Sneak Peek on TorBox 0.2.5

My first Tor Bridge Relay is properly working – see here.

With TorBox v.0.2.5 (coming soon) everyone with direct internet connection will be able to set up a Tor Bridge Relay — only with a view „clicks“.

Bridges are essential for people in authoritarian countries to reach the open internet. TorBox v.0.2.4 offers such client functionality already, but soon, users with a direct internet connection can help others by setting up their relay.

More information
Run Tor Bridges to Defend the Open Internet

TorBox To Go 2.0

Due to the size of the Raspberry Pi and the necessary accessories, TorBox is very easy to use on the road. Below, we show you the recommended minimal accessories for portable use. Nevertheless, all the stuff still fits into a waterproof, compact plastic container. Below the images, you find further information about the items used with the corresponding links.

• • •

• • •

• • •

Although the Raspberry Pi takes up little space, the problem lies in the fact that the official power adapters to the Raspberry Pi are not very compact and therefore waste valuable space. There are smaller power adapters, such as the 12W USB Power Adapter by Apple shown in our example, but when directly connected to the Raspberry Pi, they can cause power problems. This also applies to power banks: the power supply is usually not sufficient for a long stable operation of the Raspberry Pi. The Raspberry Pi 3 Model B was still satisfied with 12W, but Model B+ and the Raspberry Pi 4 Model B require at least 15W (see here: Raspberry Pi 3 B+ Review and Performance Comparison and this Power Consumption Benchmarks). There is also another problem with the Raspberry Pi 4 Model B: because of a flaw in how the USB-C power input is behaving, currently, the Raspberry Pi 4 B does not work with most third-party power adapter and power banks. By contrast, the PiJuice HAT works reliably with almost all Raspberry Pi versions and models, and virtually any power adapter or power bank can be connected to it, so the somewhat weak standard battery doesn’t run out too quickly. With the PiJuice alone, TorBox can be operated for an estimated 1-2 hours, depending on the load.

Used Items

TorBox v.0.2.4-rpi4 released, featuring Raspberry Pi 4 Model B support!

I’m pleased to announce this new version of TorBox, which introduces the support for the Raspberry Pi 4 Model B. The image file was completely rebuilt based on Raspbian “Buster” lite with the Linux Kernel 4.19.58 and Tor version 0.4.0.5. This version does support not only the new Raspberry Pi 4 Model B but also the previous Raspberry Pi 3 (Model B / Model B+).

TorBox Image (870 MB): v.0.2.4 (08.08.2019)
TorBox Menu only: v.0.2.4 (08.08.2019)

In contrast to the previous versions, the Raspberry Pi 4 Model B has a higher power consumption, which is why we also recommend the use of a Pimoroni’s chunky heatsink in combination with a Pibow Coupé 4 case (see photo above).

The TorBox pre-v.0.2.5 release is expected at the end of the year.

Updated: Useful browser add-ons to improve anonymity, security and/or usability

Along with the release of TorBox v.0.2.4, we were updating our website and added some new information in the FAQ section. We also heavily updated our recommended browser add-ons, which are mainly available for Firefox (our number one choice for web browsers alongside the Tor Browser). Here you can find a copy of the updated recommendations (the original list can be found here):

