Slashdot Mirror

An anonymous reader writes "In 2012, EFF Pioneer Award winners are Hardware Hacker Andrew (bunnie) Huang, Anti-ACTA Activist and La Quadrature du Net cofounder Jérémie Zimmermann, and Groundbreaking Anonymity Group Tor. '"Every year, our Pioneer Awards celebrate those who have made a difference for digital freedom. We are extraordinarily proud of this year's winners and their unflagging dedication to protecting the rights of technology users around the world," said EFF Executive Director Shari Steele. "Whether it's your right to reverse engineer a game console, or to avoid the interference of overbroad IP enforcement, or to block websites or governments from tracking your every online move, these winners are working hard to protect our online freedom."' The 21st edition of the annual EFF Pioneer Awards ceremony will take place September 20 in San Francisco."

mask.of.sanity writes "The Tor Project is considering paying exit relay hosts to make the network faster and more secure. The project has called for discussion on the idea, notably from relay hosts. Its founder has suggested $100 a month would attract fast and diverse nodes. Exit nodes are the last hopping point on the Tor network and are critical to its performance and safety." The problem: "But lately the Tor network has become noticeably faster, and I think it has a lot to do with the growing amount of excess relay capacity relative to network load ... on today's network, clients choose one of the fastest 5 exit relays around 25-30% of the time, and 80% of their choices come from a pool of 40-50 relays. ... Since we're not doing particularly well at diversity with the current approach, we're going to try an experiment: we'll connect funding to exit relay operators so they can run bigger and/or better exit relays." As to funding: "We've lined up our first funder (BBG, ...), and they're excited to have us start as soon as we can. They want to sponsor 125+ fast exits."

mask.of.sanity writes "The Tor Project is considering paying exit relay hosts to make the network faster and more secure. The project has called for discussion on the idea, notably from relay hosts. Its founder has suggested $100 a month would attract fast and diverse nodes. Exit nodes are the last hopping point on the Tor network and are critical to its performance and safety." The problem: "But lately the Tor network has become noticeably faster, and I think it has a lot to do with the growing amount of excess relay capacity relative to network load ... on today's network, clients choose one of the fastest 5 exit relays around 25-30% of the time, and 80% of their choices come from a pool of 40-50 relays. ... Since we're not doing particularly well at diversity with the current approach, we're going to try an experiment: we'll connect funding to exit relay operators so they can run bigger and/or better exit relays." As to funding: "We've lined up our first funder (BBG, ...), and they're excited to have us start as soon as we can. They want to sponsor 125+ fast exits."

mask.of.sanity writes "The Tor Project is considering paying exit relay hosts to make the network faster and more secure. The project has called for discussion on the idea, notably from relay hosts. Its founder has suggested $100 a month would attract fast and diverse nodes. Exit nodes are the last hopping point on the Tor network and are critical to its performance and safety." The problem: "But lately the Tor network has become noticeably faster, and I think it has a lot to do with the growing amount of excess relay capacity relative to network load ... on today's network, clients choose one of the fastest 5 exit relays around 25-30% of the time, and 80% of their choices come from a pool of 40-50 relays. ... Since we're not doing particularly well at diversity with the current approach, we're going to try an experiment: we'll connect funding to exit relay operators so they can run bigger and/or better exit relays." As to funding: "We've lined up our first funder (BBG, ...), and they're excited to have us start as soon as we can. They want to sponsor 125+ fast exits."

mask.of.sanity writes "The Tor Project is considering paying exit relay hosts to make the network faster and more secure. The project has called for discussion on the idea, notably from relay hosts. Its founder has suggested $100 a month would attract fast and diverse nodes. Exit nodes are the last hopping point on the Tor network and are critical to its performance and safety." The problem: "But lately the Tor network has become noticeably faster, and I think it has a lot to do with the growing amount of excess relay capacity relative to network load ... on today's network, clients choose one of the fastest 5 exit relays around 25-30% of the time, and 80% of their choices come from a pool of 40-50 relays. ... Since we're not doing particularly well at diversity with the current approach, we're going to try an experiment: we'll connect funding to exit relay operators so they can run bigger and/or better exit relays." As to funding: "We've lined up our first funder (BBG, ...), and they're excited to have us start as soon as we can. They want to sponsor 125+ fast exits."

New submitter jetcityorange tipped us to a nasty security flaw in Cyberoam packet inspection devices. The devices are used by employers and despotic governments alike to intercept communications; in the case of employers probably for relatively mundane purposes (no torrenting at work). However, the CA key used to issue fake certificates so that the device can intercept SSL traffic is the same on every device, allowing every Cyberoam device to intercept traffic that passed through any other one. But that's not all: "It is therefore possible to intercept traffic from any victim of a Cyberoam device with any other Cyberoam device - or, indeed, to extract the key from the device and import it into other DPI devices, and use those for interception. Perhaps ones from more competent vendors."

New submitter jetcityorange tipped us to a nasty security flaw in Cyberoam packet inspection devices. The devices are used by employers and despotic governments alike to intercept communications; in the case of employers probably for relatively mundane purposes (no torrenting at work). However, the CA key used to issue fake certificates so that the device can intercept SSL traffic is the same on every device, allowing every Cyberoam device to intercept traffic that passed through any other one. But that's not all: "It is therefore possible to intercept traffic from any victim of a Cyberoam device with any other Cyberoam device - or, indeed, to extract the key from the device and import it into other DPI devices, and use those for interception. Perhaps ones from more competent vendors."

Regular contributor Bennett Haselton writes "As Google releases more data about their compliance with requests from foreign governments, they should clarify their stance on exactly when they will comply with requests to turn over user data to foreign law enforcement." Bennett expands on that thought below; read on for some details of just why that kind of disclosure matters, in making sense of Google's own efforts to provide transparency. Google, as part of its ongoing Transparency Project, announced last week the release of its latest data on takedown requests and user account information requests from governments around the world. I'm glad that notorious human rights violators like Turkey are still scoring 0 for 88 in their requests to get Google to turn over information on users allegedly breaking Turkish law. But Google should still clear up some ambiguities in its stated policies about when it will remove content in response to a government request, and (especially) when it will turn over user information to foreign law enforcement. Google's FAQ on user data requests says that "whenever we receive a request we make sure it meets both the letter and spirit of the law before complying." This, however, raises a few questions:

1. Does "the letter and spirit of the law" refer to U.S. law, or the law in the country from which law enforcement sends the request? Presumably if a user in China or Saudi Arabia were using their Google account to send messages that criticized their own government, in violation of local "laws," Google would not turn over that user's information to that country's law enforcement on demand. That should be an easy call, since China and Saudi Arabia are dictatorships. But what about democratic countries like Canada and Germany, which nonetheless have anti-hate-speech laws that are inconsistent with American free speech guarantees? If German law enforcement demanded the identity of a German account holder who was publishing Nazi propaganda (which would be legal in the U.S., but is illegal in Germany), what would Google do?

2. What if foreign law enforcement claims that a Google account holder is doing something which would be illegal even in the U.S. — but the request comes from a country where law enforcement is known to be corrupt? And what if the claim is such that Google can't verify the veracity of the claim by simply looking at the account contents? (For example, if law enforcement claims that a criminal gave the police a gmail.com address as a Dropbox for them to respond to a ransom demand, Google can't verify that claim just by looking at the contents of the inbox.) In such cases, does Google respond to the request anyway, even if the police might be lying in order to unmask a Google account holder who hasn't done anything illegal?

3. Does the answer to either #1 or #2 above depend on whether Google has offices in the country making the request, and can be more easily pressured to comply with their demands?

With regard to governmental requests to remove content, Google has also not explicitly stated whether they use local laws or U.S. laws as a guideline. However, based on the incidents in the Notes section, the rule seems to be: Google will remove content only if it violates Google's own terms of service, but if content violates local laws in a given country, Google may block access to that content from that country, even if the content doesn't violate Google's policies. For example, Google restricted users in Thailand from viewing YouTube videos that offended the Thai monarch, and restricted Turkish users from viewing two videos that criticized Atatürk. As insulting as this is to the free speech rights of the people of those nations, Google could argue that if they hadn't restricted those videos, the entire YouTube site would have been blocked in those countries (which it has been in the past, in both Thailand and Turkey). And at least having your YouTube videos blocked in your home country won't put you in physical danger.

On the other hand, having your identity unmasked and turned over to your government could put you at risk of arrest and a long prison sentence, as happened to Shi Tao after Yahoo disgracefully turned his information over to Chinese officials. So it's a good thing that Google's compliance rate with user data requests is much lower. But given the higher stakes, it's all the more important for Google to clarify when they will comply with such requests.

I sent a message to Google's press office asking about their policy of following the "letter and spirit of the law" in complying with data requests, and whether that referred to U.S. law or the law in the country whose government made the demand. I got back a response copied and pasted from the user data requests FAQ:

Like all law-abiding companies, we comply with valid legal process. We take user privacy very seriously, and whenever we receive a request we make sure it meets both the letter and spirit of the law before complying. When possible and legal to do so, we notify affected users about requests for user data that may affect them. And if we believe a request is overly broad, we will seek to narrow it.

I immediately wrote back:

But when you say you make sure a request "meets both the letter and spirit of the law", whose law are you talking about — U.S. law, or the law of the country where the request originated?

If Saudi Arabia has laws on the books against criticizing the King, and the Saudi police use that as the pretext to demand that you turn over a subscriber's identity because that user criticized the government, I presume you don't comply with requests like that. But does that mean that you only turn over subscriber identities if the foreign law enforcement can show that the subscriber did something that would be illegal under U.S. law?

