Peek-a-Boo

Anemophilous Coward writes "Tom's Hardware has a story detailing cDc's new anonymity app, just demonstrated Sunday. Peek-A-Booty is designed to let surfers access sites blocked by government restrictions, and is essentially, a distributed proxy network. It uses a peer-to-peer model, masking the identity of each node. This means the user can route around censorship that blocks citizens' access to specific IP addresses, because the censor doesn't know they're going there. There is also a website dedicated to the project."

Easier way?

[Peyna]

Isn't there a much easier way to do this? I know a lot of people that have simple proxies set up on an address that they know isn't blocked, then you can access everything you need to through them. (HTTP at least). Very simple solution to the problem.

Aside - I first read cDc as 'Center for Disease Control', heh, sure changed the article.

Re:Easier way?

[Cuthalion]

To Peek-A-Booty developers: ever thought of creating a distributed document caching scheme for your anonymous proxy system, sounds like an idea.

That ends up sounding very similar to Freenet.

Good for some, nightmare for others

[Dark+Paladin]

I can see both the good and bad of this application.

On the good side: China. Folks over there who have to deal with the gigantic "Firewall O' Death" (also known as the "Damn it, Communism works so stop reading about how it doesn't" Firewall) can possibly use this tool to get to the outside information they need to keep spreadin' the news that "Information good."

On the other side, as a Security Manager in a bank who's sometimes asked to go find out if person XYZ has been accessing nakedhairyeyebrowedcheerleaders.com, I can see how this utility might make it impossible for me to do my job.

So I've got mixed feelings on this utility.

Re:Good for some, nightmare for others

[base3]

On the other side, as a Security Manager in a bank who's sometimes asked to go find out if person XYZ has been accessing nakedhairyeyebrowedcheerleaders.com

What exactly does that have to do with security? Doesn't a "security manager" have anything better to do? If anything, be concerned because it's an encrypted channel for information to move in an out, not that someone might <gasp> be doing some personal surfing on the job</gasp>.

If these sorts of applications make it harder for security "managers" to play Network nazi (small 'n'--Godwin's law does no apply here), that that is an added benefit, so far as I see.

Re:Good for some, nightmare for others

[Rupert]

Where I work they have the drones' boxen locked down so they can't change their proxy settings. Thus PeekaBooty is not a problem.

The more inspired drones have installed Opera, which doesn't require administrator access to install in Windows. They could presumably use PB. They're a small minority, though.

Re:Good for some, nightmare for others

[cat_jesus]

On the other side, as a Security Manager in a bank who's sometimes asked to go find out if person XYZ has been accessing nakedhairyeyebrowedcheerleaders.com, I can see how this utility might make it impossible for me to do my job.

Here's a novel idea. How about monitoring employess productivity instead. I could care less if my employees look at porn as long as no one complains and the work gets done. As soon as one of those two criteria change, then I get involved.

Cat

Re:Good for some, nightmare for others

[mosch]

As a security manager, you should learn how to lock down the computers that the users are using, thus preventing the installation and deployment of this utility.

Additionally, your security policy should have language forbidding the use of non-authorized software, thus making the use of said software a fireable offense.

Re:Good for some, nightmare for others

[shut_up_man]

Dude, you're such a tease... nakedhairyeyebrowedcheerleaders.com doesn't even exist!

And here I was getting all excited...

Re:Good for some, nightmare for others

[Rupert]

Why would I want them fired? I'm not the admin.

Re:Good for some, nightmare for others

[Rogerborg]

• On the good side: China [...] to keep spreadin' the news that "Information good."

Er, good side: USA. To find DeCSS or similar tools without fear of prosecution, for example, or to keep spreadin' the news that "Censorship bad, even when it's done by a (heh) democratically (heh heh) elected (heh heh heh) administration."

• as a Security Manager in a bank who's sometimes asked to go find out if person XYZ has been accessing nakedhairyeyebrowedcheerleaders.com, I can see how this utility might make it impossible for me to do my job

Depends on what your job is. If your job is to protect the bank from liability, anonymised browsing allows you to state with certainty "Nobody can link us or our employees with porn surfing. Not us, not nobody."

If you've been tasked with catching a known baddie in the act (perhaps at preteenlolitas.com), then you've got keyloggers, machine caches (they don't have admin access, right?) or just drop VNC on their machine and catch them with their pants down, so to speak.

I appreciate your concerns, but really, wouldn't it actually make your job easier if users showed a little courtesy and consideration, and stopped waving their dodgy surfing habits in your face (so to speak)?

Re:Good for some, nightmare for others

[base3]

That makes it a personnel issue, not a security issue.