  • https-everywhere: Automatically makes websites use a more secure HTTPS connection instead of HTTP if they support it. With HTTPS, even the connection between the Tor exit node and the web server is encrypted. Tor Browser also uses this add-on. (USED BY TOR BROWSER; ESSENTIAL for SECURITY / ANONYMITY; available for Firefox, Firefox for Android, Chrome, and Opera).
    https-everywhere: How it works.
    https-everywhere: How it works.
  • NoScript: Allows JavaScript, Java, Flash, and other plugins to be executed only by trusted web sites of the users choice. NoScript also provides powerful anti-XSS and anti-Clickjacking protection. Tor Browser also uses this add-on. (USED BY TOR BROWSER; ESSENTIAL for SECURITY / ANONYMITY; available for Firefox and Chrome).
  • First Party Isolation: First Party Isolation, also known as Cross-Origin Identifier Unlinkability, is a concept from the Tor Browser. The idea is to key every source of browser identification with the domain in the URL bar (the first party). This makes all access to identifiers distinct between usage in the website itself and through third-party. Think of it as blocking Third-party cookies, but more exhaustively. (USED BY TOR BROWSER; ESSENTIAL for SECURITY / ANONYMITY; available for Firefox).
  • uBlock Origin: The only real working and independent ad blocker (ESSENTIAL for SECURITY / ANONYMITY / USABILITY; available for Firefox, Chrome, Safari, and Opera).
  • Smart Referer: Prevents Cross Domain Referer Leakage (ESSENTIAL for ANONYMITY; available for Firefox).
  • CanvasBlocker: Allows users to prevent websites from using the Javascript canvas API for fingerprinting them. (ESSENTIAL for ANONYMITY; available for Firefox)
  • Decentraleyes: This browser add-on emulates Content Delivery Networks (CDN) by finding supported resources locally, and injecting them into the environment. All of this happens automatically, so no prior configuration is required. Here is a testing utility to find out if you are properly protected against a CDN vulnerability (ESSENTIAL for ANONYMITY; available for Firefox, Chrome, Opera).
    Decentraleyes: How it works.
    Decentraleyes: How it works.
  • Neat URL: Cleans URLs, removing parameters such as Google Analytics’ utm parameters. (ESSENTIAL for ANONYMITY; available for Firefox)
  • Skip Redirect: Some web pages use intermediary pages before redirecting to a final page. This add-on tries to extract the final url from the intermediary url and goes there straight away if successful. (ESSENTIAL for PRIVACY / USABILITY; available for Firefox)
  • Privacy Pass: Allow users to redeem validly signed tokens instead of completing captcha solutions. Clients receive 30 signed tokens for each captcha that is initially solved. Cloudflare currently supports Privacy Pass. (ESSENTIAL for USABILITY; available for Firefox and Chrome).
  • uMatrix: Point and click matrix to filter net requests according to its source, destination, and type (available Firefox, Chrome, and Opera).
  • Privacy Badger: A balanced approach to internet privacy between consumers and content providers by blocking advertisements and tracking cookies that do not respect the Do Not Track setting in a user’s web browser (available for Firefox, Chrome, and Opera).
  • FoxyProxy: FoxyProxy is an advanced proxy management tool (see also here; available for Firefox, Chrome, Safari, Opera, and others).
  • Bypass Paywalls: Let’s say you are a researcher and one of your sources is an article in the Washington Post. Would you subscribe, only for that one article? Yes, we thought so, too 😉 (available for Firefox and Chrome).

Do you have another very useful browser add-on? Let me know in the comment section below!

TorBox v.0.2.4 released, featuring OBFS4 Bridges support!

I’m pleased to announce the release of TorBox v.0.2.4. As promised, the focus of this release was on supporting OBFS4 bridges, which help to overcome censorship measures in certain countries (for example Turkey). Below are the links for the latest TorBox v.0.24 (typically, you need only the image-file):

TorBox Image: v.0.2.4 (25.05.2019)
TorBox Menu only: v.0.2.4 (25.05.2019)

Main Menu TorBox v.0.2.4
Main Menu TorBox v.0.2.4

Changelog v.0.2.3 (09.02.2019) —> v.0.2.4 (25.05.2019)
Updated: The system is based on Raspbian “Stretch” lite with Linux Kernel 4.19.2 and Tor version 0.3.5.8.
New: Instead of the “advanced submenu”, we split old and new functionalities into two separate submenus: “countermeasures & troubleshooting” and “configuration & update”.
New: We implemented in the “countermeasures & troubleshooting” submenu a user-friendly way to activate, configure, and change the OBFS4 bridge’s functionality. There are 15 pre-configured OBFS4 bridges in the configuration, which were fully functional at the time of the release. We hope to help with this approach beginners. We urgently need your feedback to develop this functionality further.
New: Since TorBox v.0.2.3, nyx does a good job as a statistics tool (main menu entry 1). However, there are certain cases, when Tor hangs during bootstrap, that nyx doesn’t start either. Therefore we have added an alternative method in the submenu “countermeasures & troubleshooting” (entry 11) to quickly display the log file of Tor and update the display if necessary.
New: TorBox is now providing a SOCKS v5 proxy functionality on port 9050 to its connected clients. If you use that capability, applications which support SOCKS v5 proxy connectivity and “DNS over proxy” (for example Firefox or the add-on FoxyProxy) can access directly .onion sites. For more information, see here.
Improved: We again reduced the size of the image file, which is now about 865 Mbyte.
Changed: All scripts are now executed by bash instead of sh. The change was needed to enable the handling with arrays.
Fixed: Some minor bugs and cleaned up the code.
Removed: The experimental section (for now).

The pre-v.0.2.5 release is expected at the end of the year.

Press and Internet censorship in Turkey

Article 26 paragraph 2 of the Turkish constitution guarantees freedom of the press and expression. At the same time, it legitimizes a regulatory system for “publications by radio, television, cinema or similar means”. Finally, in paragraph 2, the above mentioned rights of freedom are again undermined by a large number of arbitrarily applicable exemptions. At the same time, a vague formulation about the protection of “the reputation or rights of others and their private or family life” opens the door to restrict freedom of the press and expression. Nevertheless, the government often uses the argument “support of a terrorist organization” as justification for any repression. Accordingly, many journalists find themselves behind bars: at the end of December 2018, there were 68 in jail – no other country (followed by China, Egypt, and Saudi Arabia) imprisoned so many journalists. On average, jailed Turkish journalists spend more than a year in detention awaiting trial, and after that, imposing long prison sentences is the norm. In some cases, even sentences of life without parole have been handed down (“Turkey: Massive Purge“, Reporters Without Borders, 2018).