(It's always a bit awkward trying to turn a cut-and-paste job into a real conversation.) Google's PR said they had nothing more to add, but I've asked some mid-to-highly-placed friends at the company to see if they could get someone to comment in more detail, and I'll follow up if they get back to me.

The question came up when I was at a conference talking with some activists from Latin America, who were asking about the safest way to email a sensitive message or document out of the country over an encrypted connection, to a contact person in the U.S. I said that even though they had already heard about solutions like Tor and PGP, the simplest solution in their case would just be to use Gmail to send the message or the file, since their connection to Google's Gmail servers in the U.S. would be encrypted over https://. (Once the message is sent out from Gmail's servers to its recipient, it would be transmitted unencrypted, but by that point the law enforcement in the sender's home country would no longer be able to intercept it.) Another techie pointed out that Google had long been complying with many foreign governments' requests for user data, as documented on their Transparency Project page, and said that should be taken into account before recommending for anyone to use Google products in a hostile country.

But if you look at the Transparency Project chart for user data requests, it looks like Google does not regularly hand out user data to regimes that are major human rights violators (the only two such countries appearing on the list are Russia and Turkey, and Google has apparently complied with exactly 0% of their requests). I'm not a fan of everything that every other country on that list has done, but they're mostly democratic nations that are probably not abusing the data request process as much as, say, Venezuela would.

So even without specific assurances from Google, I still think that Gmail is safer than PGP for the purpose of sending an encrypted message out of a hostile country without attracting attention to yourself. Remember, if you send a message to someone encrypted with PGP, and a third party intercepts the message, the interceptor can still see that the encrypted portion is bookended with the words "BEGIN PGP ENCRYPTED MESSAGE" and "END PGP ENCRYPTED MESSAGE" — so even if they can't tell what you said, they still know that you went out of your way to send an encrypted email. (Similarly, if you're using Tor, an eavesdropper can't tell what you did over your encrypted Tor connection, but they could still detect that you're using Tor, either by studying the traffic patterns or by keeping a list of known Tor servers and watching to see if you connect to one of them.) By contrast, everyone who connects to Gmail, connects automatically over an encrypted https:// connection, so an eavesdropper would not detect anything unusual about your usage of Gmail that might tip them off that you were trying to hide something. Gmail is the safest of the major mail providers in this regard; Hotmail serves your messages over an encrypted connection only if you opt in to that feature, and Yahoo Mail doesn't provide that option at all. So it's precisely because Gmail is an almost-perfect secure communications solution, that I'd really like to be able to trust it even more, by getting a clearer statement from Google about when exactly it would turn over a subscriber's identity to a government.

Google seems like they're trying to do the right thing in response to demands from foreign countries with less-than-stellar human rights records. With regard to user data requests, Google must be following some internal rule, and the right thing to do would be to tell us what the rule is.

Sparrowvsrevolution writes "Tor developers Arturo Filasto and Jacob Appelbaum have released OONI-probe, an open-source software tool designed to be installed on any PC and run to collect data about local meddling with the computer's network connections, whether it be website blocking, surveillance or selective bandwidth slowdowns. Unlike other censorship tracking projects like HerdictWeb or the Open Net Initiative, OONI will allow anyone to run the testing application and share their results publicly. The tool has already been used to expose censorship by T-Mobile of its prepaid phones' browser and also by the Palestinian Authority, which was found to be blocking opposition websites. The minister responsible for the Palestinian censorship was forced to resign last week."

Fluffeh writes "Federal authorities have arrested eight men accused of distributing more than $1 million worth of LSD, ecstasy, and other narcotics with an online storefront called 'The Farmer's Market' that used the Tor anonymity service to mask their Internet addresses. Prosecutors said in a press release that the charges were the result of a two-year investigation led by agents of the Drug Enforcement Administration's Los Angeles field division. 'Operation Adam Bomb, ' as the investigation was dubbed, also involved law enforcement agents from several U.S. states and several countries, including Colombia, the Netherlands, and Scotland. The arrests come about a year after Gawker documented the existence of Silk Road, an online narcotics storefront that was available only to Tor users. The site sold LSD, Afghani hashish, tar heroin and other controlled substances and allowed customers to pay using the virtual currency known as Bitcoin."

Frequent Slashdot contributor Bennett Haselton writes "Tunisia's high court will decide on Wednesday whether to allow censoring of websites containing pornography or 'calls to violence.' It's disappointing that censorship continues in post-revolutionary Tunisia, but it's enough of an improvement over the old regime, that anti-censorship cyber-activism efforts would probably best be spent on helping other countries." Read on for Bennett's analysis.

In Tunisia, where dictator Zine El Abidine Ben Ali was ousted one year ago amid hopes for a new era of freedom, the high court will decide on Wednesday whether to censor foreign pornographic websites in accordance with local law. Facebook pages that "call for violence" may also be blocked. Conveniently, all the machinery for censoring the Internet in Tunisia is already in place, having been installed under Ben Ali's dictatorship for the purposes of censoring and spying on Tunisian citizens (and, for a while, phishing their Facebook passwords). The irony recalls the situation in Iraq in 2009, when the government announced plans to start censoring foreign websites -- to which Iraqi citizens complained that they thought censorship would end with the fall of Saddam's regime. Actually, apart from the three outlier countries of Turkey, Israel and Lebanon, pornography remains illegal in every Middle Eastern country (and some conservative African nations), including the recently "liberated" ones including Egypt, Iraq and Tunisia. (Although, Iraq's street market in pornography thrives as long as the police have better things to do.)

I'm against such censorship in principle -- I think that even the right to publish and access pornography counts as a fundamental human right. But I think we have to take what progress we can get, and censoring just pornography and calls to violence, is a big improvement over censoring pornography and dissident political speech, which is the norm in most non-"liberated" Middle Eastern countries like Syria, Iran, and Saudi Arabia. Syria blocks foreign opposition sites like All4Syria.info, Iran blocks Facebook and YouTube to keep dissidents from posting or viewing anti-government material, and Saudi Arabia blocks Reporters Without Borders and filters the Amnesty International report on human rights in Saudi Arabia (but not the rest of the Amnesty International site!).

Saudi Arabia blocking the Amnesty International report on human rights in their country (while leaving the rest of the site unblocked), in particular, seems like the kind of thing that a government would do more as a "fuck you" to human rights activists, than a means to achieve a practical goal. For one thing, most of the facts in the human rights report about Saudi Arabia -- about sex discrimination and lack of political and religious freedom -- are already well known to the people who live there. And secondly, what percent of the citizens of a country would ever read the Amnesty International report on human rights in that country, even if it were not blocked? How many Americans even know that Amnesty puts out an annual report about human rights violations in the United States? So it seems more like a symbolic move to remind everyone who's in charge. For all the disappointment in the lack of progress for free speech in post-"liberation" countries, the non-"liberated" ones are indeed worse.

As for the Tunisian proposal to censor "calls to violence", I wouldn't always be against that, even in principle. In most countries, direct incitements to violence can be considered illegal (it depends on what you say and, of course, on what judge you get). In a developing country rife with ethnic tensions, even greater restrictions on calls to violence could be justified. When you finally watched Hotel Rwanda , weren't you hoping someone would bust in on that radio DJ telling everyone to kill Tutsis in the middle of a civil war, and blow him to hell? The biggest problem with a rule against "calls to violence" is that the government could stretch the definition to silence political speech. But it's possible to keep that kind of abuse in check, as has mostly been achieved in the U.S. For that, what you need is an independent judiciary, not an abolishment of all rules against calls to violence.

So the free-speech situation in "liberated" Tunisia may be nothing to write home about, but it sounds much better than it used to be, when writing home to complain about it could get you arrested. A Wall Street Journal article from July 2011 describes how, under Ben Ali's dictatorship, Tunisian cyber-activist Slim Amamou had been imprisoned and abused by the police for calling for peaceful demonstrations. Post-revolution, he was freed and asked to join the interim government, where the strictest restriction placed on him was to "stop sending Twitter messages during internal government meetings to his 25,000 followers". They may not have their porn, but that's still progress.

Of course, if someone in Tunisia wants to circumvent the government filters (using tools like proxy sites, VPNs, Tor, UltraSurf, Psiphon, etc.) and get to a porn site, more power to them. I just wouldn't make it a priority to set aside resources to help them get it. Not while there are Iranians who need help getting around the latest restrictions blocking them from Facebook and Gmail.

Two caveats. First, if someone wants to sell circumvention services to Tunisians who just want to get around the porn blocker, that doesn't count as "setting aside resources", so that's a perfectly noble endeavor. In fact, given the economies of scale in the circumvention business, selling to Tunisians could help to bring the price down for other users, including users in countries like Saudi Arabia where the government does engage in political filtering, and where circumvention services could be a tool for social change. Second, providing circumvention services (free or paid) to Tunisians, does probably make it less likely that the new government would revert to political censorship, knowing that many of its citizens have the tools to beat it, even if those tools are only currently used to access porn sites. So to that extent, setting aside resources to provide circumvention services in Tunisia might be a worthwhile cause.

