightly more than 50 percent of “right to be forgotten” requests since the European Court of Justice implemented the right last May. That means perhaps 100,000 links have been stripped from Google search results in Europe, an apparent triumph for those who favor privacy over free speech.
But “right to be forgotten” boosters shouldn’t declare victory quite yet. Because the law only applies to search engines within the European Union, anyone interested in seeing uncensored search results can simply switch over to the America-based Google.com, or use a virtual private network. European privacy regulators are obviously displeased with this state of affairs and have toyed with enforcing the “right to be forgotten” worldwide—including in the United States. If they succeed, Americans could soon be seeing a censorship notification in our Google searches because an old man in Germany wants to hide his Nazi past.
Could Europe really censor the search results that Americans receive from an American-based server? Probably not, but no one’s really sure. Other countries assert the right to restrict what Americans see and do on the Internet pretty frequently: Just this summer, Canada’s tried to twice, first attempting to filter American Google searches, then attempting to restrict spam sent from America to Canada.
These attempts are legally toothless, unenforceable, and doomed to fail. But one precedent is worrisome. In 2000, a French court asserted jurisdiction over Yahoo, an American company, forcing it to censor search results for Nazi memorabilia on French websites. Because French citizens could, in theory, purchase the items, the French court decided it had the legal authority to censor Yahoo’s results—even though its server were located in the United States. Yahoo tried to appeal the ruling in America, but the 9th Circuit refused to hear the case, holding that it had no jurisdiction over the French plaintiffs.
Thanks to that judicial bungling, we still don’t know the precise limits of other countries’ control over Americans’ Internet access. But given that the United States already shields its citizens against the censorship attempts of foreign nations, our judiciary is unlikely to smile on a European efforts to filter American searches. (That’s especially true where those efforts raise serious First Amendment concerns.) After all, if Europe has the power to censor what Americans see in the Web, so could China, or Russia, or any other countries whose policies we probably don’t want inflicted upon our Google searches.
European privacy regulators could, of course, pressure Google in other ways, like fining the company for refusing to scrub “right to be forgotten” requests from Google.com searches. But given Google’s overall commitment to free speech and freedom of information—as well as its deep pockets—the company seems unlikely to cave without a court order. That means that, for the foreseeable future, Americans and Europeans alike can still use Google.com to dig up whatever dirt, profound or petty, they so desire.
Can My Kids Read My Emails? Over My Dead Body.
My mother keeps a painted green box in her closet with girlhood drawings, adolescent diaries, and college letters from my father. She certainly isn’t the sentimental type—it’s just that there are pieces of our lives that we are wont to preserve.
In the digital age, however, fewer and fewer of our intimate records go easily into a box in a closet. Over the course of our lives we will produce a massive amount of online content, capable of outliving us many times over. Much of this content—in email, on Facebook—is password protected, accessible (we hope!) only to us. But what about the pieces we want to share once we’re gone? How should we manage our digital accounts after death?
The Hill reports that Congress is currently being lobbied by a group of estate attorneys to update the 1986 Electronic Communications Privacy Act to allow for additional considerations after the death or incapacitation of a digital accountholder. The ECPA currently prohibits tech companies from releasing private communications without the user’s lawful consent. However, the attorneys in question hope that this right of consent would be passed to the person carrying out the user’s will. A model state bill, currently being considered in Delaware, also aims to grant the persons responsible for a deceased’s estate access to their online lives. It’s not just sentimentality at stake here. Many “digital assets”—a famous writer’s first draft of a novel, for example—come with big dollar signs attached.
Tech providers, wary of the ECPA and of passing along information they shouldn’t, already have in-house approaches to saving or sharing private data posthumously. Facebook can either delete or “memorialize” a user’s account upon request from their estate holders. (The latter permits friends to view old photos and posts.) On rare occasions, Facebook has permitted families full access. Google’s “inactive account manager” allows users to pass on selected data to trusted contacts. While account access is off the table, Twitter will deactivate an account upon request by an authorized party, as will Yahoo. If you want your next of kin to be able to access your accounts, your best bet is with a provider like PasswordBox or SecureSafe, which delivers important documents and passwords to your designees after your death.
However, what if we don’t want to pass along access to every message we have ever sent? Every photo we have ever taken? Granting full access after death, privacy considerations aside, seems like overkill. I have no interest in leaving my children Amazon receipts, and even less so a record of my frankly concerning number of online Chipotle orders. I want to leave them a capsule of the things that mattered.
In my mind, the perfect post-death digital asset storage system is smaller than password inheritance, but larger than file upload. I imagine something integrated across all platforms that can serve as a space to store snapshots from across an entire digital life. What I want is an all-purpose archiving button that would quickly file away the few emails, blog posts, Facebook exchanges, and what-have-yous deemed worthy of saving.
After all, my daughter may one day want to see the Tinder exchange that sparked her parents’ romance. (It happens.)
Canvas Fingerprinting Is More Invasive Than Cookies. But Should You Worry About It?