Cartoon by Tjeerd Royaards.

While Turkey has never been a model for guaranteeing freedom and human rights, the situation has worsened in stages after 2006, 2013, and 2016. The EU has criticized Turkey from early on, and the relationship is often strained not the least because of apparent shortcomings in freedom and human rights. Despite an association agreement in 1963 and a customs union at the end of 1995, the EU renounced accession negotiations in 1997 (to the annoyance of Turkey in contrast to the Eastern European countries and Cyprus), which in the short term led to a break in talks between the EU and Turkey. Quasi for reconciliation, at the end of 1999, Turkey was categorized as an “applicant country” by the European Council. At the same time, the European Council stated that the fulfillment of the Copenhagen criteria would be a prerequisite for the opening of accession negotiations or entry to the EU. The Copenhagen criteria include “institutional stability, democratic and constitutional order, respect for human rights and respect for and protection of minorities”.

In fact, at the beginning of the 2000s, Turkey was trying to meet these criteria. For example, a comprehensive reform of Turkish civil law was undertaken, the death penalty was abolished even in times of war, torture was forbidden, the freedom of assembly and demonstration expanded, and the rights of the Kurds were strengthened. Ironically, today’s Turkish President Recep Tayyip Erdoğan and his Justice and Development Party (Adalet ve Kalkınma Partisi, AKP) were behind many of these reforms. Nevertheless, the new standards were often paper tigers, because, in practice, it proved lacking. For instance, in its report last year, Amnesty International stated that torture is still occurring among people in police custody and that public authorities do not effectively prevent it (“Turkey 2017/2018“, Amnesty International).

Amnesty International activists ride a boat on the Spree, Berlin. They demand the release of Taner Kılıç, founder and president of the Turkish section of Amnesty International. Kılıç was detained by Turkish authorities on 6 June 2017 and charged with use of the smartphone program ByLock and membership of a terrorist organization. One of Turkey’s supreme courts declared in September 2017 that having ByLock installed on the phone of an accused person was sufficient to establish that person’s membership of the Gülen movement. He remained in detention until 15 August 2018.
Amnesty International activists ride a boat on the Spree, Berlin. They demand the release of Taner Kılıç, founder and president of the Turkish section of Amnesty International. Kılıç was detained by Turkish authorities on 6 June 2017 and charged with use of the smartphone program ByLock and membership of a terrorist organization. One of Turkey’s supreme courts declared in September 2017 that having ByLock installed on the phone of an accused person was sufficient to establish that person’s membership of the Gülen movement. He remained in detention until 15 August 2018.
The limited successes of the reform efforts were short-lived. As early as 2006, an intensification of the anti-terrorist legislation led to an increase in journalist arrests. There were also restrictions on the use of the Internet. In May 2007, Law No. 5651 on the regulation and the fight against crime on the Internet came into force. This law was initially promoted to combat sexual exploitation and abuse of children, prostitution, and gambling, but over the years it has increasingly been used as a basis to block all kinds of content the government finds disagreeable. Based on this law, in addition to blocking websites, access to Facebook, Twitter, YouTube, Instagram, WhatsApp, and Skype is repeatedly temporarily blocked, the connection speed is throttled, or access to the Internet is completely blocked (Burcu Selin Yılmaz, Hümeyra Doğru, and Volkan Bahçeci, “What If You Cannot Access the Internet in the Surveillance Society? Individuals’ Perceptions Related to The Internet Censorship and Surveillance in Turkey“, Journal of Media Critiques, vol. 3, no. 11, 10 September 2017, p. 74f). This law has been used as the basis for completely blocking all content on Wikipedia since the end of April 2017. However, the Internet is not only partially blocked: since November 2011, there is also a nationwide filter system. Finally, for the first time, in September 2012, an Internet user was sentenced to one year in prison for insulting the Turkish President Abdullah Gül on Facebook. The increasing censorship of Internet content is also reflected in the evaluation by Freedom House: since 2009, this rating has steadily worsened and has been rated as “not free” since 2016.