Re:Good for some, nightmare for others

[smallpaul]

So what you're saying is: "On the good side, fundamental human rights. On the bad side, makes life harder for pointy haired bosses who feel that lunch breaks spent playing cards are fine but lunch breaks surfing porn are an abomination.

And this gives you mixed feelings???

Re:Good for some, nightmare for others

[Rupert]

I don't administer any kind of network (apart from the 4 Linux & 1 Win98 at home). However, you don't have to be a sysadmin to be patronising and arrogant. And my uid is not particularly low. It's about two orders of magnitude too high to get a proposal of marriage from CmdrTaco.

They are not drones because they are windows users. The reverse would be more accurate.

Re:Good for some, nightmare for others

[the+eric+conspiracy]

I could care less if my employees look at porn as long as no one complains

I guess you haven't been sued under the "creating a hostile work environment" sexual harrasment theory. Yet.

Personally I could care less what my employees do so long as they produce. However the governement makes me liable for certain on the job employee activities. Unfortunately that mean I have to keep a lid on things.

Re:Good for some, nightmare for others

[Rupert]

Slashdot really is going downhill. Now even the anonymous cowards have feelings.

Did I call you a drone? Did I insult you in any way?

Re:Good for some, nightmare for others

[Salamander]

as a Security Manager in a bank who's sometimes asked to go find out if person XYZ has been accessing nakedhairyeyebrowedcheerleaders.com, I can see how this utility might make it impossible for me to do my job

No problem. Whatever port is at the other end, the language spoken on the browser's connection will still be easily recognizable HTTP. You should already have an IDS running, and adding a signature for the "offending" HTTP traffic should be a no-brainer.

Re:Good for some, nightmare for others

[Snowfox]

I don't care how low your uid is, I still find your referring to employees as drones to be patronising and arrogant.

When Thin-Skinned P.C. Liberal Arts Majors Attack. Tonight on FOX.

Re:Good for some, nightmare for others

[R2.0]

I hope you can keep your ideals when some bank employee surfing for his lunch break masturbation material hits a malicious site. You'll get your account balance back eventually, but not before a bunch of bounced checks and no cash from the ATM ruin your life for a while.

And before you say that drones' computers don't have that kind of access, remember: it's always the higher ups that think the rules don't apply to them. How about Mr Branch Manager or Ms VP/Accounting getting their workstation compromised?

Re:Good for some, nightmare for others

[Salamander]

BTW, I forgot to point out that the Chinese can do exactly the same thing. In fact, I'll bet that they already do, and that open-source software makes the task easier for them.

Re:Good for some, nightmare for others

[BlueUnderwear]

Indeed. In most banks it is a firing offense to even think about installing non-approved software on your workstation... Needless to say, at certain banks, many more employees (future ex drones?) leave on their own, rather than endure such a draconian regime for too long...

Re:Good for some, nightmare for others

[Havokmon]

On the other side, as a Security Manager in a bank who's sometimes asked to go find out if person XYZ has been accessing nakedhairyeyebrowedcheerleaders.com, I can see how this utility might make it impossible for me to do my job.

Well, having been at a bank myself, that's the least of your problems. :)

I'd be more concerned if my tax dollars were used to buy filtering software for schools/libraries....
Which I was against -- SEE! TOLD YOU SO! :)
Next time, just buy another corporation another stadium.

Re:Good for some, nightmare for others

[YU+Nicks+NE+Way]

I agree that jpegs of naked cheerleaders with hairy eyebrows are not security issues in and of themselves.

That doesn't really matter, though. The most vulnerable part of any corporate network is its users, now. A user who's violating the acceptable use policies for his or her employer's network is an automatic security risk. First, such an employee becomes a possible blackmail target. In the case of porn, a network admin must bar porn on a professional network because of the possibility of a sexual harassment suit being filed against the company. That means that the AUP must make accessing such materials through the corporate site a disciplinable offense...hey, presto, instant blackmail. Second, though, any user who is actively subverting procedures put in place to prevent such abuse must believe that he or she "knows better than you do". Although the user's right in the vast bulk of cases, the cost in those rare cases where they're wrong is disastrous. What if the site is malicious? If they can get around your barriers, then what else are they downloading? Do they necessarily even know? How tight are the barriers around their machines?

Would you be willing to bet the company on their care?

Re:Good for some, nightmare for others

[sharkey]

I don't care how low your uid is, I still find your referring to employees as drones to be patronising and arrogant.

That's right. Please refer to them more accurately. Call them "lusers".

Re:Good for some, nightmare for others

[Florian+Weimer]

I'm being told that you can access all major news sites on China - if you can read German.

The situation in China is not as worse as you might think, and while there are repeated announcements about tightened Internet control, it does not seem to be of much relevance to the casual surfer.