Still, I think it's a lot less important than using circumvention tools to fight political censorship in truly autocratic countries like Iran. For the next generation of proxy servers that I'm rolling out, I'm working on setting aside some of them just for Iranian IP addresses. Even if Iranians just use them to get on Facebook, that's still contributes more to advancing the cause of social democracy, than Tunisians using them to get on Playboy.

snydeq writes "With so many threats to a free and open Internet, sooner or later, people will need to arm themselves for the fight, writes Deep End's Paul Venezia. 'If the baboons succeed in constraining speech and information flow on the broader Internet, the new Internet will emerge quickly. For an analogy, consider the iPhone and the efforts of a few smart hackers who have allowed anyone to jailbreak an iPhone with only a small downloaded app and a few minutes,' Venezia writes. 'All that scenario would require would be a way to wrap up existing technologies into a nice, easily-installed package available through any number of methods. Picture the harrowing future of rampant Internet take-downs and censorship, and then picture a single installer that runs under Windows, Mac OS X, and Linux that installs tor, tools to leverage alternative DNS servers, anonymizing proxies, and even private VPN services. A few clicks of the mouse, and suddenly that machine would be able to access sites "banned" through general means.'"

Trailrunner7 writes with an article at Threat Post about China's ability to block Tor. From the article: "The much-discussed Great Firewall of China is meant to prevent Chinese citizens from getting to Web sites and content that the country's government doesn't approve of, and it's been endowed with some near-mythical powers by observers over the years. But it's somewhat rare to get a look at the way that the system actually works in practice. Researchers at Team Cymru got just that recently when they were asked by the folks at the Tor Project to help investigate why a user in China was having his connections to a bridge relay outside of China terminated so quickly. Not only is China able to identify Tor sessions, it can do so in near real-time and then probe the Tor bridge relay and terminate the session within a couple of minutes."

An anonymous reader writes "While there has been a port of Tor for jailbroken iOS devices for a long time, there was no way to use it if you did not want to lose your warranty. Now it looks like Apple has approved a Web browser for the iPad called Covert Browser, which includes a Tor client. If you look at the first screenshot on the author's page it looks like you can even select the Exit node. According to App Shopper it already hit place 64 in the iPad/Utilites category." And from another (of course) anonymous reader comes a link to CmdrTaco's take on another instance of Tor breaking into the world of "real users." As he notes, the Tor Cloud Project has posted simple instructions for installing EC2 Tor nodes using free-tier VMs (or paid nodes for roughly $30/month).

Earlier in the week, we posted news of a vulnerability discovered in virtually all websites secured with theoretically outdated (but widespread) versions of SSL and TLS encryption. Luckily for all non-nefarious users, this vulnerability (called BEAST, short for Browser Exploit Against SSL/TLS) was discovered and disclosed by researchers Thai Duong and Juliano Rizzo, and browser makers are pushing out changes to nullify it. Many systems, though, will remain unpatched for a long time. Nick Mathewson (nickm) of the Tor project has posted an explanation of why Tor traffic, as he understands the attack, remains safe. As a side benefit for those of us who aren't security experts, his description explains in plain language just what the danger is.

decora writes "On several recent Wednesdays, Russian language social networking site Vkontakte has been blocked by the government of Belarus. The blocks are partly to prevent the organization of 'Silent Protests,' in which citizens gather in city squares, and clap in protest against president Alexander Lukashenko. The government has designated the people involved as "social network revolutionaries" and charged many with disorderly conduct. One VKontakte user, Mikhail Karatkevich, is to be put on trial August 10 for 'organizing a mass rally' after he posted a meeting notice onto his page. According to Charter 97, the regime has even set up fake proxy servers to capture the unwitting; Tor is the suggested solution."

An anonymous reader writes "Viewable with Tor installed, search engine DuckDuckGo has erected a hidden service for secure, encrypted searches through the Tor network. While past attempts at hidden service search engines failed due to uptime or quality issues, DuckDuckGo marks the first time a real company operating a public search engine has offered a solid search engine as a hidden service for Tor users."

The New Yorker is featuring a long and detailed profile of Julian Assange, founder of Wikileaks. From this Wired's Threat Level pulls out one salient detail: that Wikileaks' initial scoop came from documents intercepted from Tor exit routers. The eavesdropping was pulled off by a Wikileaks activist — neither the New Yorker nor Wired knows who or even in what country he or she resides. "The siphoned documents, supposedly stolen by Chinese hackers or spies who were using the Tor network to transmit the data, were the basis for Wikileaks founder Julian Assange's assertion in 2006 that his organization had already 'received over one million documents from 13 countries' before his site was launched ..." Update: 06/02 06:31 GMT by T : In reaction to the Wired story, and the New Yorker story on which it drew, Andrew Lewman of the Tor Project points to this explanation / reminder of what Tor's software actually does and does not do. Relevant to the claims reported above, it reads in part "We hear from the Wikileaks folks that the premise behind these news articles is actually false -- they didn't bootstrap Wikileaks by monitoring the Tor network. But that's not the point. The point is that users who want to be safe need to be encrypting their traffic, whether they're using Tor or not." This flat denial of the assertion that Wikileaks was bootstrapped with documents sniffed from the Tor network is repeated unambiguously in correspondence from Wikileaks volunteers.

An anonymous reader writes "I went across your post a few days ago saying that a machine connected to the Internet was all one needed to spy on most BitTorrent users of the Internet. I followed the link to find out that those researchers from INRIA claimed their attacks also worked for BitTorrent users on Tor. I didn't believe it at first, but then today I found this link on the Tor Project. It seems their attacks don't only link your real IP to your BitTorrent files on Tor but also to the web pages that you're browsing! Tell me it's a joke." No joke, but according to Jacob Appelbaum (a Tor developer), the security flaw is more nuanced — and the fault of software outside of Tor. Read on for his explanation of how the privacy benefits of Tor can be easily lost. Appelbaum writes "This isn't a failing of Tor, it's a failing of BitTorrent application designers and a privacy failure of their users too. The BitTorrent clients don't appear to double check the information that's ripe for tampering. When combined with common BitTorrent applications that aren't designed for privacy, it's possible to cause a BitTorrent client to leak information about their actual source IP. The BitTorrent protocol is difficult to anonymize with a simple proxy. Ironically, one of the best points of the paper is that those BitTorrent clients also harm the anonymity of the users' web browsing. The user's browsing will often leave the same Tor Exit Node as their BitTorrent traffic; the user is using the same circuit for browsing as they are for BitTorrent. If the user isn't practicing safe browsing techniques, they're probably going to reveal some more of their traffic to the authors of the paper. This is just like the normal internet too. If you browse unsafely, people can observe you or tamper with the data in transit. So in conclusion, this paper isn't about busting anonymity networks as much as it is about busting BitTorrent client privacy." Additionally, he says, "Tor can't keep you anonymous if you don't actually use Tor for your connections. ... The real key is that if they had done transparent proxying (that failed closed) and they had a privacy-aware BT client, the user would probably be fine. Please don't use BitTorrent and Tor together."

Slashdot frequent contributor Bennett Haselton writes a piece advocating for Pop-Ups and even more obtrusive advertising. But not for the reasons you might think. He says "Annoying pop-up ads have been a great friend to Internet freedom, by enabling the operation of proxy sites that would be too expensive to operate otherwise. With the rising costs of making new proxy sites to stay ahead of the 'censorware' companies, even more intrusive ads could be an even bigger friend to Internet freedom. Got any ideas for how those more intrusive ads could work?" Clicky clicky below to read his point.

Most news and information websites carry advertisements, but usually not more than one pop-up ad, if they have pop-ups at all. This is because the costs of running the sites are low enough that they can usually pay for their costs with revenue from regular ads. Surely the site owners would like the extra money that they could get from pop-ups, if their viewers had nowhere else to go. But if they tried to get away with too many pop-ups on a typical news site, visitors would just leave for their competitors' sites instead. Competition keeps the "prices" — in terms of the ads that you have to view in order to visit a website — low.

By contrast, most proxy sites [that's not a link to one of my sites, so quit yer whining] — sites that you can use to get around Internet blocking, by using a form to type in the URL of the site that you want to access so the proxy site will fetch its contents for you — are festooned with pop-up ads, sometimes on every page load. As I can easily attest, the bandwidth and hardware costs of running a proxy site are sufficiently high that there would be no way to pay for the sites with the revenue from normal banner ads and AdSense blurbs. It's no exaggeration to say that most proxy sites, which enable people to circumvent government filtering in countries like China and Iran (not to mention helping millions of students get on Facebook and YouTube from school), would not exist without the pop-up ads to prop them up. (This may not be true of a proxy site that your high school classmate set up for himself and some friends, but it's true of most proxies created to serve a wide audience.)

Unfortunately it's becoming more expensive to run an effective proxy service that enables users to get around most enterprise filtering programs. If it gets to the point where normal pop-up ads do not bring in enough revenue to pay for the service, we might need a new breed of even more intrusive (and better-paying) ads. More intrusive than the drop-down ads that play noisy videos. More intrusive than the Flash animations that crawl across the screen on top of the words you're trying to read. I'm going to argue that a company that figures out how to run the most intrusive ads of all, could be the new best friend of Internet freedom. But first a note about why the costs are increasing.

