Slashdot Mirror
Cult of the Dead Cow Going P2P?
An Anonymous reader writes "The BBC is reporting that cDc is releasing a new Peekabooty software in July which will defeat totalitarian governments and law enforcement from their current monitoring efforts. The article states: 'A group of hackers are developing a web browser that it claims will make it easier for people to circumvent censorship and avoid the attentions of law enforcers.
The software, which is due to be unveiled in July, uses a combination of encryption and a Gnutella-like network...'" CDC of course is famous for tools like Back Orifice, which is mostly controversial because its a perfectly legit admin tool with a really scary sounding name, and the fact that countless crackers use it. This is just another P2P tool, but these guys have a history of making waves, so it'll be interesting to see what happens.
This is one particular case where platform agnosticism is crucial.
Does Peekabooty run on Windows/MacOS/Linux/*BSD/BeOS/etc?
Is the source available? Can we port it quickly?
I'll be interested to see their launch of this tool at Defcon this year...
; -- the corruption of government starts with its secrets. a truly free people keep no secrets. --
While I hope that Peekabooty becomes a useable tamper/monitor resistant network, I wish the cDc had focused on some of the more challenging problems facing peer based networks.
There are already a number of secure information sharing networks, like Freenet, Publius, Anonymizer, etc, etc...
The problem with these networks, and probably a majority of the net is locating the content you want in the first place.
They do not mention any details on the discovery mechanism Peekabooty uses, so perhaps they have covered this base as well, but I doubt it.
Napster, which is great for locating content, is quickly dying a painfull death. Gnutella and Freenet, which are more legally resistant are no where near as effective at locating content.
Gnutella is especially inefficient at this task, so I hope Peekabooty is not modeled after the Gnutella style discovery method.
At any rate, I wish a lot of the focus of peer based projects would shift from simply being Peer to Peer!!! into specific implementations of peer based functionality, like resource discovery, content transfer, etc.
There was a paper written recently (http://www.darkridge.com/~jpr5/doc/gnutella.html) that details why Gnutella cannot scale well.
Many users (such as myself) with nice fast connections have bandwidth limits per month after which we start to pay. The moment the cable|dsl bill comes in the mail, little Billy's parents will be cutting off the broadband.
It's a great idea, but in practice it's popularity may be it's downfall.
grubbyTrolling is a art,
I don't necessarily think that cDc's implementation of the whoopass-crypto laden needle-in-haystack p2p app is any better or worse than the others could be. Back Orifice isn't the best of it's kind.
Currently, freenet's the 500lb gorilla of these. Crowds is cool. Hell, bolt some new host discovery tools on gnutella and use stunnel, that should be fun.
Currently the landscape has 3 variables. Encryption to hide what's being said, neat discovery protocols to hide who's serving, and transport protocols to hide who's requesting/recieving. Combined, the protocols can serve to counter traffic analysis attacks.
These things have already been thought out. It's some pretty nifty math. But all the implementations of this scheme have some fundamental weaknesses (theory/practice all over again).
The first is assuming that people will actually use them. I seriuosly doubt many people outside the geek, IP and gov community even know about freenet, crowds or such nifty things. If only a few people are using it, then they are automatically suspect, and can be attacked in other ways (tempest, wiretaps, room bugs), thus defeating the scheme.
The second is the number of apps/protocols doing this. Name 4 version 1.0, ready for prime time implementations that have been deployed widespread for consumer use...thought so. For a repressive gov or corp, it's like playing whack-a-mole with only 1 hole for the mole to pop out of.
This is where cDc comes in. The fact that the people who keep the closest eye on this kind of thing (us) heard about it from BBC says a lot. This is going to be all over the tv news. Everybody's going to know about this. Where freenet and crowds work on integrity and discovery of information, the mere idea that cDc is working on this increases the availability of the information to the defensive player. This is done through manipulation of open information sources. Brilliant.
As a result, the others who've been working on this for a while are going to become more motivated to work on their apps so that cDc doesn't steal their fire. How would you feel if you did all the basic research for this, spent years developing it, and then a bunch of drugged out, ascii art typin' wierdo's pulled the rug out from under you? I think cDc's app is going to make it so the whack-a-mole game is a whole lot more difficult. There will be more than one app/protocol simply because all the current projects will get more attention. For example: look at the current p2p landscape post napster smack-down. The other protocols are doing quite well. I would say to the effect that even though judge Patel ruled in favor of RIAA, p2p won. Thank you, RIAA, for enforcing a move away from cruft. Now we are more able to thwart you.
I don't know what cDc's app will be like, but I do know that as a platonic perfect object, it's going to be a resounding success by filling in a lot of the weaknesses of the practice of encrypted p2p. With Freenet and Crowds having worked out the theory.