Re:Good for some, nightmare for others

[GTRacer]

Been there, done that!

Previous gig had Cetus Stormwindows and LANovation LAN Escort set up. They were fond of randomly disabling basic Windows functions like Find and Help.

In short order, I found a way to de-Escort my machine and soon found a pair of network stiffs poring over my machine looking for evidence. What was funny was that our division was under a separate charter and budget and technically, as long as I didn't do anything to the corporate net, my PC should have been mine to modify at will...

Oh well, I quit after all their bullshit and have been much happier since!

GTRacer
- Bring it on, NetNazis!

Re:Good for some, nightmare for others

[trog]

No this makes it a security issue. Remember, all web browsers have remote expoits in them from time to time. Pr0n sites tend to be the first one's to exploit these holes (to get email addresses, install software, pop up ad pushing, etc.) Surfing pr0n sites at work is an almost for sure way to compromise the office network.

Re:Good for some, nightmare for others

[zpengo]

I don't care how low your uid is, I still find your referring to employees as drones to be patronising and arrogant.

That's probably because you're resentful of being one of those drones.

Re:Good for some, nightmare for others

[zpengo]

Because that's what power-tripping network nazis usually want when they've been made to look like dumbasses by "drone" users getting around their 1337 security. I took it from the fact that you referred to your fellow wage-slaves as "drones" that you were such a person.

Do I sense some resentment here?

Re:Good for some, nightmare for others

[smallpaul]

No, employees spending the time that their getting paid anywhere from $6-$60 an hour for are using it to surf pr0n.

If you don't have good ways to monitor their productivity then you need to trust them. Let's say that they aren't surfing porn. What if they bring it in on a floppy disk? Or mail it to themselves? Or bring in a magazine?

plus there's always the threat of getting a sexual harrassment suit filed.

Same question above. And anyhow, does any of this rate in importance even close to the issue of human rights?

Re:Good for some, nightmare for others

[Strog]

I was a network admin at a 1/2 billion dollar bank (not too big as banks go). I went to quite a few banking technology meetings and the push has been to Windows based for a while now but terminals are starting to come back into favor. At least a couple of the mainframe software vendors use a proprietary communication software that runs on Windows. They have been migrating to web based apps so you could use whatever you want. I was a little concerned when the new sorter was running off an NT box that was communicating to a dedicated NT server. There were some issues at first but it actually has run well otherwise.

I live in the Midwest and 90% of the banks that I have had interaction with have used MS based computers across the board with a mainframe running the critical stuff. I found out that a lot of banks were running online banking services with little or no firewall protection. At first I thought it was a fluke but I quickly found out it was fairly common in the smaller banks. These institutions would be fairly easy prey for someone with a little knowledge that wouldn't be hard to obtain. I admit I have limited experience in a specific locale so do what you want with my stats.

Re:Good for some, nightmare for others

[Tony-A]

More like observant in this case.
Now if he were the sysadmin referring to his charges as drones it would be patronising and arrogant. Bad style.
Watching the interplay between the drones and the administrators (from a safe distance) has got to be verrrry, verrrrry interesting.

Re:Good for some, nightmare for others

[the+eric+conspiracy]

TExplain to the workers that if you see them with porn there will be meetings on the problem.

Unfortuantely merely having a policy is not enough. You also must enforce it to protect yourself against lawsuits.

Re:Good for some, nightmare for others

[R2.0]

How about something even simpler - Jane the VP has all her login names and passwords recorded in Gator (or Password Tracker, or an Excel File)

Re:Good for some, nightmare for others

[Com2Kid]

Bah,

as someone who has both admin'd and broken through other admin's security setups, let me say that anybody who cannot COMPLETELY secure a box has no idea what they are doing.

One box I was on was setup so that only files with certain names could be run.

Solution?

Rename file (if rename is disabled, just download it as an 'allowed' file name) to one of the allowed program file names.

The latest clever admin trick that I saw was that the computer was setup such that Install Shield always detected the presence of Uninstall Shield running in the background, thus Install Shield would refuse to run.

Nifty that. I may have to ask them how they did it. :)

I simply got the manual extractor for Install Shield compressed files and decompressed the files myself. (luckily the program did not have a bunch of DLLs that it demanded be installed in the System32 directory or anything. ;) ).

Hell systems locked down to run nothing else but Word and Explorer I have managed to get to DOS on. (and once your in DOS shit tends to go all haywire. ;) Few Window's admins know how to or care to lock down the basic DOS commands, heh).