Cookies have been around since the ’90s Internet, so it’s not surprising that after all these years there’s a new game in town. But it’s concerning that the new tracking apparatus, canvas fingerprinting, was called “virtually impossible to block” by ProPublica's Julia Angwin. And now the Internet is responding.
Canvas fingerprinting uses a script to render an extra and invisible part of a webpage along with the regular site you’re looking for. The extra piece is there specifically to evaluate minor things about your computer that your system reveals in the process of loading the site. They're little things like which browser you’re using and which version of it you're running, but when enough of them are put together, says Angwin, they can turn into a unique profile or fingerprint, and then companies can use this identifier to track your browsing.
But maybe it’s not even worth fighting canvas fingerprinting. Internet filtering company AdBlock Plus, which was mentioned in the ProPublica article, posted a blog post by lead developer Wladimir Palant on Wednesday that argues that canvas fingerprinting is doomed to fail because sheer volume of users should stymie the approach. He explains that canvas fingerprinting uses available information about users' graphics drivers, browsers, operating systems, and other parameters to identify them on different sites based on their system's unique combination of attributes. But he notes that even if a tracker looks at tons of criteria, it’s pretty likely that groups of people will have the same combinations. Palant says,
All this taken into account, my guess is that canvas fingerprinting can work to identify users on smaller websites with a fairly stable community. However, as soon as you start talking about millions of users (e.g. if you want to track users across multiple websites), it is just too likely that different users will have exactly the same configuration and won’t be distinguishable by means of canvas fingerprinting.
Palant also cites problems with canvas fingerprinting that the ProPublica article itself brings up, like the fact that canvas fingerprinting doesn’t work so well for tracking mobile users. Even AddThis is skeptical continuing to use the approach. But if that doesn’t satisfy your concerns about canvas fingerprinting, Palant suggests using AddBlock Plus (naturally) and its EasyPrivacy filter list as a way of ensuring anonymity. The Electronic Frontier Foundation says that its Privacy Badger plugin can also help you go off the canvas fingerprinting grid.
Angwin says that Palant isn’t quite getting the point. “I don't think you should dismiss every threat just because it doesn't seem effective,” she said. If companies are tracking you, it’s worthwhile to know how, and what you can do about it, instead of passively allowing it. But Angwin says she is heartened by the large response to her piece. “It reminded me that people still do care about this stuff,” she said.
Inside Wisconsin’s Mayfly Hell
If you don’t like bugs, stop reading this now. What follows can only be described as a horror movie come to life.
This weekend, millions of mayflies took over a stretch of the Mississippi River. In the span of a few short hours, the riverside town of La Crosse, Wisconsin, was overwhelmed.
You’ve surely heard of storm chasing, but what about mayfly chasing? For meteorologist Tim Halbach, nightmares became reality on Sunday night:
Mayfly chasing. Just west of the Cass St bridge in La Crosse. pic.twitter.com/uW9quXTJeg— Tim Halbach (@TimHalbach) July 21, 2014
Mayfly hatch in Trempealeau from Saturday night. Thanks to Kelly for the picture! pic.twitter.com/e9wxuOlXLY— Michelle Poedel (@news8michelle) July 21, 2014
There were so many bugs, they actually showed up on weather radar, with the equivalent reflectivity of a moderate thunderstorm. A thunderstorm of bugs, that is:
The National Weather Service in La Crosse, where Halbach works, launched an explainer page devoted to the massive hatch, which they say resulted in “swarming and piles of mayflies” (emphasis theirs). Piles?! Eeesh. I’ll give them the benefit of the doubt on that one.
Mayflies have the ultimate boom-and-bust life. The bugs have spent the better part of their roughly year-long lifespan in aquatic nymph form, and they get to take flight for only a few hours—which is what happened Sunday. These hatches become wild aerial sex frenzies, after which the adults die in a blaze of glory. According to PBS, mayflies have the shortest adult phase of any known insect, just five minutes for one species.* Wired described them as “gonads with wings.” But why Wisconsin? Why now? From the NWS:
While the emergence of mayflies from their river bottom mud dwelling can occur at various times through the warm season depending on the species, this particular emergence was that of the larger black/brown Bilineata species.
Adult Hexagenia Bilineata live for about a day. They can’t eat. (Seriously, they don’t even have working mouths.) Their annual emergence is synchronized so as to provide the best chance of finding a mate. A citizen science project coordinated by the U.S. Fish and Wildlife Service in Onalaska, Wisconsin (PDF) has helped link the annual event to cumulative weather conditions during the spring and early summer.* Since this year’s been colder than average along the Upper Mississippi River, the mayfly hatch came later than normal.
I called Halbach at his office to get to the bottom of this entomological abhorrence.
I’m afraid to ask: How was it?
Mayflies are the latest buzz around here. (Everyone in the office gagged a little bit when I told that joke.)