A further sustained restriction of freedom of the press and expression – both in the classical sense as well as on social media – took place in 2013. This was due to several events, which, together with social media and conventional reporting had a negative impact on the then-Prime Minister Erdoğan, his political environment, and the AKP. Starting in 2012 and particularly in 2013, several hundred Turkish officers were jailed for past or suspected coups or attempted coups. Overlapping, the conflict with the Kurdistan Workers’ Party (PKK) flared up from October 2011 to March 2013 (and later again from 2015). However, the most influential were the demonstrations starting in late May 2013 in Istanbul against a planned construction project on the grounds of Gezi Park. These demonstrations increasingly became a nationwide, anti-government protest and culminated in December 2013 with the publication of massive allegations of corruption against the AKP government.

The Turkish media have embarrassed themselves. While the whole world was broadcasting from Taksim Square, Turkish television stations were showing cooking shows. It is now very clear that we do not have press freedom in Turkey. — Koray Çalışkan, a political scientist at Istanbul’s Boğaziçi University, cited in Constanze Letsch, “Social Media and Opposition to Blame for Protests, Says Turkish PM“, The Guardian, 3 June 2013.

Because of the lack of coverage by pro-government media, social media played a decisive role in organizing the demonstrations and protests for the Occupy Gezi movement (Erkan Saka, “Social Media in Turkey as a Space for Political Battles: AKTrolls and Other Politically Motivated Trolling“, Middle East Critique, vol. 27, no. 2, 3 April 2018, p. 161). As a result, access to social media and anti-government content on the Internet has been severely restricted. When incriminating recordings of the corruption scandal were published on YouTube and Twitter, the government reacted by temporarily blocking these services entirely. Erdoğan described social media as “the worst menace to society” and the government arrested Turkish Twitter users for the first time. Despite Erdoğan’s negative attitude towards social media, in the fall of 2013 the AKP announced that it wanted to build a 6,000-strong team of young, tech-savvy party members, which would silence government-critical voices on social media (like a Troll army; Erkan Saka, “The AK Party’s Social Media Strategy: Controlling the Uncontrollable“, Turkish Review, vol. 4, no. 4, 7 August 2014, p. 418–23).

2011 protests against internet censorship in Turkey.
2011 protests against internet censorship in Turkey.
The press in Turkey can hardly be called free. Almost all media companies are owned by large holding companies that have connections to political parties. Around a dozen journalists, who had reported positively about the demonstrators during the protests in 2013, were fired. After facing massive amounts of pressure in their media companies in 2014, hundreds of journalists who had previously investigated corruption cases quit their jobs. Law No. 5651, which was strengthened by the AKP in February 2014, expanded state monitoring capabilities. Internet service providers (including Internet cafés and free Wi-Fi providers) were required to keep their users’ activity data up to two years instead of the original one year. This data had to be provided at the request of the authorities without requiring any judicial order (Bilge Yesil and Efe Kerem Sozeri, “Online Surveillance in Turkey: Legislation, Technology and Citizen Involvement“, Surveillance & Society, vol. 15, no. 3/4, 9 August 2017, p. 545). However, parts of the strengthening, such as the two-year retention period, were reversed in December 2016 by a Turkish Constitutional Court ruling.

Starting in 2014, charges against journalists and students for insulting government officials increased. From the beginning of Erdoğan’s presidency at the end of August 2014 until the failed coup attempt in mid-July 2016, 1,845 people were charged with insulting the Turkish president – a criminal offense punishable by up to four years in jail under Turkish law. As a gesture of national solidarity Erdoğan dropped almost all the charges after the failed coup attempt (except for pro-Kurdish parliament members and the German satirist Jan Böhmermann). Since then, however, there have been new charges.

A Turkish soldier who took part in the attempted coup is kicked and beaten by the crowd (Photo: Selcuk Samiloglu).
A Turkish soldier who took part in the attempted coup is kicked and beaten by the crowd (Photo: Selcuk Samiloglu).

After the failed coup attempt in mid-July 2016, repression has once again noticeably increased. To date, more than 96,000 people (including 319 journalists) have been arrested, and around half a million have been investigated (including more than 2,000 young people under the age of 18), more than 150,000 people have been fired (including more than 6,000 academics and nearly 4,500 judges). In addition, 189 media outlets were closed during this period (“Monitoring Human Rights Abuses in Turkey’s Post-Coup Crackdown“, Turkey Purge, 19 April 2019). As of November 2016, 114,000 websites were blocked for political or social reasons. These include news agencies as well as online forums reporting on LGBTI issues, ethnic minorities (especially pro-Kurdish content), and social unrest or show anti-Muslim content.