This 'security issue' was eventually addressed (even in a Microsoft patch I do believe. . . .) and the ability to add items to your favorites menu in IE from Office was eventually set to something that the Administrator could toggle on or off. :) (heh)

Of course as a last resort option I simply stick in any of a number of Linux Boot Disks that are designed to go in and change the Admin password on a box. I have had to do this several times after being assigned to work on machines for which nobody knew the administrative password for. ::groans::

(once physical access to the box has been gained, the machine CAN and eventually WILL be compromised. Period. Unless you encrypt the living shit out of the entire HD and only have the key stored on a dongle that has to be plugged in to the serial port while typing some long password on the keyboard and said dongle is stored in a Fort Knox like security situation)

Re:Good for some, nightmare for others

[raju1kabir]

First, such an employee becomes a possible blackmail target. In the case of porn, a network admin must bar porn on a professional network because of the possibility of a sexual harassment suit being filed against the company.

This often-repeated argument will make sense to me once there are other "security" personnel going through people's desks and briefcases looking for porn. Until then, it's just a silly rationalization for cheap power trips.

Second, though, any user who is actively subverting procedures put in place to prevent such abuse must believe that he or she "knows better than you do".

Sounds like a thought crime to me.

Although the user's right in the vast bulk of cases, the cost in those rare cases where they're wrong is disastrous. What if the site is malicious? If they can get around your barriers, then what else are they downloading? Do they necessarily even know? How tight are the barriers around their machines?

Those are problems for the security people to solve. Telling people "You can't bring your own food in for lunch because we don't know that you won't jam peanut butter in the locks" just makes me think you need to hire a better locksmith.

Would you be willing to bet the company on their care?

If the computer systems you provide are so easily compromised that any random input source spells doom for your company, then you clearly have selected the wrong computer systems.

Re:Good for some, nightmare for others

[shyster]

IANAL (is anyone on Slashdot?), but I'd think that a complaint would have to be filed, then disregarded, before a sexual harassment suit would be even discussed.

If a complaint came in, then I'd chastise the employee for being stupid, and talk to his manager. At that point, it's out of my hands.

I trust that the execs and HR dept. hire qualified individuals to do their job. My job is to maintain the PC's, servers, and network. It's not to police users. If HR can't hire good ones, and managers can't fire bad ones, then the company has a boatload of other problems to worry about.

Re:Good for some, nightmare for others

[muffen]

Hmm...
Even though I must say that your way of presenting the information is impressive, you seem to only look at this from one side.

On the bad side, makes life harder for pointy haired bosses who feel that lunch breaks spent playing cards are fine but lunch breaks surfing porn are an abomination.

You think that the only securityhazard of this is that people surf porn??
This enables people in companies to break company reglations. This can cause securityholes in the company network, enable people to download malware, enable people to hog network bandwidth by downloading things they are otherwise restricted from downloading etc etc etc.

Inside a company, the company rules apply. The reason for this is mainly because they pay for the bandwidth. This tool will enable people to break the rules, thus making it a hacktool.

The question is, will big companies pressure antivirus vendors to add detection for this?

Re:Good for some, nightmare for others

[filtersweep]

Of COURSE this is a security issue... at work they've *finally* blocked all web mail (except a java-based site I found called perfectlyprivate mail, but I digress) because so many BOZOs where passing around those stoopid snowball fight games, etc... and of course some nasty worms made it into the network, viruses, etc... aside from the loss of productivity answering yahoo mail... think god all the monkeys can still track their beanie babie auctions on ebay.

Of course only people that "truly need" internet have it- which means EVERYONE has it... and nobody follows the use policy.

The thing is, I seriously doubt the type of person who would use this in the workplace (ie. has the saavy) would be in the same category as those causing virus/worm problems by opening shady attachments, etc..

BTW- I've never seen a "network nazi" be a fascist by choice- they usually have a very "firm" mandate from some upper management type who hasn't even figured out how to turn his PC on.

One might seriously question how many people actually NEED internet in the first place... the only legitimate use I've ever had for it is the reverse phone directory, and mapquest (which is a nightmare)... maybe the download of a few government forms- but to have it on every desktop? Let's get real... half the people posting HERE are doing it while at work.

Re:Good for some, nightmare for others

[smallpaul]

You think that the only securityhazard of this is that people surf porn?? This enables people in companies to break company reglations.

I just don't see logfile checking or IP address filtering as an effective way to enforce corporate regulations. If you want to stop big downloads, stop big downloads. If you want to stop people from messing up their machines then lock down the machines. Filtering or logging IP addresses can be at best a reactionary move because you don't know the "bad" IP addresses in advance anyhow (unless they have very obvious domain names). Plus, proxies exist today. I could probably surf porn

Re:Good for some, nightmare for others

[SealBeater]

It seems you're doing something wrong...where I work, the only access to the outside world is via the proxy; changing proxy settings to other values will result in loss of Internet access because values other than the ones prescribed by the company don't work.