But seriously, we were watching radar that evening, between 8:30 and 9, and it really started to pick up. The algorithm started showing that we were getting rainfall. We took a look more closely, and were like, nope, that’s bugs. Winds were from the south, and you could watch the swarms being pushed gradually northward.
Watching from radar is one thing, but what on earth inspired your mayfly chase?
After my shift ended at midnight, I decided to drive back and forth to see what I could find. Maybe I’m just morbid that way. I’ve gone through some bug hatches in the past with the cicadas in D.C. and Chicago, with the same general sense of just being thoroughly disgusted.
Sunday night, I went to the Mississippi River bridge to see where the main mayflies were. The biggest swarm I found was just to the west of the main bridge, on an island in the Mississippi.
Coming back, I was low on gas and was going to fill up. I saw the lights of the gas station were off, and thought they were closed. In hindsight, they probably just switched off the lights to try to get rid of all the bugs.
When I finally stopped for gas, it was enough that in the few seconds of opening the door, a bunch of them had climbed in. When I got back in my car, you could hear them buzzing around inside. They’re harmless, though. It was definitely a self-inflicted annoyance.
Just how rare is something like this?
Pretty much every summer we get a pretty big one that shows up. The last big one like this was in 2012. It’s something we see on radar pretty often this time of year, but maybe not normally to the size we had the other night.
It’s a good sign for the river that it’s healthy. Some of the fishermen might not be as happy, though. The fish don’t bite as well after eating so many bugs.
We’ve seen them hatch multiple times per year in the past, so this might not be the only one this year.
Any advice from a veteran mayfly chaser for someone who’s interested in joining your ranks?
Be prepared to have mayflies all over you. And bring a shovel. I regret not having my better camera with me, too. Look for anywhere that has lights, they seem to congregate there. Knowing the wind direction in advance will help you find the clusters. As this event showed, you can use the radar images for that as well.
Since they mate and die in one day, there will be piles of them the morning after. That’s what the shovel’s for.
*Update, July 24, 2014: This sentence was updated to clarify the role a citizen science project has played in tracking mayfly hatchings.
*Correction, July 24, 2014: A previous version of this article incorrectly implied some mayflies have a lifespan of only five minutes. Their lifespan is actually roughly a year; it's the adult phase that's only minutes long in some species.
Pizza Hut is Making a Real-Life TMNT Pizza Thrower, and It Sounds Awesome
Just when I thought Michael Bay was going to irredeemingly desecrate the Teenage Mutant Ninja Turtles of my childhood in one fell, explosion-laden swoop, in comes the unlikeliest of heroes to save the day. Pizza Hut—the cheese-in-crust purveyors and, now, my favorite company in the world—is making a real-life version of the Turtles' iconic pizza thrower.
Per the Hollywood Reporter, the life-size model of the Best Toy Ever is being constructed by Syyn Labs, as a part of a promotional partnership between Paramount Pictures and the global pizza chain. Featuring a 16-foot-long rotating cannon, the TMNT vehicle will debut at this year's Comic-Con, where it will delight fanboys and girls in attendance by shooting (fake) pizzas at the enemies of Michelangelo and Co. If the thought of that doesn't bring back memories of the countless afternoons spent firing half-dollar-sized discs at your pets and siblings, then I don't know what will.
Of course, in the grand scheme of food-based technology, this pales in comparison to things like the NASA-funded pizza-making 3-D printers. The pizzas here are fake and, well, NASA is 3-D printing food. But in a universe in which we're on the verge of the Ninja Turtles being Michael Bay'd, it's one of the coolest things that I've seen in a long time. Cowabunga, indeed.
Internet Father Vint Cerf Explains How We Keep Web Addresses Straight
In March, there was a lot of news about the Internet Corporation for Assigned Names and Numbers (ICANN) and how the U.S. was planning to relinquish its power over the organization. Now, with Republicans angling to delay the transition, Google has released an explainer video about why it thinks the process is positive. The video is charming, informative, and features dad jokes from Internet inventor Vint Cerf. What could be better?
Cerf, who is currently a VP and “chief Internet evangelist” at Google, starts with the basics to explain how you navigate to websites online. The video goes through how things used to be and where the need for ICANN arose from in the first place, which gives some good context for why it’s really important now that a balanced group of stakeholders continue to be in charge of the organization.
Cerf also argues that the U.S. isn’t just “giving away its authority,” but actually completing a positive, and long-planned, transition to a maximally democratic ruling body for the Internet. Republicans have been vocal opponents of the ICANN transition away from U.S. control, because they worry that without the U.S.’s authority backing the organization, ICANN will struggle to resist pressure from groups that want to limit Internet freedom.
We checked the IP address example in the video, 184.108.40.206, to see if it was an Easter egg and belonged to someone funny. Sadly, it’s just a normal Google IP, but there are some jokes in the final utopian future scene of the video, including Vint Cerf riding on Grumpy Cat and the man in the moon being replaced by Doge. Who says you can't do Internet policy education and also have a little fun?