Two years ago, I thought the cost of maintaining a proxy site to help people get around Internet filtering, would steadily fall, as bandwidth and processing power got cheaper. But bandwidth and hosting costs didn't drop as much as I had hoped, and the cost of maintaining an effective anti-filtering service has actually gone up, due to some advances made by Internet censoring programs. In 2007, the then-current versions of filtering programs like Smartfilter, Websense, and the 8e6 R3000 would typically only download updates to their blacklists once in the middle of the night. This meant that I could mail out a new proxy site to my proxy mailing list just after midnight, and it would be accessible to the mailing list subscribers all of the following day. (You wouldn't be able to get to them if your local network administrator subscribed to the mailing list and added the new sites to the local blacklist as soon as they came out, but most network admins didn't bother.) As of 2010, though, the latest versions of most enterprise filters are configured to automatically update their lists every hour or two. So to stay ahead of the filters, I have to mail out several sites every morning to different portions of the mailing list, so that the filtering companies generally learn about them and block them at different points throughout the day. Just registering several .com domains every day is not cheap. (GoDaddy sells .info domains for less than a dollar apiece, but this proved to be an ineffective solution because too many censored networks simply block all .info sites.)

There are also the increasing costs of maintaining compatibility with complex sites like Facebook and YouTube. Accessing Facebook through a proxy is still a hit-or-miss proposition. (I steer my users toward accessing the mobile version of Facebook, http://m.facebook.com/ , through the proxy, because it's a stripped-down version built for compatibility with mobile devices, and this simpler version is less likely to break when accessed with a proxy script.) YouTube access depends mainly on whether the latest YouTube plugin for the Glype proxy script is compatible with the current YouTube interface, and likewise can be working one week and broken the next. It's not hard to run a proxy site that provides compatibility with the most popular sites that people want to access, but it takes real work -- you can't just upload the script and forget about it.

(Many users in censored countries also use tools like Tor and UltraSurf to bypass their country's filters, but some of my contacts in those countries say that those tools are often too slow for them, so they end up using proxy sites instead. Since UltraSurf and Tor are free services, funded by donations and staffed by volunteers, the demand for those services can easily swell until they slow down from the overload.)

So what happens if maintaining an effective anti-censorship service becomes too expensive to pay for using just pop-up ads? Well, you could charge money for using your proxy site, but that brings with it a whole host of other problems. You have to set recurring billing in order to be paid through PayPal or some similar service, and run the risk of your funds being frozen if someone files a crank complaint against you. If one user has a paid account, you have to worry about them sharing the account with their friends or posting the account credentials on a public message board. And there are many proxy operators (including me) who would like to think that the proxies do provide a valuable public service to the world, and wouldn't want to exclude people who can't afford the monthly access fee.

I propose that ads which are even more intrusive than pop-ups -- thus grabbing more of the user's attention and providing more value to the advertiser, thus enabling them to pay more to sites which run the ads -- would enable proxy site operators to fund more of the costs of their operation, and hence would be a Good Thing. The existence of such intrusive ads does not mean that they would suddenly be plastered all over every proxy site. If your user base can be served for a lower cost, then you don't have to "charge" as much (in terms of advertisement intrusiveness) to use your proxy service. Over 90% of the traffic to my proxy sites is to domains that have already been blocked a long time ago by Websense, Smartfilter, Lightspeed, and most of the rest of the censorware companies. Apparently there are a lot of users who are on censored networks and who need proxies, but whose network admins just haven't updated the blacklists in a very long time, or who haven't paid the subscription fee to keep downloading database updates. Since you don't need to register 10 new domain names every day to serve that audience, there would continue to be proxies for those users with less-intrusive ads on them. But the more-intrusive (and higher-paying) ads would also enable proxy webmasters to serve a "higher-end" audience, the ones who need several new sites every day, to stay ahead of the more frequently-updated filters.

I can think of several ways that more intrusive ads might work. My favorite would be a "quiz" model wherein a drop-down advertisement appears in front of the site you're trying to access, consisting of some promotional content, and a little form at the bottom. In order to make the drop-down ad disappear, you have to read the ad and fill in the answers to some one-word questions or multiple-choice questions about the content, to prove you actually read it.

Perhaps I'm biased in favor of this idea because I'm tired of ads that contain splashy graphics and expensively licensed music and never contain any actual information. The only television ad that I can recall viewing in the past year which prompted me to actually buy the advertiser's product, was the Pizza Hut ad announcing that you could get a large pizza with any number of toppings for $10. That's what I want in an ad. I give you $10. You give me a pizza. (And this extra plug for their $10 pizza promotion, can be considered a thank-you to them for running an ad that actually had something to say.) Most ads on TV are far less informative, serving mostly to give a glossy sheen to the advertiser's brand name. Yet these ads are paid for by corporations who do the market research and the focus grouping, so the ads must work. Many economists, including Tim Harford in The Undercover Economist and Steven Landsburg in The Armchair Economist, have explained why companies pay for ads that do nothing except look expensive: Because they prove to the viewer that the company intends to be around for a long time, in order to capitalize on the long-term exposure given to them by the ad. This has become so standard that making an ad which actually gives the user information seems tawdry by comparison. The most ghetto-sounding word in TV advertising is "infomercial".

But I think that some companies could benefit from greater exposure of actual information about their product, just as there are companies that pay for informercials. And if a company like Linksys really wanted to run a splashy ad that contained no actual information, and then make me answer some questions at the bottom like:

Linksys is:
(a) the leading manufacturer of wireless adapter cards
(b) the leading manufacturer of wireless routers
(c) the leading manufacturer of wireless monitoring cameras
(d) all of the above!!!

then that's their prerogative. The quiz-advertisement model only says that advertisers can require users to answer a question before closing the ad; it would be up to the advertiser to decide what question works best. I suspect that the actual-information model would work better for quiz ads, but advertisers could try both and see what works.

There are already some websites that require you to "complete an offer" (i.e. become a customer of some third-party company, at least for a free trial period) in order to use their services, but most proxy sites have so far declined to carry advertisements like these. Evidently their users consider this too high of a price to pay to access a proxy site. Filling out an offer is not just time-consuming, but leaves the door open to future problems -- will they sell your name or your e-mail address? Will they make it hard to cancel your "free trial", and then start billing you? The problem seems to be that there is too large of a gap between the "fees" associated with the two options -- a normal advertisement doesn't bring enough money to the proxy operator, but a complete-an-offer advertisement is such a steep price that most users won't pay it. The "quiz ad" is like a "fee" that falls nicely in the middle -- a smaller time commitment, and your worries are over after you fill in the quiz and hit submit.

If the very thought of such an ad still seems too annoying for words, then I think that objection misses the point. If the revenue from "normal" ads (pop-ups, drop-downs, AdSense widgets) is enough to pay for the operation of a "high-end" proxy service (catering to the people who need several new proxies every day), then such proxy services with "normal" ads will continue to exist. Indeed, anyone who tried running the more annoying "quiz ads" would not be able to get off the ground, because users would flock to the competing proxy sites using normal ads instead. If "high-end" proxy services flourished that were using quiz ads, it would only be because you simply can't provide a high-end service for less money than the quiz ads are bringing in.

It's possible that some advertisers would be reluctant to display ads in a manner that users would continue an annoying obstacle, but I'm not sure that's really a problem. The most intrusive advertisements currently in use on mainstream websites are probably the "premercials" that display before some news videos on CNN.com and other news sites. Unlike drop-down ads which can be closed with the click of a button, the video pre-mercials can't be skipped. Since you're actually expecting the news video to come up immediately when you click the link to start playing the video, you would think that many users would grit their teeth in annoyance upon seeing the "pre-mercial", and transfer that irritation to the advertiser's brand name, but there are so many big-name companies buying those pre-mercials that they must believe it's having a positive effect. So intrusiveness itself doesn't seem to tarnish a brand.

But I don't propose to micro-manage suggestions for how the more intrusive ads would look, or how advertisers should tailor their ads to fit the format. I'm just saying that a new breed of more intrusive ads, even more annoying than pop-ups, might be just what we need to stay ahead of increasingly sophisticated Internet censors. It's still technically quite trivial to release a steady stream of new proxy sites that defeat most Internet filters, but it costs money to buy domains and maintain the service, and the money has to come from somewhere.

An anonymous reader writes "If you use Tor, you're cautioned to update now due to a security breach. In a message on the Tor mailing list dated Jan 20, 2010, Tor developer Roger Dingledine outlines the issue and why you should upgrade to Tor 0.2.1.22 or 0.2.2.7-alpha now: 'In early January we discovered that two of the seven directory authorities were compromised (moria1 and gabelmoo), along with metrics.torproject.org, a new server we'd recently set up to serve metrics data and graphs. The three servers have since been reinstalled with service migrated to other servers.' Tor users should visit the download page and update ASAP."

An anonymous reader writes "If you use Tor, you're cautioned to update now due to a security breach. In a message on the Tor mailing list dated Jan 20, 2010, Tor developer Roger Dingledine outlines the issue and why you should upgrade to Tor 0.2.1.22 or 0.2.2.7-alpha now: 'In early January we discovered that two of the seven directory authorities were compromised (moria1 and gabelmoo), along with metrics.torproject.org, a new server we'd recently set up to serve metrics data and graphs. The three servers have since been reinstalled with service migrated to other servers.' Tor users should visit the download page and update ASAP."

Frequent Slashdot contributor Bennett Haselton writes "A simple experiment shows that it's easy to find the IP addresses used by the UltraSurf anti-censorship program, and block traffic to all of those IP addresses, effectively stopping UltraSurf from working. But this is not a fault of UltraSurf; rather, it demonstrates that an anti-censorship software program can be successful even if it's relatively trivial to block it." Read on for Bennett's analysis.
UltraSurf is an enormously popular program used to circumvent Internet censorship in countries like China (as well as schools and workplaces in mostly-free countries like the US, with mixed success). When you run UltraSurf on your computer, it re-routes your outgoing Internet traffic to external IP addresses controlled by UltraSurf, so that it looks to observers (and network censors) as if you are connecting to UltraSurf's IP addresses, rather than a website like YouTube or Facebook that may be banned on your network.