If you can get out via https, check out bouncer, it's an easy way to create an ssl tunnel to another box to bypass proxies, bouncer

SealBeater

Easily blocked too...

[Nijika]

THe problem is restrictive governments have people on staff to look for stuff like this. This app (while I haven't tested it) pulls from multiple sources. I like the idea a lot. Sorta moving towards a P2P web network where you can browse content like you do now but peer to peer rather than client / server.

This still won't work!

[SMN]

Peacefire has been following Peek-A-Booty for a while, and we keep coming to the conclusion that a peer-to-peer anti-censorship system is impossible. There's a very basic problem that Peek-A-Booty still hasn't solved.

The problem: Say I'm a user who wants to connect to a Peek-A-Booty network. I need to get the address of a node to connect to. How do I get this? The obvious solution, and the one used for Gnutella and other peer-to-peer apps, is to publish a list of nodes (or at least one). But that won't work here -- because then the censors can use the same list to track down the nodes and block and/or disable them. This is especially problematic if you're using Peek-A-Booty as it claims it is meant to be: if you're in a country that filters access (say, China) and the government can track down the users trying to circumvent the filters, they can and will punish/torture/kill those people.

Peek-A-Booty has not solved this problem. Read what Tom's article has to say about it:

"For security, there's no attempt at initial discovery - you'll get sent details of a node by word of mouth, or from some other secure source. Baronowski and de Villa expect that citizens groups (NGOs) will become trusted servers."

That's right -- the only way to connect to a Peek-A-Booty network is word-of-mouth, which is horribly ineffective. Finding a node will be extremely difficult unless you know the right people, and then it's very easy for the censor to ruin it. Trust the wrong person, and your whole network is exposed. Government spies could give out addresses that the claim are Peek-A-Booty networks, then catch anyone who tries to connect to those. Worst of all, they could just offer some huge incentive to people for turning in their friends.

I hate to say it, but this system simply isn't ready yet. They have not come up with a technically sound solution.

Re:This still won't work!

[Rogerborg]

• the only way to connect to a Peek-A-Booty network is word-of-mouth, which is horribly ineffective

Bear in mind that you'll also have to find out about and then get Peek-a-Booty in the first place. If you can do that, chances are you'll be able to find a list of nodes as well. Once this is up and running, a Google search and some patience should get you settled in.

I completely agree that it's not easy, that there is no magic technical solution, and that even using Peek-A-Booty may be risky for people in some areas.

The thing is: what's the alternative? Accept the firewalling? Use non-SSL public proxies that leave your traffic visible? Peek-a-Booty is one solution. What's your alternative?

Re:This still won't work!

[lysurgon]

I hate to say it, but this system simply isn't ready yet. They have not come up with a technically sound solution.

And they never will. Why? Because the problem they are attempting to solve is not a purely techincal one. Censorship is a political issue (e.g. involves people, not just machines) and as such demands a political component to it's resolution.

The merit of the program sits on the notion that repressive countries cannot afford to blockade the internet wholesale in order to control access to the proxy network. Ergo the success of the project is based on enough people in non-firewalled countries participating. And this doesn't just mean a lot of p2p proxy nodes, it also means a lot of people publishing a list of gateways.

Much like in the world of warez, the massive proliferation of information would make it difficult if not impossible for the censoring agent not only to keep up with the number of IPs that serve as proxy nodes, but also to keep up with the number of websites that point to potential gateways.

Look, this is a software project designed to break the laws of repressive countries. As such, it will never be a "technical solution" to the problem. At best (and this is what I think they're going for) it is a technical aid in the struggle for freedom. I say cheers to them.

Re:This still won't work!

[smallpaul]

I hate to say it, but this system simply isn't ready yet. They have not come up with a technically sound solution.

The best is the enemy of the good. It doesn't make sense to hold up a solution with some flaws in favor of an impossible system with no flaws. Freedom fighters take risks. That's their choice. We should help them to understand the risks they are taking but we should not deny them the right to even try to work around the system. Proxies are popular today even though they have the problems you describe. Peek-a-booty just ups the ante a little bit.

Re:This still won't work!

[pjrc]

The obvious solution, and the one used for Gnutella and other peer-to-peer apps, is to publish a list of nodes (or at least one). But that won't work here -- because then the censors can use the same list to track down the nodes and block and/or disable them.

If a node list is published on many sites which also have desirable content, filtering becomes much more difficult. Not impossible, but consider publishing node lists inside discussion forums such as slashdot, yahoo groups, bravenet, ezboard, myforum, hostboard, etc.