Page views of the Turkish Wikipedia https://tr.wikipedia.org/ in 2017.
Page views of the Turkish Wikipedia https://tr.wikipedia.org/ in 2017.
Since December 2016, a large number of VPN providers and Tor entry nodes have been blocked. Public censorship can be bypassed with a reasonably stable connection if the Tor client uses OBFS4 bridges. However, this approach only works if web pages are blocked; there is no solution if the overall connection to the Internet is throttled or the connection is blocked entirely (Yılmaz, Doğru, and Bahçeci, p. 78f). Offiziere.ch is aware of a case in which a relatively reliable, permanent connection was made with 15 bridges. In TorBox version 0.2.3, the possibility to use bridges is experimentally implemented, but not yet in a user-friendly way (there is a well-documented configuration file for savvy users). A more user-friendly implementation will be provided with the pre-version 0.2.4 – planned for the middle of this year. Currently, the following VPN providers are available in Turkey: ExpressVPN, NordVPN, AstrillVPN, PrivateVPN, and CyberGhost. Like Tor with OBFS4, they also rely on obfuscated protocols. In any case, the VPN user is well advised to additionally use Tor over VPN so that the VPN provider can only recognize an encrypted, target-anonymized data stream.

Also, in mid-March 2018 ProtonMail was blocked. ProtonMail is an email provider located in Switzerland, which specializes in the free or cost-effective offering of user-friendly encrypted email communication. According to information from ProtonMail customer service the service was accessible again after a few days for users located in Turkey, but based on the information available to offiziere.ch there were at least repeated temporary restrictions. Particularly piquant is that the blocking was carried out by Vodafone Turkey, which is part of the British Vodafone Group. Once again there are companies in democratic states supporting censorship in authoritarian states.

TorBox on GitHub / Updated TorBox v.0.2.3 GitHub release

TorBox has now its own GitHub page, which gives you an easy way to contribute to the TorBox project. Especially for that occasion, TorBox v.0.2.3 has been updated. Here are the links for the latest TorBox v.0.23 (usually, you need only the image-file):

TorBox Image : v.023 (09.02.2019)
TorBox Menu only : v.023 (09.02.2019)

Changelog v.0.2.3 (09.01.2019) —> v.0.2.3 (09.02.2019)

  • Updated: The system is based on Raspbian “Stretch” lite with Linux Kernel 4.14.79 and Tor version 0.3.5.7.
  • Updated: nyx (the Tor statistics program) from version 2.0.4 to 2.1.0.
  • Updated: Reduced logging is now enabled by default. Corresponding menu entry in the advanced menu let you change the amount of logging.
  • Updated: “Erase all log files” (entry in the advanced menu) deletes all log files (previous behavior was to reduce them to 0 bytes).
  • Minor fix: Fixed some minor bugs, cleaned up the code and especially the configuration files in “/etc“.
  • Removed: The Screen Saver (entry in the main menu) and slurm.

The pre-v.0.2.4 release is expected at the end of May 2019 and will focus on improved usability of bridges.

TorBox v.0.2.3 released !

Finally! I’m happy to announce the release of TorBox v.0.23. During the last half-year, I tested the functionality under real-life conditions, and I’m pleased with the overall stability of the system (if the power supply is reliable enough). Currently, I receive only a few feedback from the community. Therefore, one of my goals for 2019 is to find more contributors who are motivated to give feedback and to help to improve the functionality and security of the system, but more about that later…

Main Menu TorBox v.0.23
Main Menu TorBox v.0.23

Changelog pre-v.0.2.3 (02.12.2018) —> v.0.2.3 (09.01.2019)