UltraSurf uses a list of thousands of external IP addresses, to make it non-trivial for an adversary to locate all of their IP addresses and block them all. However, using a few steps that would be obvious to many programmers facing the same problem, I did find a way to detect all the IP addresses that UltraSurf connects to, and block all of them so that UltraSurf stopped working. It would not be hard for a government censor operating the filter in a country like China to do the same thing. But this does not mean that UltraSurf's network is likely to collapse any day now; on the contrary, it means that it and similar programs are likely to flourish for years to come, since the censors obviously have other priorities.

Some background information first. Most Internet censorship circumvention tools fall into one of two categories (whose names I have just invented for the purpose of this article):
(1) Self-bootstrapping. If a program is self-bootstrapping, then in a censored country you simply run a copy of the program and it will establish a connection to an IP address outside the country, one of many in a large "cloud" of IP addresses controlled by the software program's publisher. Thereafter, your Internet usage is routed through that connection in order to evade your country's filter. UltraSurf and Tor fall into this category.
(2) Non-self-bootstrapping. To use one of these programs from a censored country, first you have to get a friend in a non-censored country to install the software on their computer (or their webserver, if they have one). Then they give this location (normally in the form of a URL) to their friend in the censored country, and their friend types that URL into their browser to circumvent their country's filtering. Psiphon is the best-known program in this group.

In 2006 I wrote that even though the first category of programs was more convenient to use (not requiring you to rely on a friend in an uncensored country), any program in that category could be blocked by an adversary willing to make only a modest amount of effort: Install the program, see what IP addresses it connects to, block those, see if the program connects to any other backup IP addresses, block those, and so on, until the program runs out of IP addresses to use. There are a few simple countermeasures that designers of a program could take, but they can also be defeated easily.

(For example, if the program randomly chooses an IP address from a large internally stored list, then you just have to run the program over and over until you've found most of the IP address chosen by its random algorithm. A cleverly written program could try to evade this as follows: Pick a set of IP addresses at random from the list, and then "lock in" to that set of IP addresses, so that future runs of the program on that PC will always connect to those IP addresses, ignoring the other ones in the list. This makes it a little bit harder for the censor to pry out all of the IP addresses in the program's internal list. But then you, as the censor, can either (a) run the program repeatedly, but find where the program stores its "locked set" and erase that between each run, so that on future runs the program will keep selecting a different IP address set, or (b) if you can't figure out where the program is storing its "locked set" between each run, then just install the program repeatedly on different machines.)

One way or another, if the program knows what IP addresses to connect to when it bootstraps itself, the attacker can trick the program into revealing all of them. The attacker doesn't even need to reverse-engineer the software to see the set of instructions that it's executing internally; they only need to be able to see the IP addresses that the program is connecting to.

Much later, I was able to reduce this to practice in an experiment on my own machine, using a Perl script, the built-in Windows "netstat" tool to list connections from locally running programs to outside IP addresses, and the "ipseccmd" tool to add new firewall rules blocking those IP addresses. After the script was left running overnight, it had collected and blocked all the IP addresses that UltraSurf apparently used, and on future runs, UltraSurf would display an error message saying that it couldn't find any IPs to connect to.

(Interestingly, netstat also showed that UltraSurf frequently opened connections to www.google.com over SSL -- that is, accessing URLs that would begin with "https://www.google.com/" -- so that traffic between the program and the Google website would be encrypted, and the contents would be invisible to censors in China. When I saw it was doing that, I added an exception to the script so that the Google IP addresses would not be blocked. Perhaps it was submitting search terms to Google in order to find pages that give the location of the latest UltraSurf connection points, or perhaps it was checking a GMail account created by UltraReach that stores messages containing more IP addresses; I didn't reverse-engineer UltraSurf to find out. But even if this was UltraSurf's clever means of obtaining new IP addresses, the system still runs up against the same problem: Any IPs that can be connected to by the UltraSurf client, can also be ascertained by the attacker who watches UltraSurf to see where it connects to, and then blocks those IPs as well.)

Naturally I had mixed feelings about pointing this out publicly, since I agree with UltraReach's goal of providing unfiltered access to users in China and other censored countries. But this idea is sufficiently obvious, that I don't think anything is lost by demonstrating it. There may be programmers interested in creating even more programs to help users in censored countries, and it would be counterproductive for those programmers to believe that existing programs like UltraSurf "magically" evade the censors by using some complex algorithm to hide the IP addresses that they connect to. In fact, the program doesn't conceal the IP addresses that it connects to (how could it?), and it would be straightforward to design and build a new program that did roughly the same thing. We should give UltraReach credit for the right things: they made a tool that provides unfiltered access to millions of people, they made the tool small and easy to use, and they arranged with their partners to subsidize the unfiltered Internet connections at no expense to those end users (although see some caveats, which have been pointed out the Hal Roberts at the Berkman Center, about the price of this "free" access). But the one thing UltraReach did not do is find a way to get around the problem of an attacker installing the problem to see what IP addresses it connects to. That's not a criticism of UltraReach; this is presumably an impossible problem to solve.

(Side note about counter- and counter-counter-measures: If UltraReach does think that censoring countries might try harder to block UltraSurf at some point in the future, they should start releasing different versions of the product every month that use different sets of IP addresses. Release one version for September 2009 that uses one set of IP addresses, then another version in October 2009 that uses another set, and so on. Then if the censors decide in December 2009 to start seriously trying to block all UltraSurf IP addresses, they'll be able to find and block all the IP addresses used by the Dec09 version, just by installing a copy of the program and observing it. But, users who downloaded previous months' versions of the program will be able to continue using their copies. If the Chinese censors wanted to find and block the IP addresses used by preivous months' copies of UltraSurf, they would have to either (a) figure out how to distinguish UltraSurf traffic from other Internet traffic, not an easy thing since UltraSurf uses encrypted traffic on port 443, the same port used for encrypted Web traffic, or (b) obtain copies of the program that users had downloaded in previous months, which is no longer as trivial as simply observing the current version of the program. The more often UltraReach swaps out a new version of UltraSurf that connects to a new set of IP addresses, the harder it will be for the Chinese censors to find all the sets of IPs used by previously released versions. However, once the Chinese censors start trying seriously to block UltraSurf, even though the trick just described will allow previous downloaders of the program to continue surfing freely, all new users who download the program after that point, can be easily blocked -- because the Chinese censors can just watch how often a new version of UltraSurf is made available for download, and block the IPs used by that copy.)

But I think the fact that the Chinese have not done this reveals something usually overlooked about the nature of the anti-censorship arms race. The situation is frequently cast as a battle between the evil geniuses who run the government filters and the good geniuses who write the software to get around the filters, while the grateful citizens of the censored country are the beneficiaries. But if the government censors haven't even done some simple experiments like this in order to block UltraSurf, they must not think it's a high priority to stop the program from working. This in turn suggests that the number of people using UltraSurf in a country like China, while large in absolute numbers, don't constitute a large enough proportion of the population to worry the government. Presumably either the ideas leaking in through an unfiltered Internet are not reaching a large enough proportion of the population, or the ideas are not expected to take hold in enough people's minds to reach a tipping point that causes a problem for the ruling party.

It's not that the Chinese censors don't care about controlling the Internet and the effect that it has on their citizens' thinking. The Chinese have reported fielded a droid army of about 50,000 cubicle drones to help fight Internet propaganda battles, such as drowning out anti-government posts on public forums. Why would they spend such enormous efforts to generate forum posts, but not make the effort to find and block all UltraSurf IP addresses? Because the battlefront is about defaults. If the user tries to access a site and it's blocked, then only a tiny proportion will make a significant effort to circumvent the block. (The exception would be when an extremely popular site like YouTube is blocked; operators of Web proxy sites report that during these periods, they get so much traffic from Chinese users trying to view YouTube videos, that the servers often crash.) Similarly, if users see that 90% of the posts on a given forum are on one side of the issue, then they're more likely to think that's the majority viewpoint (whether they agree with it or not). Hence the usefulness of the army of 50,000 to invade forum threads. Defaults matter; would Internet Explorer have ever displaced Netscape's browser (kids, ask your parents) if it hadn't been the default browser in all versions of Windows?

So the moral for any would-be designers of new anti-Internet-censorship tools, is not to worry too much about whether there's a theoretical way (or even a practical way) that the censors could shut the tool down. UltraSurf became enormously popular without solving that problem, and perhaps another tool could as well.

Frequent Slashdot contributor Bennett Haselton writes with his take on a recent court decision about the rights of online commenters. "Although a court has ruled that the police can subpoena the identities of users who posted comments in a newspaper's blog, I think this is not as big of a threat to journalistic integrity as it might seem. And in any case when the judge ruled against the privacy rights of 'bloggers,' he didn't actually mean 'bloggers." Read on for the rest of Bennett's thoughts.

After writing that a Virginia court made an error in saying that spoofing an IP address in e-mail headers was analogous to using a "pseudonym," and that an Ontario court was wrong in saying that an IP address could be subpoenaed by a court because it was no more secret than personal information like a "home address," I think that the latest court ruling against online anonymity — an Illinois judge ordering a newspaper to reveal the identities of people who posted comments on its blog — is not as big of a threat to online privacy, and is not apparently based on any misconceptions about how the Internet works. However, the ruling has the potential to frighten bloggers more than necessary (as well as possibly set a bad precedent for future courts if they don't read the decision closely enough) because the ruling uses the word "bloggers" repeatedly to refer to what everyone else calls "blog commenters."