Sure, a censor could search out the node lists, but a simple countermeasure would be to make sure the node lists are updated regularily with short-lived hosts. Another simple countermeasure would be to poison the list with hosts a censor would not wish to block. The software could maintain a local cache of hosts NOT running the proxy to avoid swamping normal sites with invalid proxy requests. Forged node-lists posted by censors could (maybe) be detected by checking signatures and some sort of "ring of trust" public key infrastructure, PGP style.

It's probably impossible to make censorship completely impossible... but it is possible to make it more difficult and expensive for censors. It sounds like a lot more is yet to be done. There are a lot of creative people out there and I'm sure some of them won't have any problem coming up with some really good ideas (I just made up these on the spot as I read your message... and there are certainly a lot of people who've put a lot more throught into this than I have).

Re:This still won't work!

[SMN]

Yes, I can see it now... "You have downloaded pornography? As a law enforcer in China, I must act in accordance to gross exaggerated stereotypes of ignorant Americans, and SHOOT you!!" *Bang*

Those crazy Chinese devils, you never know what they're gonna do. Good to be safe and racist in the free US, eh?

They routinely execute Christians and Falun Gong members merely for having their religion behind closed doors. Yes, I think that they would happily murder thousands of people for circumventing their firewall and breaking their moral codes of conduct.

Re:This still won't work!

[ozbird]

That's right -- the only way to connect to a Peek-A-Booty network is word-of-mouth, which is horribly ineffective.

Don't worry, now they can send you the list of nodes on a self-shredding e-mail.

Spooky prediction

[Rogerborg]

The Great Rogerborgio will make a spooky prediction. When Peek-a-Booty 1.0 reaches 100,000 downloads, a story will break that the client contains a hostile trojan that lets "evil hackers" take control of your machine, impersonate you, steal your credit card details, and screw your shrieking girlfriend in the ass while you watch helplessly, tears of frustration streaming down your shocked, betrayed face.

The story will be submitted by a "credible group of anonymous white hat hackers" and run - unquestioned - by BBC Online and - slightly questioned, at best - by Reuturs, and every other online news source will pick it up from there and spread it as gospel truth.

It will not be true. It will be Fear, Uncertainty and Doubt, pure and simple. Many interested parties will want Peek-a-Booty to fail. In fact, there are so many - governmental and industrial - that even the Great Rogerborgio cannot peer through the mists of time sharply enough to determine the culprit.

But it will happen. And remember, you read it here first.

Re:Spooky prediction

[snake_dad]

So... how long have you been a member of cDc?

There's a slight problem here

[zzyzx]

So you mean I can go to any website out there, even if my websurfing is blocked? Great! How do I get this software? Oh go to this website. Hey. It's blocked.

Re:There's a slight problem here

[zzyzx]

Yes but are the instructions on how to do that on that website? I still think there's a chicken and egg problem here.

Aims & Reality

[greygent]

While the aims and goals of this project are commendable, I can't help but think that this program will be utilized moreso by old men wanting to look at kiddie porn safely, than those in oppressed countries.

One can simply see this trend with the GNUtella network, and monitoring the search strings people send out. They're full of stuff such as "hairless pre-teen sex" and "dogs fucking women".

I'd be much more interested in running Peek-A-Booty if it had some sort of information-type limiting, but this would go against the whole basic concept of the program. I'd be glad to assist those who are oppressed, but WILL NOT help sexual predators and the like.

Maybe people who want to help those in oppressive countries should throw up rogue squid proxy servers with bandwidth rate limiting and perhaps some client access limiting (*.cn, *.ru, and soon, *.us). This is what I do and it works quite well.

I don't even advertise it, but quite a few people find it and use it (mostly people in southeast asia, actually)

Re:Aims & Reality

[greygent]

>Yeah! It horrible that a government should tell people what is right and wrong to look at, but it's fine when I tell them!

>Why is it right to censor kiddie porn but not other things? You are not really against censorship if you believe that it is, you just disagree with what should be censored.

Because, it's my fucking computer. The government has nothing to do with my computer or my decisions not support something. You seem to have people and government confused.

Your argument is ridiculous. Would you give a neo-nazi group, or perhaps a coprophiliac web space on your server? Probably not.

A person is not a government. A person can exercise their freedom of choice, and their opinions, and my opinion is that I simply do not want to support some causes. I am not oppressing them by not supporting them.

Re:Aims & Reality

[greygent]

> If an ISP decided to block sites they did not like, would that not be censorship? They are not a government, it is their "fucking computer", so by your argument it is not censorship. You seem to have government censorship and censorship in general confused.

Yes, that's censorship. Again, an ISP is not a citizen. An ISP's server is not an individual's computer.

There is no burden on a citizen that requires them to participate in Peek-A-Booty, which is my whole point. There is no burden that a citizen must provide all of their available resources for public use in America.