  • New: The first noticeable improvement is the size of the image file: it is only a little bit more than 900 Mbyte (compared to 1.4 Gbyte of the last version). This reduction of size was made possible by shrinking the image. At the first start, the image automatically expands over the entire free partition. After an automatic reboot, the system is available for use – user interaction, screen, and peripherals are not required. After 2-3 minutes, when the green LED stops to flicker, connect your client to the new WiFi “TorBox023”. Then use an SSH-client to access 192.168.42.1 (username: pi / password: CHANGE-IT). Now, you should see the TorBox menu. Choose the preferred connection setup and change the default passwords as soon as possible (the associated entries are placed in the advanced menu). TorBox needs at least a 4 Gbyte SD Card, but 8 Gbyte is recommended.
  • New: The ability to configure TorBox with bridges that use obfs4 pluggable transport capability to overcome censorship. It is still in experimental status, but with detailed feedback, I will be able to improve and extend this feature for the next version. It works like that: after selecting the connection in the main menu and if Tor Statistics doesn’t show any link to the Tor Network, then additionally the user can try the bridge function in the Advanced Menu. To be honest: the whole thing took a lot of nerves out of me, not so much because of the configuration, but because there seem to be quite a few bridges that don’t work (or don’t work with my network environment). So my advice is, if necessary, to enter 3-6 bridges and to wait at least 5 minutes even though error messages can be seen (someone in a country with state censorship told me that he needs up to 15 bridges). Probably, I will change the implementation of that feature in the future; actually, the improvement of this very important feature will be the main focus for the development of the next pre-v.0.24. That’s why I need your feedback and ideas on these. However, one thing in advance: currently, I don’t see any way to get the bridges automatically (at least as long as we deal with shell scripts :-/).
  • New: I noticed that some free Internet provider at airports, hotels, coffees, etc. just cut the connection after a particular time without network load. A “normal” device would probably reconnect, but this doesn’t work with TorBox. That’s why there is now an entry in the Advanced Menu that provides a constant ping for a minimal data stream. At least with Starbucks, this worked :-).
  • New: The localization is now in English by default, the time should remain set to UTC, and ntpdate fetches the correct time at startup … from this point of view there is no urgent need for an additional configuration. However, I added to the Advanced Menu the possibility to set a “Wifi Regulatory Domain”. The current setting is “unset” or “world”, which is quite broad, but if someone has problems with it, he can change it now. Currently, the two-letter country code has to be chosen from https://wikipedia.org/wiki/ISO_3166-1_alpha-2. At this point, I need your feedback, if you need that feature at all and if I should improve its usability.
  • New: I also added a runtime file where TorBox stores certain global variables. There isn’t much in it yet, but it might become a kind of configuration file in the future.
Advanced Menu TorBox v.0.23
Advanced Menu TorBox v.0.23
  • Updated: The system is based on Raspbian “Stretch” lite with Linux Kernel 4.14.79 and Tor version 0.3.4.9.
  • Updated: For security reasons, the Bluetooth capabilities are disabled on the provided image.
  • Updated: The feature to overcome captive portals has been so stable since last summer that I was able to remove all alternative strategies and test scripts. Now, the captive portal solution works for all connection types – and if someone is mistaken, it doesn’t matter — he can click through the procedure. For security reasons, the user has, however, the possibility to abort before establishing an insecure connection.
  • Updated: Experimentally, I had already integrated the possibility of cable-TorBox-cable connections before, but I wasn’t that happy about it. I have entirely reworked this first approach. Now the user can choose between WiFi- or cable-client in the main menu. The user can also switch back and forth, but he has to make sure that he can log in with the chosen client.
  • Updated: The update function is now more reliable (now with the latest stable Tor release).
  • Updated: All menus and display screens should be viewable on a 3.5“ screen, on a mobile phone or tablet. Besides, the menus are better structured, and I have tried to make the information screens more understandable. Let me know, your thoughts about it.
  • Updated: As for DNS leaks, I’m a bit paranoid, so dnsmasq is turned off on TorBox by default, and any DNS queries made locally on the device (that is, by the user logged in via ssh in the shell) are recorded in the log file.
  • Minor fix: The menu entry to flush all log files, flushes now “~/.bash_history” too.
  • Minor fix: Some minor bugs in the configuration part in the advanced menu.
  • Removed: The ability to reset the entire network settings (was located in the Advanced Menu). This feature isn’t necessary anymore, and it wasn’t very useful.
  • Tested: With Raspberry Pi 3 Model B and Raspberry Pi 3 Model B+ (max achieved throughput: 2.3 Mb/s). I continue to test the integration of the PiJuice, a portable power platform for the Raspberry Pi, but it seems that the permanent power supply is not reliable enough to enable stable WiFi-TorBox-WiFi connectivity. For portable use, my best experience is made with the RS Pro PB-10400 Power Bank, 5V / 10,4Ah.
A test with the PiJuice HAT. Below in black is the very reliable RS Pro PB-10400 Power Bank, 5V / 10,4Ah.
A test with the PiJuice HAT. Below in black is the very reliable RS Pro PB-10400 Power Bank, 5V / 10,4Ah.

Last but not least, I’m coming back to my desire to expand the number of contributors. I have about 4 Raspberry Pi 3 Model B to give away for free (SD Card with pre-installed TorBox v.0.23 included). If you want one of these Raspberry Pis than send me an email explaining why I should send you one and what you are willing to contribute to the project.

China: The Emergence of Probably the World’s Largest Data-Mining Giant

by Ypsilons 378

The Chinese government plans to monitor its people with a comprehensive social credit system.” The goal is to promote honesty and sincerity in order to promote economic and social progress. In the process, those who betray trust are to be severely punished.

China is currently busy creating a digital data monster with tentacles extending into every aspect of life. This is causing concerns about the rampant frenzy to collect data and how it will be handled. The Chinese social credit system is officially scheduled to go into operation in 2020. From then on, not one of the country’s approx. 1.5 billion inhabitants will be able to escape the state’s rating system.