Police had asked the Alton Telegraph to reveal the identities of five people who had posted comments in the newspaper's blog which indicated they might have knowledge relevant to an ongoing murder investigation. The newspaper sued to avoid being forced to hand over the commenters' identities, saying that they were "news sources" protected under Illinois's newspaper shield law. Judge Richard Tognarelli ruled that blog commenters did not count as "sources" under the shield law, and allowed the police to go forward in obtaining the identity of two of the commenters, but denied the request to unmask three others, on the grounds that those commenters did not appear to have information relevant to the case.

To consider the relevant questions separately:

Is this legally correct?

Every time I raise a question like this, it provokes the ire of law students and lawyers who say that judges are the real experts on what is legally correct, and it's not appropriate for lay people to comment. As I never tire of saying, if judges are really "experts" in a sense that lay people are not, then it should be possible to put 10 judges in separate rooms, present them with the same facts of the same case, and have most of them independently come to the same conclusion about the correct answer, with a higher degree of accuracy than lay people would be able to reach the same conclusion. If this is not the case, then the judges are not playing the role of "experts" so much as "designated decision-makers," and it's perfectly fair for lay people to analyze whether the judges' reasoning appears correct.

In this case, the judge simply said that blog commenters are not news "sources" in the sense described by the law. The text of the shield law (735 ILCS 5/8-901) defines a "source" as "the person or means from or through which the news or information was obtained." Now, if you were to parse this super-literally, then the blog commenters could be considered "sources" because they are posting "information" which can be "obtained" by the reporters who later go back and read through the blog comments. But if you were to be that literal about it, then anybody who publishes "information" anywhere at all, including someone who posts a timetable of train departure times on their Web page, could be considered a "source" for information used by a reporter. Clearly the legislature did not intend for the term "source" to include all people who publish information anywhere under the sun (just because that information is technically available to reporters just like it's available to everyone else), or they would have said so. So it seems reasonable to assume that when the law refers to sources from whom reporters "obtain information," it refers to the way in which reporters normally obtain information in their role as reporters obtaining information from sources — that is, the source privately communicating with a reporter with some expectation of anonymity, hoping the reporter can use the information provided for research on a future story. Blog commenters do not fit that definition since (a) they are posting publicly, and (b) they are responding to a story that has already been written.

The judge also noted that the shield law is not absolute, and even for individuals who are considered "sources" under the law, their interest in maintaining anonymity has to be weighed against the importance of the information being sought. Judge Tognarelli wrote, "The Telegraph has an interest in protecting its online blogger's identities while the State has an interest in prosecuting someone who has allegedly murdered a child." That sounded to me like sarcasm on first reading, but actually I think he's just being logically rigorous.

So in this case, I think that you really could probably put 10 different judges in separate rooms and present them with the same facts and arguments, and have most of them (although probably not an overwhelming majority) come to the same conclusion. On the other hand, I would bet that you could ask 10 reasonably smart lay people to analyze the case, and about the same proportion of them would come to the same conclusion as well.

Is this logically correct?

By that I mean, could the arguments made in this ruling be extended to a conclusion that is clearly absurd?

Sometimes a ruling can be apparently in line with the law, but would have implications that would be absurd if carried only one step further. For example, in one of my spam cases in Small Claims court where I brought a case on behalf of Peacefire as a Washington corporation that I owned, a judge ruled that I couldn't represent Peacefire because the corporation was a separate legal entity. This would seem to be in line with the legal principle that only lawyers who are licensed to practice law are allowed to represent entities other than themselves; non-lawyers can only represent themselves. But carried one step further, the same principle leads to a conclusion that makes no sense: If corporations cannot be represented in Small Claims court by their owners, then since lawyers are not allowed in Small Claims court either, the logical conclusion would be that corporations cannot be represented by anybody in Small Claims court. By that logic, I (as an individual) could sue a corporation for any reason, and since nobody would be allowed to defend the case, I would have to win by default! Since that conclusion is obviously absurd, at least one of those two rules (the rule against lawyers in Small Claims, or the rule against people in Small Claims representing entities other than themselves) would have to be relaxed, and in the interests of keeping costs down, it makes more sense to let individuals represent corporations that they own. This is probably why every other judge so far has made the opposite ruling, that I am allowed to represent a corporation in Small Claims court if I'm the owner.

Does Judge Tognarelli's ruling lead to any absurd conclusions? I don't think so. In fact, the opposite conclusion could have led to an absurd result, if the judge had ruled that commenters posting on the newspaper's blog could seek protection as "news sources." If blog commenters were protected for comments they posted on the newspaper's blog, why shouldn't they be protected for comments they post on their own Web site somewhere else, since the two situations are logically equivalent? In both cases, you're speaking to the entire world, not providing information privately to a reporter. By extension, anybody who says anything, anywhere, at any time, would be protected as a "news source" if a reporter could later find a record of what that person said. While there are possibly merits to that idea — that all anonymous speakers should be protected from being unmasked — it's clearly not what the legislature meant, since they were legislating protection for "sources," not "everybody."

When the judge said "bloggers," did he mean "bloggers"?

No. This is the biggest flaw in what otherwise appears to be a logically and technically literate ruling: The court repeatedly used "bloggers" to refer to blog commenters:

"The subpoena seeks identifying information for bloggers who voluntarily left comments on the website..."

"Here, it is clear that the 'reporter' did not use any information from the bloggers..."

"The Telegraph has an interest in protecting its online blogger's identities..."

That's fine as long as everybody understands what the judge really meant. However, if an actual blogger — one who publishes quasi-news articles on a blog and could be considered a reporter in the traditional sense — ever has to use the court system to protect their identity from being unmasked, there is a danger that a court could cite the current case as precedent and say that "bloggers don't count as news sources." I would hope that a future court would read the current decision carefully enough to realize that it refers to blog commenters and not actual bloggers, but there's no guarantee.

Is this bad for civil liberties?

It depends. I think that all the court really said was that while bona fide news sources are protected under the shield law, the shield law does not apply to all people who post public information that might potentially be used for a news story someday. That was already the de facto legal situation that most of us were in — if you post something in a public forum that makes the police think you have information that could be relevant to the prosecution of a crime, they can probably get a court to unmask your identity with a subpoena.

It may be tempting to think that courts should interpret the shield law more broadly, but be careful what you wish for — if the shield law got diluted to the point where it applied to everybody, then that increases the chances that courts would carve out more exceptions to it or the legislature would rescind it, since neither the courts nor the legislature generally think that everybody deserves legally guaranteed anonymity all of the time.

If you do think that everybody — or, at least, you — deserves guaranteed anonymity for online postings, you can use tools like Tor to make your identity completely untraceable. I would guess that none of the blog commenters in this case went to that trouble.

In fact, one of the two commenters whose identity was ordered unmasked by the court, used the handle "mrssully." What if that turns out to be a woman whose last name is Sully, and who could have been trivially identified if the police had called the murder defendants' friends and acquaintances and asked, "Hey, who do you think 'Mrs. Sully' is?" The court ruling said that "the Sheriff's Office contacted 117 different individuals regarding the incident" and that "it would be a very expensive and a 'monumental task' to re-interview all of those witnesses." To re-interview all of them, yes. But it would not be a monumental task to have a junior member of the police force call up each of the 117 phone numbers for the witnesses and leave a message saying, "Hey, do you know a 'Mrs. Sully' who is connected to the defendant?" If someone calls back and says Yes, then maybe you've found who you're looking for; if not, then you've only wasted about two hours trying (at sixty seconds per phone number), so go ahead with the subpoena. If it turns out that "Mrs. Sully" is someone who could have been found in this way, then as a taxpayer and as someone who supports law enforcement at least insofar as they're conducting murder investigations, I might reasonably ask why the police didn't do that first.

Afforess writes "'Proxy servers are an everyday part of Internet surfing. But using one in a crime could soon lead to more time in the clink,' reports the Associated Press. The new federal rules would make the use of proxy servers count as 'sophistication' in a crime, leading to 25% longer jail sentences. Privacy advocates complain this will disincentivize privacy and anonymity online. '[The government is telling people] ... if you take normal steps to protect your privacy, we're going to view you as a more sophisticated criminal,' writes the Center for Democracy and Technology. Others fear this may lead to 'cruel and unusual punishments' as Internet and cell phone providers often use proxies without users' knowledge to reroute Internet traffic. This may also ultimately harm corporations when employees abuse VPN's, as they too are counted as a 'proxy' in the new legislation. TOR, a common Internet anonymizer, is also targeted in the new legislation. Some analysts believe this legislation is an effort to stop leaked US Government information from reaching outside sources, such as Wikileaks. The legislation (PDF, the proposed amendment is on pages 5-15) will be voted on by the United States Sentencing Commission on April 15, and is set to take effect on November 1st. The EFF has already urged the Commission to reject the amendment."