As I said before, I am not against Peek-A-Booty, it's just something I would not participate in, because it does not align with my ethics (concerning helping pedophiles). This is not oppression, this is an individual's personal freedom in effect.

You seem to carry the misconception that my not participating in this program means I am somehow actively blocking them from accessing their destinations. This is completely wrong. I am merely choosing not to allow my personal equipment be used as an avenue for them.

Using your argument, I'd be oppressing people if I didn't have CAT5 cables running from my DSL equipment out to the curb for general citizen use. It's the same thing.

To force citizens to participate in ideologies they wish to take no part of is against freedom and oppression in itself.

You need to make the distinction between the rights of a person, and that of governments and corporations.

Re:Aims & Reality

[wickidpisa]

Yes, that's censorship. Again, an ISP is not a citizen. An ISP's server is not an individual's computer.

When you run Peek-A-Booty, or any proxy, you are acting as an ISP for the people using your proxy to access the internet. Just because you give it away for free does not mean you are not an ISP.

You seem to carry the misconception that my not participating in this program means I am somehow actively blocking them from accessing their destinations. This is completely wrong. I am merely choosing not to allow my personal equipment be used as an avenue for them.

No, I never said that. I am not saying that not running Peek-A-Booty is opressing or censoring anything. I am saying that running Peek-A-Booty and filtering out certain types of material is censorship.

You need to make the distinction between the rights of a person, and that of governments and corporations.

I have said nothing about rights, or even what is right or wrong to to. All I am saying is that it is hypocritical to censor anti-censorship software. You have the right to do it, but it is still hypocritical.

Where's the "Beef"?

[spotter]

this supposdly "non vaporware" still isn't downloadable from the peekabooty website.

Just because people have seen it run, doesn't make it non vaporware, it has to be distributed.

So where's the Beef? ([lame joke]or should that be dead cow?[/lame joke])

Another Diamond Age prediction true?

[wickidpisa]

Doen't this system remind anyone of the media network in Neal Stephenson's The Diamond Age? Information gets passed from one place to another by different people, so that no one can tell where the person on the other end is. Looks like another one of Stephenson's ideas has become a reality.

Here is what will happen...

[RexRuther]

... some cracker will set up a node that, when asked for a web page, issues spam instead.

... or worse yet the web page requested with spam interspearsed.

That will be the end of that.

The End. (uggh) Nice idea though!

Does this really help the oppressed?

[sterno]

If I'm a Evil Opressive Government (TM), does this really do anything to circumvent my ability to oppress the masses? Great, so a bunch of dissidents decide to go out and get their information on-line through this system. I, as the Evil Oppressive Government use my intelligence networks and eventually discover this system. So what I do is find several of these proxies and begin logging their activity.

A few months later after I've seen a lot of people going to these systems I begin sending out visitors in the wee hours of the night to "educate" these people. Really these systems may actually make it EASIER to find incorrect thinking individuals. I don't have to compromise an entire network of dissidents, I just have to find a couple proxy sites and let the proxy logs do my work for me.

I've spent a lot of spare brain cycles thinking about this stuff and it seems like you really need a way to obfuscate that nature of your communication over multiple channels. You need legitimate looking sites to act as proxies and to limit the frequency and size of transmissions to reduce their visibility. Anything that can make connection profiling possible rules it out as a viable solution.

Now, this system does have a host of possible uses, don't get me wrong. It will make it possible for somebody at the library to work around net nanny software, etc. It will make it easier to avoid the snoopy firewalls at the office who want to keep track of how many times I visited Ebay today. But I don't think this will do dissidents much good.

numerous problems

[mr_burns]

Hey guys, this ain't released yet, and for good reason. There's still work to do. If you have an attack which you think is probable of success, you would do good to let them know so they can design countermeasures.

censor the proxy

[JDizzy]

Its easy, just block the proxy network, and boom... its blocked again. That was easy!

Blocked!

I'd like to use this, but my company has blocked access to the site.

New trend in /. posting?

[Slothrop]

'Look! Neal Stephenson was right in !' He's not that great people, nor all that presicent. Most of the science in the Diamond Age was bad or ill-concieved, and even the media system is somewhat mangled and unworkable. It involves a really major paradigm shift that he never bothers to explain. That said, I like most of his books, except for the constant and irritating moralizing that he's doing more and more with each book. The Diamond age is stuffed to the ears with 'magic', not tech, so I wish that people would stop crowing that the man is right all the time. He's basically a conservative commentator that writes Sci-Fi. That doesn't make him bad, but it also doesn't make him a futurologist (which wouldn't make him nessecarily more correct anyway, looking at some of the lastest stories here.).

The Net interprets censorship as damage, ...