Education in “goodness”
Zhang Zheng, director of the China Credit Research Center at Peking University, is an important thought leader and theoretician of the Chinese social credit system. His mindset is rooted in his socialization because the economics professor had initially studied mathematics and natural sciences, which requires a rational and analytical way of thinking. However, dealing with human beings and the problems of society requires a broader, more differentiated approach, which is often difficult for dedicated natural scientists. Social sciences are more than just ones and zeros, black and white, right and wrong, good and evil, but the Chinese social credit system is based precisely on this simplified dualistic way of thinking.

There are two kinds of people in this world: good people and bad people. Now imagine a world where the good ones are rewarded and the bad ones are punished — Zhang Zheng zitiert in Martin Maurtvedt, “The Chinese Social Credit System: Surveillance and Social Manipulation: A Solution to ‘Moral Decay’?“, Department of Culture Studies and Oriental Languages, University of Oslo, 2017, p. 1.

Zheng is convinced that the Chinese social credit system, i.e., socialization as a “good” person with the help of digital tools, will become a sustainable cornerstone for the moral order of Chinese society. This system is intended to improve the morals of society. Whether the everyday morals of the people or the business ethics of companies, the system is supposed to that the rules are followed. This has particularly obvious consequences on individuals: good citizens would be rewarded and favored, while bad ones would be sanctioned with severe restrictions in daily life.

Structure and function
The Chinese social credit system is based on centralized databases containing such records as medical and court files, online shopping, posts on social networks, internet search queries, travel plans, and purchases with credit cards or payment apps. These records are then analyzed and weigh this cluster of data to come up with a single score. Companies and institutions will have no choice but to make their data available to the system. However, there won’t be much need to put pressure on Chinese companies, since there are already voluntary systems in place such as Alibaba’s Sesame Credit (with over 450 million active users), Tencent (operator of the successful Chinese messaging, social media and mobile payment app WeChat), and Baidu. China’s private internet companies have indicated that the Communist Party may use their compiled data and cutting-edge technologies because, in return, they will gain access to previously inaccessible government databases.

Looking at Sesame Credit, not only payment behavior but also “habits or preferences” and “personal networks” can influence creditworthiness. According to Li Yingyun, head of development at Sesame Credit, someone who plays video games ten hours a day is classified as a sluggish person, but those who buy diapers frequently are likely to be a parent and are therefore willing to accept a higher degree of responsibility. Ambitious gamers risk a lower score, while those who are responsible get a higher one. It’s also worthwhile to pick friends with high scores because these can help increase your score. However, if your friends have low scores, you risk losing points. If you are looking for a partner, you can advertise with a high score, because Sesame Credit cooperates with Baihe, China’s largest online dating agency. This means, however, that people with low scores will inevitably remain single.

Moral role models: Roncheng's "civilized families" can be admired on such public display boards. (Foto: Simina Mistreanu).
Moral role models: Roncheng’s “civilized families” can be admired on such public display boards. (Foto: Simina Mistreanu).

Pilot operation already running
Companies are not the only ones that are already heavily collecting, processing, and evaluating data. Some three dozen Chinese cities are already experimenting with different social credit systems. For example, Rongcheng, a city of about 670,000 inhabitants on the east coast, has been operating a social credit system since 2014 regarded as a showcase project for a China-wide system. With their Honest Shanghai App, Shanghai operates another popular system, which has also implemented facial recognition. To register, the individual’s is captured with the mobile camera and compared and verified with the electronic identity card. A short time later, users get their first score. This score is updated at the end of each month. The criteria and factors used for a high or low rating are confidential. However, the system takes into account about 3,000 pieces of data per person from almost a hundred government data sources (Rob Schmitz, “What’s Your ‘Public Credit Score’? The Shanghai Government Can Tell You“, NPR.org, 03.01.2017).

Even if individual factors evaluated in the pilot projects are confidential, the Chinese social credit system generally concentrates on the evaluation of four key parameters:

  • Commercial activities: commercial activities form the basis of the system, because one of the goals of the Chinese government is to use the system to improve the trust in the commercial sector among citizens, but also between citizens and business. So if you pay your bills on time, you will have a clear advantage. Incidentally, such credit rating systems are also common in the West (for example, Schufa in Germany and FICO in the US). The Chinese, however, go one step further: those who travel without a ticket or who get into debt with spending are, in many cases, no longer allowed to travel by express train or plane. Last year alone, this penalty was imposed about 6.7 million times, according to the official figures of the Supreme Court.
  • We have had the social credit system in our village for several years now. No matter what we do, we think about our credit points. We support the village where we can. We clean a lot and sweep the public areas. Putting garbage or even grass in front of your own door is not allowed. If someone doesn’t follow these rules, they’re considered dishonest. If the village head asks for anything, we do it. Those who keep everything clean and in order are regarded as role models. — cited in Axel Dorloff, “Sozialkredit-System: China auf dem Weg in die IT-Diktatur“, Deutschlandfunk, 09.09.2017.

