Ben Tasker's Blog

Scheduled Downtime

This site will be unavailable for a short period later whilst the hosting company performs some essential hardware maintenance on my origin server.

As a result, some pages on the site may be unavailable.

https://mailarchives.bentasker.co.uk will also be unavailable as a result, other subdomains (such as http://projects.bentasker.co.uk) should remain available, although service may be limited.

 

Update 12:50 16/12

The maintenance has now been completed successfully and all services should be back online. Anyone experiencing issues should Contact me

Building a Tor Hidden Service CDN

Last year I started experimenting with the idea of building a Hidden Service CDN.

People often complain that Tor is slow, though my domain sharding adjustments to the bentasker.co.uk onion have proven fairly effective in addressing page load times.

On the clearnet, the aim traditionally, is to try and direct the user to an edge-node close to them. That's obviously not possible for a Tor Hidden service to do (and even if it were, the users circuit might still take packets half-way across the globe). So, the primary aim is instead to spread load and introduce some redundancy.

One option for spreading load is to have a load balancer run Tor and then spread requests across the back-end. That, however, does nothing for redundancy if the load-balancer (or it's link) fails.

The main aim was to see what could be achieved in terms of scaling out a high traffic service. Raw data and more detailed analysis of the results can be seen here. Honestly speaking, It's not the most disciplined or structured research I've ever done, but the necessary information should all be there.

This document is essentially a high-level write up along with some additional observations

Read more ...

Bentasker.co.uk now available as a Tor Hidden Service

Hidden Services have had something of a bad rap in the media of late, whilst it's undoubtedly true that some host some unpleasant material, the same can equally be said of the World Wide Web.

Hidden Services do have the potential to bring a much higher level of privacy to the end-user, and aren't always about hiding the origin from the user (or an attacker). The cryptography used in Tor's transport is arguably much stronger (and easier to change if found to be broken) that is available for HTTPS.

To that end, I thought it would be wise to configure the site to be multi-homed, that is to be accessible via both methods.

Because both are run by the same back-end, updates will appear on both at the same time.

So, you can now access BenTasker.co.uk at either

A link to the .onion has also been added to the Privacy bar on the left.

Read more ...

The State of Mobile Banking (in the UK)

News recently broke that Tesco Bank's Android App refuses to run when Tor is also installed on the handset, presumably in the name of security.

So, out of morbid curiousity, I thought I'd take a quick look at just how effectively various banking apps were secured. Banks, after all, should be at the forefront of security (even if they often aren't)

To start with a disclaimer - personally, I think using banking services on any mobile device is a bad idea from the outset, and some of the results definitely support that idea. I've only taken a cursory look, and not made any attempt to dis-assemble any of the apps.

 

Read more ...

David Cameron: Idiot, Dangerous or just a lover of soundbites?

We've heard Theresa May parroting the same lines for months, but in the wake of the Charlie Hebdo massacre, David Cameron has joined the choir of people calling for new surveillance powers.

Mr Cameron has stated that if the Conservatives are re-elected, he will ensure that there is no form of communication that cannot be intercepted by the government.

So, one of the question we'll be examining in this post, is - Is David Cameron

  1. An idiot who doesn't understand the technology he's talking about
  2. Demonstrating that pre-election promises are inevitably broken
  3. Planning on introducing a draconian surveillance state
  4. Being mis-informed by other parties
  5. Simply creating sound-bites to raise the chances of re-election

Most of the coverage thus far has focused on option 3 - which seems fair given that it's the inevitable result of actually attempting to do what he is claiming.

We'll also be taking a look at why Option 3 could, and should not happen

Read more ...