Frequent Slashdot contributor Bennett Haselton comments on a breaking news story out of the Canadian courts: "An Ontario Superior Court Justice has ruled that Canadian police can obtain the identities of Internet users without a warrant, writing that there is 'no reasonable expectation of privacy' for a user's online identity, and drawing the analogy that 'One's name and address or the name and address of your spouse are not biographical information one expects would be kept private from the state.' But why in the world is it valid to compare an IP address with a street address in the phone book?" Read on for Bennett's analysis.
Last October I wrote about a the Virginia Supreme court's ruling that forged IP addresses in spam headers were constitutionally protected, because they were necessary to protect anonymous speech. I said that misconstrued facts about IP addresses for two main reasons: (a) there are protocols for secure anonymous speech on the Internet, so it's not true that forged IP addresses are "necessary"; (b) forging your IP in mail headers doesn't actually hide the sender's real IP anyway. Now an Ontario Superior Court Justice has ruled that IP addresses are no more private than "[o]ne's name and address or the name and address of your spouse", suggesting another instance where a court may not have realized the implications of how IP addresses work.

In the current case, Canadian police had determined the IP address of a user allegedly accessing child pornography, and faxed the ISP a request for the user's identifying information, which the ISP provided, without a warrant. The defendant had argued that the evidence should be in admissible because the police should have been required to obtain a warrant first, but Justice Lynne Leitch rejected that argument, drawing an analogy to the public listings in a phone book and writing, "One's name and address or the name and address of your spouse are not biographical information one expects would be kept private from the state."

Even if the court had ruled that the evidence were inadmissible, that doesn't mean the police couldn't have caught this defendant if they'd followed the warrant procedure from the beginning — if the police had evidence that the user was accessing child pornography, presumably they could have gotten a warrant if they'd asked for one. So excluding this evidence probably would have only set a precedent that defendants would occasionally get off because of procedural screw-ups (similar to police forgetting to read a defendant his Miranda rights), not that huge numbers of child pornographers would have now been able to evade police, because the police could usually get a warrant in cases where they had evidence against them. What is troubling is the analogy that the court drew between IP addresses and "one's name and address".

Unlike the statements made by the Virginia Supreme Court, this may not be a case of getting technical facts wrong about IP addresses, but logical errors in the analogy, namely: (a) concluding that two things are similar when they are perceived differently, when perceptions are what the case is about, and (b) not following the premise through to its logical conclusion, which would be absurd, showing the premise is wrong in the first place.

Consider that the court drew the analogy to name and address information that can be found in the phone book, and wrote, "One's name and address or the name and address of your spouse are not biographical information one expects would be kept private from the state." But then why would one draw any link between that, and information about the user's identity behind their IP address? The only similarity is that both pieces of information are "information about someone". But if you're trying to determine whether a user has a "reasonable expectation of privacy" for their identity online, the whole point is that it's not like a street address in the phone book — users do expect that their identity cannot be discovered by someone who knows their IP address, at least not without subpoenaing their ISP. When asking whether users have a "reasonable expectation of privacy" for a given type of information, if you parse that sentence literally, there are only two questions: (1) Do users have an expectation of privacy for that information, and (2) Is it reasonable? To determine if users have an expectation of privacy for something, you just ask them: Do you? You don't need to draw analogies to anything else — either users expect privacy (because of the analogies or the reasoning going on their own heads) or they don't. The remaining question is whether their expectation is reasonable, and it seems absurd to say that a user's expectation of privacy for their identity online (at least until a court issues a warrant) is "unreasonable".

Suppose a security company were to discover an exploit in Internet Explorer that could reveal your real name (as entered in your personal computer's Control Panel settings at setup time) to any Web site that you visited. This would be big news and would warrant Microsoft issuing a critical patch to fix the problem — because users expect that this information should not be available to a remote Web site, even though the Web site that they're visiting can of course see their IP address. And most would agree that this is a "reasonable" expectation.

On the other hand, try following the judges' ruling through to the end — if information about the user's real identity behind their IP address is not considered private, than what is? Justice Leitch stated that an address in the phone book and an IP address are both "biographical information" and hence that the analogy was proper. But by the same logic, virtually any fact that a company has on file about you would constitute "biographical information" just by virtue of the tautology that it's a fact about you, and so this would become meaningless as a standard by which to determine what facts should be kept secret from police without a warrant.

This line of argument raises two larger issues. First, this will have already provoked the ire of people with legally training, who are asking, "Who are you to disagree with a Superior Court Justice? Did you go to law school? Did you clerk with a judge?" The proper response to this is: If you're invoking your credentials to support a statement, then if I were to randomly poll 10 people with the same credentials, would at least 8 of them agree with you? If the answer to that question is No, then there's no point in bringing up credentials, because there is no strong majority of people with those credentials who agree on any particular to answer to that question, so it cannot be true that a strong majority agree on the "correct" answer to the question. The story about this case quotes Professor James Stribopoulos at the Osgoode Hall Law School in Toronto, as disagreeing with the judges' conclusion, for example: "It is not just your name, it is your whole Internet surfing history. Up until now, there was privacy. An IP address is not your name, it is a 10-digit number. A lot more people would be apprehensive if they knew their name was being left everywhere they went." If credentialed users are randomly divided on what the answer is, then that cannot be used as a guide to what the rest of us laypeople should think, because how do we know which group to side with? We have to rely on generic reasoning — looking for logical mis-steps in a judge's argument, or looking for premises that would be absurd if they were carried to their logical conclusion. If you're going to tell me that my reasoning is wrong, then mentioning a degree in mathematics or the hard sciences is just as relevant, if not more so, than mentioning a law degree — but in either case the logical argument should be evaluated on its merits, regardless of a person's "credentials". People who do well on those Martin Gardner brainteasers should be encouraged to take part in these debates.

Second, there is the question of whether such logical errors (if you accept the premise that the court made a logical error in drawing an analogy between IP addresses and street addresses in the phone book) could be avoided if the courts took a different approach to answering these questions. In the October article about the Virginia Supreme Court's ruling on IP addresses, I suggested that a judge could have avoided the technical mis-statement in the ruling if they had just convened some Internet technology experts in their courtroom and said, "Here's my reasoning so far. Is any part of it wrong on the technical facts? I'm not promising to change my mind in response to anyone's objections. But just tell me if you think some part of it is wrong." A large number of people e-mailed me objections that all boiled down to, "That's not how judges do things", or suggesting that I didn't know that because I'd ventured outside my own area of expertise.

Hello! I know that's not how judges do things, that was my point: that they might avoid certain types of errors if they did try it. On the other hand, just because a particular practice by a judge might have avoided one type of error, that doesn't mean it's a good idea. If the judge had tested their theory about IP addresses and street addresses by posting it on a message board somewhere and asking for feedback, that might have helped to avoid the particular mis-statements that they made about IP addresses in that case, but would that be a good idea generally? Almost certainly not — because users responding to the judge's request for help would not be under oath, so they'd be free to try and confuse the issue with lies to support whatever outcome they wanted for the case. That would be bad enough if it were a one-time case where a judge solicited feedback for their reasoning on a message board. If it became a regular practice by judges, and people knew in advance that judges were likely to solicit public feedback on their arguments before making their rulings official, then all parties with an agenda would have misinformation campaigns gearing up in advance to fool judges whenever possible.

That's why I suggested that you'd have the best of both worlds if the judges presented their argument first to experts in court, who were testifying under oath. This would present a opportunity for experts to spot any factual errors or what they consider to be logical mis-steps that the judge can then take into consideration. At the same time, because the experts are testifying under oath, they can't lie outright to try and trick the judge into basing their ruling on wrong information. (Of course, this depends on the court system's willingness to prosecute experts and other witnesses if they lie under oath. If the courts don't bother, then there's not much point in swearing in the experts before they testify anyway.)

So: an interesting counterargument would be: What is an example of a problem (a situation where a judge could be led to the wrong conclusion, or where a third party would have new incentives to spread false information) that would be created by judges running their opinions past experts who are assembled in their courtroom, that does not already exist under the current system? I can't immediately think of any, but some more imaginative people might be able to. I don't think it would be valid to say, for example, that this creates an incentive for biased experts to try and mislead the judge without technically lying — because biased experts in court already try and mislead the judge anyway, even without a "final round" where the judge asks what they think. But that's the form that an interesting argument would take. Not "I went to law school and that's not how we do stuff."

Meanwhile, regular users can use Tor and similar programs if they want their anonymity to be securely protected online. Tor can securely protect your identity from anyone, with or without a warrant. At least 8 out of 10 computer experts would agree; otherwise I wouldn't say that.

Frequent Slashdot contributor Bennett Haselton writes "The Virginia Supreme Court has ruled that the state's anti-spam law, which prohibits the sending of bulk e-mail using falsified or forged headers, violates the First Amendment because it also applies to non-commercial political or religious speech. I agree that an anti-spam law should not outlaw anonymous non-commercial speech. But the decision contains statements about IP addresses, domain names, and anonymity that are rather basically wrong, and which may enable the state to win on appeal. The two basic errors are: concluding that anonymous speech on the Internet requires forged headers or other falsified information (and therefore that a ban on forged headers is an unconstitutional ban on anonymous speech), and assuming that use of forged headers actually does conceal the IP address that the message was sent from, which it does not." Click that magical little link below to read the rest of his story.
The first 20 pages of the decision, which are all about legal standing, jurisdiction, and overbreadth, made my eyes glaze over. I'm not analyzing those at all except to point out that on most of those issues, the lower court came to exactly the opposite conclusion from that of the Virginia Supreme Court, and there is no reason to think that the higher court is any more likely to be "correct" than the lower court (even granting the assumption that there is an objectively "correct" answer to these questions). Any time you feel intimidated by "experts," it's helpful to step back and ask whether the alleged experts even agree with each other.