Yay cDc!
"Let him go, Ralph. He knows what he's doing." --Otto Mann (simpsons)
...but not because it's revolutionary, new, or even somehow an impressive technical achievement (or achievement to be). It's important because cDc has the ability to make a statement that will be heard net-wide. It's importance is of a political nature.
I believe that that's what the folks over at the freenet project are attempting to do.
No thanks. I don't smoke anymore.
I wish cDc would just go back to writing stories about Debbie Gibson fighting ninjas. Stick to what you're good at.
So now, almost a year after the P2P bandwagon got started, and only a few weeks after Sun removed any doubts that it was, in fact, a bandwagon by jumping on and promptly falling off
Just think about the possibilities! This could be as big as Push technology and Portal sites!
NO CARRIER
One that would be much harder to filter ... and harder to regulate ...?
I could see this doing wonders for many large countries like China ...
makes you wonder
This could be done very much like Crowds, which is also an online privacy tool. It seems to be closed source though, so I havn't tried it. I predict the following extra features in the CDC program:
1) Strong encryption, ideally masquerading as SSL, to stop it being too easily blockable. Or better sill, MSN Messenger format messages.
2) Open source, and availiable on all platforms.
3) Something to allow all your HTTP traffic to be routed through the same machine for one session, so it is possible to access sites like Hotmail that forward you about a lot, and check your IP address.
4) More cow pictures.
Michael
"Goodness me, how unlike the FBI to abuse the trust of the American public." -- The Onion
Stop totalitarian governments? I'm all for freedom of speech; i.e. expressing ideas, criticizing government, etc., but governments that repress this are certain to outlaw this browser. As for the U.S., etc, do we really need more tools to help people hide things like child porn?
Donate background CPU time to fight cancer.
- an ISP can't possibly feel itself justified in shutting down anyone shoving gigabits through the Gnutella port (you've already heard about this probably...), and
- so the Government can't try to stop Gnutella (company?) from distributing Gnutella software (it wouldn't matter if it did: Gnutella's already out there and since it's P2P the government can't do anything to get gnutella company to shut down the service, but:)
- Or worse, to try to go after the users and to make it illegal to use gnutella! (Which isn't so farfetched...)
The government or RIAA can say today, "Look, there's no justification for using gnutella since it's basically only used for piracy, so anyone that's shoving data over it has every reason to be denied that right."But if we could say: "Uh, actually, it's just a distributed internet surfing system with encryption, which also happens to work as file-sharing as part of its distribution scheme, since it doesn't differentiate between html documents and binary documents, which isn't a meaningful distinction anyway since you can MIME encode anything into html if you want,"
THEN the government will be forced to say: "well hot-damn. We can't have ISPs shutting down distributed information sharing, which is the only thing WEB-SURFING can be construed as, since it would be a denial of freedom of speech (denial of right to know. Freeedom of speech, although IANAL, only is a meaningful right as long as those who want to listen to you have the right to listen to you.)
There's little the Government or any ISP could say against "It must be encrypted so that the information becomes available to users under a totalitarian regime. It must be distributed so that that regime cannot shut down a web server and cause the source of the information to cease."
The upshot: the government, your ISP, the RIAA, etc, etc, will have NO way of keeping the ENCRYPTED, DISTRIBUTED, "stuff" that you share from happening to be pirated. They can shut down Gnutella of today to some extent by making the software illegal to own, since they would be fairly justified in saying that it is used almost exclusively for illegal purposes. If you started doing web surfing over it, there is no such argument.
For this reason alone, all of us should start doing all of our surfing through this new system as soon as it's featurey enough.
Besides, at the very least, if we started doing that, then whatever we do websurf will be hidden from our ISP by being encrypted, and documents will probably come over much faster under a distributed system. Well, static documents would at least. Maybe this system would also serve to route you around faster, mimicking IPV6, so we could still do better to use it than surf straight. There's no limit to how much good we could get from doing all of our surfing through a distributed, encrypted system, and since the fact that it would make piracy easy is an inherent but small side-effect, it would mean that no one could stop it.
Long Live the Freeedom to Rip Artists Off!
(Which I happen to disagree with, but to a far less extent than I do with the RIAA's trying to force us not to share our files. If artists included an address to send money to in the extended descriptions fields of their MP3's [yes, artists should distribute their own mp3s], I know that I for one would take advantage of it and give them their due. As it is, it's far too much trouble and far too much of what I would pay would go straight to the record industry's pocket. That reminds me of a joke, which is actually a good analogy for why we share name-brand artists instead of no-name artists, even though name-brand artists are being whored out by the record industry.)
~
Does that mean they are implementing something like crowds? I just hope they do it right, because making anonymity work is a bit more complex than just shipping stuff through a bunch of intermediaries.