  • Social behavior: whether online or off, social behavior plays an important role in the assessment. With a reward and punishment mechanism, the system aims to train residents to behave positively, at least as the government sees it. In Rongcheng, whoever helps others or gets involved in city projects will, for example, get 5-10 additional points. A similar system is in place in Shanghai: those who help older inhabitants or the poor can earn additional points, too, but whether this represents moral progress remains questionable.
  • Administrative activities: the system will also simplify administrative procedures, as unauthorized requests for public assistance will result in a deduction of points. This applies in particular to the submission of petitions critical of the government. Those who criticize the Communist Party in the social media should not be surprised if they end up on the blacklist. Requests from people below a certain score will be postponed or even ignored. On the other hand, people with above-average scores already enjoy preferential treatment.
  • Criminal prosecution: law enforcement is already integrated in Rongcheng. If you run a red light, you will immediately lose 5 points; if you drive drunk or are involved in a brawl, you will immediately be blacklisted. The score serves as a kind of criminal record: the inhabitants of Rongcheng have to regularly present their score for job promotions, for membership in the Communist Party, when applying for a bank loan. Nothing happens anymore without a good score.

Rewards and punishments
The rewards and punishments for high or low scores currently vary from system to system. In Rongcheng, everyone starts with 1,000 points, which then increases or decreases depending on the behavior of the person concerned. The highest rating is AAA, which is at least 1,050 points; at the other end of the scale is D, which is fewer than 600 points. Persons with at least an A rating are on a red list, while those below are on a blacklist. Those on the red list are given preferential treatment for admissions to schools, for social benefits, or even when purchasing insurance. Those in the C Group are checked regularly and are subject to certain restrictions. This could, for example, result in the reduction of welfare payments. Those who appear in the lowest D Group no longer qualify for management positions, lose certain benefits and lose their creditworthiness. Another important aspect is the public emphasis on ethical role models or the condemnation of those who “betray trust”. Usually, names, photos, identity numbers, and in some cases even private addresses are published. The majority will hardly be bothered by this at the moment because about 90% of the inhabitants in Rongcheng have an A (Simina Mistreanu, “China Is Implementing a Massive Plan to Rank Its Citizens, and Many of Them Want In“, Foreign Policy, 03.04.2018).

At Alibaba, a score of over 600 leads to the possibility of taking out a small loan of around 5,000 yuan (around $700) when making purchases in its online shop. For scores 650 and higher, one no longer needs a deposit to rent a car, and you might enjoy the benefits of VIP treatment at certain hotels and airports. From 700 points, additional documents can be dispensed with on a trip to Shanghai, and for a person with at least 750 points, the procedure for applying for a Schengen visa is faster on the Chinese side. Currently, Sesame Credit does not yet seem to be imposing penalties (Rachel Botsman, “Big Data Meets Big Brother as China Moves to Rate Its Citizens“, Wired, 21.10.2017).

I’m being punished for issuing a credit guarantee for someone else. The loan wasn’t repaid and I was punished. When I wanted to buy a plane ticket, I couldn’t get one. As a result, I found out that I can no longer buy tickets. That was in November 2016. I can’t buy plane tickets or express train tickets. — cited in Axel Dorloff, “Sozialkredit-System: China auf dem Weg in die IT-Diktatur“, Deutschlandfunk, 09.09.2017.

Conclusion
The wide range of rewards should not deceive readers about the immense risks of this system. A totalitarian surveillance system is currently being established in China, which, depending on political needs, could quickly turn China into a huge prison. People on blacklists and with travel restrictions report that it is very difficult to be removed from these lists (also read Simina Mistreanu, “China Is Implementing a Massive Plan to Rank Its Citizens, and Many of Them Want In“).

However, the impact may not be limited to China. Even if a politically flavored social credit system is rather unlikely in democratic states, this does not mean that companies operating in democratic states do not want to adopt such a business model. Although China is the salient example of such a system, similar approaches can be seen elsewhere in the world. Companies have been assessing individual creditworthiness for a long time. For example: are you wondering why you can no longer get an Uber? Well, chances are you have a dismal passenger rating. By the way, Uber knows who among their customers has had a one-night-stand (Bradley Voytek, “Rides of Glory“, Uber Blog, 12.03.2012). The Danish company Deemly demonstrates how a “light” social credit system could also be marketed in Western countries. It evaluates the trustworthiness of individuals based on the evaluation of their activities on social platforms. In this context, the “Nosedive” episode in the “Black Mirror” series, a popular critique of technology and its social impact, seems to be right on the money. Besides, it should not be forgotten that internationally active Chinese companies such as Alibaba collect data not only from Chinese citizens but from all their customers (including geodata). With the rewards offered, customers are even voluntarily submitting their data.