Page 21 is where the technical stuff starts that we can tear apart directly. The decision says, in talking about the transmission of e-mail:

The IP address and domain name do not directly identify the sender, but if the IP address or domain name is acquired from a registering organization, a database search of the address or domain name can eventually lead to the contact information on file with the registration organizations. A sender's IP address or domain name which is not registered will not prevent the transmission of the e-mail; however, the identity of the sender may not be discoverable through a database search and use of registration contact information.

These are statements that are only true if you play some kind of parlor game to find a way to read them as "true," not statements that indicate the court knew what was going on. To review: IP addresses in the U.S. are generally allocated by ARIN in blocks to Internet service providers and Web hosting companies; these companies then lease the IP addresses to their customers. You can look up an IP address with ARIN to determine which ISP or hosting company has been assigned that particular block, but the ISP or hosting company generally won't tell you the identity of their customer who has leased it from them. And anybody can register a domain, but most domain registrars give you the option of registering the domain anonymously, so that only the registrar knows the owner's true identity. So the court's statement that a database search "can eventually lead" to contact information is correct only if you clarify that it "can" lead there, but it usually won't. As a finding of fact, this is 100% true, and about as useful as "Obama might win in November. Or he might not."

But it's impossible to defend what the court says next:

As shown by the record, because e-mail transmission protocol requires entry of an IP address and domain name for the sender, the only way such a speaker can publish an anonymous e-mail is to enter a false IP address or domain name. Therefore ... registered IP addresses and domain names discoverable through searchable data bases and registration documents "necessarily result[] in a surrender of [the speaker's] anonymity."

Now, there are two possible definitions of "anonymity" to consider: (1) you can be anonymous to the extent that ordinary citizens reading your content cannot determine your identity without a subpoena; or (2) you can be anonymous to the extent that even the government, armed with subpoenas and wiretaps, can never find out who you are. But under either interpretation of the word, the court's statement that "the only way such a speaker can publish an anonymous e-mail is to enter a false IP address or domain name," is wrong.

By default, almost all Internet users are already anonymous in the first sense, even without using forged headers or other tricks in their e-mails. When you send e-mail through your own Internet service provider's mail server, or when you log on to Hotmail and send messages from a Hotmail account, or when you lease a dedicated server from a Web hosting company and use it to send mails, the messages don't contain any more information about your true identity than you decide to put in them. Only the government could ordinarily discover your identity in those cases, by looking at the IP address that the message was sent from, and subpoenaing the Internet service provider or hosting company for the identity of the person using that IP address at that time.

But there are even ways to be anonymous in the second sense -- such that not even the government could identify you -- without resorting to forged e-mail headers. You can create Hotmail and Gmail accounts without giving the providers any of your true information. When you send messages through those services, they pass along the IP address that you used to connect to their Web sites, but you can obscure your IP address as well, by using an anonymizing proxy or a service like Tor.

Elsewhere in their decision, the court indicated that what they really wanted to protect was the right to send anonymous bulk e-mails that were political or otherwise non-commercial. But even by that standard, it's still possible to use Hotmail and Gmail together with an anonymizing proxy (the mail services do impose limits on how many messages each account can send in a day, but if you want to send bulk mails badly enough, you can always sign up for multiple accounts). And if you only care about staying beyond the reach of U.S. subpoena power, you can always sign up for a dedicated host overseas and send the bulk mails from there.

Apart from the court's misstatement that forged headers are the only way to publish anonymously in e-mail, there is the incorrect presumption that forged headers actually do afford anonymity in either of the senses given above. The court wrote, "[T]he only way such a speaker can publish an anonymous e-mail is to enter a false IP address or domain name." But while it is possible to enter any domain you want in your return e-mail address when you send an e-mail, the court apparently didn't know what it was talking about when it referred to "entering a false IP address." You can't just "enter" any arbitrary IP address when sending an e-mail. If user@domain name.com receives an e-mail, the mail server at domain name.com has to receive the message over a connection made from some other machine, and the domain name.com mail server can always see the IP address of the machine on the other end of the connection. Normally, this machine on the other end would be the mail server of the sender's Internet service provider. Or if the sender has leased a dedicated machine at a hosting company, that dedicated machine would be the one connecting to the domain name.com mail server. Some desktop spamming programs let you turn your home computer into the sending mail server, so that it connects directly with the remote mail server to send the message. In all of these cases, the receiving mail server can see the IP address of the sending machine, so a government subpoena would usually be enough to determine the sender's identity. (I know you all know this, but I have delusions that some helpful clerk will print out this article and explain this to the judge.)

When spammers "enter" false IP addresses in sending mails, that usually means entering made-up IP addresses in headers that are sent along with the contents of the message. However, these would normally only have the effect of throwing someone off the trail who opened the message sent to user@domain name.com and was reading the headers manually. Perhaps they would see some random IP addresses scattered in the headers, would go to ARIN and look up the hosting company or ISP that those IP addresses were assigned to, and would mistakenly file a complaint with that company. But the domain name.com server can always see the true IP address that the message was received from, and for people who know how to read the headers properly, that IP address will be indicated in the headers as the address that connected to the domain name.com mail server to send the mail.

So the court's statement that "the only way such a speaker can publish an anonymous e-mail is to enter a false IP address or domain name" is doubly wrong: because it's easy to send e-mails anonymously without using forged headers, and because forged headers do not in fact provide the level of anonymity that the court said should be protected anyway. The only way to truly obscure your identity by hijacking a third-party IP address without permission, would be to hack into a third party's computer, by infecting a user's home computer with a Trojan horse for example, and using it to send mail. Presumably the court was not contemplating that such an activity should be considered legal, even as a means of sending political speech.

It would presumably be unconstitutional for an anti-spam law to prohibit anonymous political e-mails which attempted to hide the sender's identity -- that is after all what "anonymous" means! You couldn't pass a law outlawing Tor, for example. But the Virginia law doesn't apply to senders merely trying to hide their identity, it applies only to the use of computers "to falsify or forge electronic mail transmission information or other routing information in any manner in connection with the transmission of unsolicited bulk electronic mail" (emphasis added). There is a difference between obscuring one's identity (which Tor and anonymous remailers allow you to do), and actively trying to frame an existing third party by using forged headers to make the mail appear that it came from somewhere else, especially when sending bulk mail, which is likely to generate complaints whether it's commercial or not.

By contrast, the Washington anti-spam law prohibits any mail which "misrepresents or obscures" the origin of the message (emphasis added). This is broader and could be construed to include a wider range of things, such as the use of overseas IP addresses to send bulk mail on behalf of a U.S. company, or the use of anonymously registered domains to hide the sender's identity. It would probably be unconstitutional to prohibit these obscuring techniques for non-commercial anonymous e-mail, which is why the Washington law specifically applies only to commercial messages.

But here I'm getting into issues like constitutional law where different experts might disagree. The clear-cut technical fact is that, contrary to the court's ruling, forged e-mail headers do not provide true anonymity when sending mail, whereas there are other, legal, ways of sending mail that do make the sender truly anonymous.

What is frustrating about the court's misstatements about IP addresses, domain names, and anonymity, is that the judge is obviously intelligent and could have understood the concepts if they had been explained correctly to him. I held some misconceptions for a long time myself about domain names and IP addresses, because the first explanations I read were incomplete or wrong, or I didn't understand them. But the mistakes in the ruling would have been caught if the judge had just showed a draft to an Internet guru and said, "Hey, can you check if there's anything wrong here?" I know, I know, that's "just not done" (and there are probably formal rules in most states against showing a draft of a ruling to a third party before publishing it, even if the third party reviewer is sworn to secrecy, as they should be). But there's nothing stopping the judge from asking a technical expert during the trial, "It seems to me that the only way to publish anonymously on the Internet would be to use forged headers in e-mail. Can you tell me if that's right before I go too far down that line of reasoning?"

I've appeared before judges in Small Claims court who did ask questions about any part of the technical issues that they wanted to understand, and were even willing to revise some prior misconceptions. But all of them, even the open-minded ones, proceed by gathering information during the trial, and then in the conclusion, spell out their argument and their ruling (during which time you're not allowed to interrupt), which is then set in stone unless you appeal. I've never seen a judge say, "Here's the line of reasoning in my head right now, and my tentative conclusion. Is there anything in that chain of reasoning that you want to dispute, before I make it final? I am not promising to change my mind just because you disagree with something. But I will take it into account." This is essentially what scientists do when they submit their papers for peer review before publishing them, to minimize the chance of making an error. Judges could do the same thing -- if not formally, because they're not allowed to show opinions to third parties, then at least informally, by running their ideas past the experts assembled in their courtroom -- to reduce the chance of making a mistake. But have you ever heard of a judge doing that?

The Virginia judges probably did about as well as one could be expected to do, having learned all these technical terms only recently, and then withdrawing to their chambers to form an argument without any feedback from any technical experts. So, given the technical howlers that ended up in the ruling, the moral is that forming an argument in isolation from experts is probably not the right way to go about it.

An anonymous reader writes "A group of researchers from the University of Colorado and University of Washington could face both civil and criminal penalties for a research project (PDF) in which they snooped on users of the Tor anonymous proxy network. Should federal prosecutors take interest in the project, the researchers could also face up to 5 years in jail for violating the Wiretap Act. The researchers neither sought legal review of the project nor ran it past their Institutional Review Board. The Electronic Frontier Foundation, which has written a legal guide for Tor admins, strongly advises against any sort of network monitoring."