[Seth+Finkelstein]

The Net interprets censorship as damage, and routes around it.
-- John Gilmore

What if censorship is in the router?
-- Seth Finkelstein

Is routing-around true in practice, rather than than simply a trivial underground? It doesn't seem to ever work for "the masses". We're seeing another experimental test of this principle. I wish it well, but the past failures are sobering.

Sig: What Happened To The Censorware Project (censorware.org)

The game continues

[zpengo]

It's a big game with no resolution. There will always be some who want pure freedom, and others who want to restrict it, and there will be people developing software on both sides.

It will never end, and there will never be a winner. The game just goes on and on and on...move and counter move, move and counter move...

It certainly is fun to make the other team (whoever they may be) squirm, though.

Look for the worst and you'll always find it.

[Perianwyr+Stormcrow]

Information-type limiting works against the very idea of the system.

I don't mind helping everyone equally. Even sexual predators- there are other ways to catch them.

Sorry, kiddie porn is not a trump card with me.

Re:Look for the worst and you'll always find it.

[greygent]

And I respect your opinion.

As obvious, the opinions I voice are merely my own. While my ethics do not align exactly with law, I have a particular distaste for sexual predators and child molestors, and it's a great enough issue that I do not want to potentially help them.

I'd like to also clarify my "I'd be much more interested in running Peek-A-Booty if it had some sort of information-type limiting" comment. I meant this at the participant-level, and not a network-wide level. Some sort of mechanism where the participant has the freedom to disallow his resources to be used for certain ideologies of which he does not want to take part.

But again, this goes against the entire Peek-A-Booty concept, and I may even be alarmist.

The proxy idea works great for me, and my proxy server hasn't been firewalled from China as of yet.

I get a significant amount of traffic from China, and they seem to look at a lot of democracy-oriented and (non-child) porn sites from the rare times I've taken a glance at the traffic.

Please note, I am all for this project, and not against it in the least. I merely have some concerns.

NakedHairyEyebrowedCheerleaders.com

[zpengo]

Wait a minute...those aren't pom-poms! Ewww, gross!

RE: Someday, I see this splitting up the net

[King_TJ]

Already, we have the "Internet 2" project for researchers, so they can have their own Internet, free of commercial traffic and home users clogging things up with streaming video/audio and file downloads.

I see more of this coming. In the future, I predict businesses will get together and pay in to some sort of entity that builds (or promises to build) an independent Internet type network just for business purposes. If you're a porn provider or warez site, you simply won't qualify to be a part of this private network. The only question remaining is how many ties to the rest of the Internet will it have? It seems it has to have at least a few, because employees working from home will want to tunnel in via VPN to the workplace.

Re: At least you have the monitoring idea right

[King_TJ]

The biggest problem I see is management content to drop the whole Internet surfing problem in the lap of the I.T. department. What most I.T. workers are saying is "Hey, I want to spend my time taking care of the computer systems and network -- not becoming the Internet police."

It's the job of a manager to oversee his/her employees and make sure they're using their time efficiently. As I've always said, employees who want to waste time will find a million ways to do it. If you restrict them from surfing the net, they'll just talk to friends on the phone, or bring in a newspaper to read, or walk the halls with a cup of coffee and try to look busy.

I have no problem with putting the basics of an automated system in place to block known porn sites and other blatantly illegal sites. Just by doing that, you're showing you took measures to prevent sexual harassment in the workplace. I think most companies would like to be in a position to say they did that, if it ever came up in court.

Beyond that, I think it's wrong for managers of other departments to request/expect I.T. to "fill them in on what so-and-so is doing on the web", or to complain that something's not "locked down tight enough". If you know you have employees surfing where you don't want them surfing, take care of it yourself!

Re:OK, but....

[Drakin]

From the sounds of it, that wouldn't work very well. It's based on P2P networking, so it would hop between known nodes, and likely have nodes added as other nodes inform your node of them.

So it would show up as a lot of connections to various IP's, not one single bannable IP.

Unemployment

[zpengo]

Actually I am unemployed and would grateful for any job at the moment since I can't pay my mortgage.

I'm sure that getting upset at people for how they refer to employees probably hasn't helped you get a job.

Instead of saying "I resent that you call employees drones!", you should try, "Who should I talk to about becoming one of your drones?"

Employee surfing - hard learned lessons

[nomadicGeek]

I see a lot of posts which seem to imply that employee surfing should be ignored. Why is it a big deal if an employee does some personal surfing? Why not measure an employee's productivity and leave it at that?

I used to work at a company that had a very liberal internet use policy. We were pretty early adopters as far as the corporate world goes. We wanted people to use the Internet as a tool and didn't want to micromanage or scrutinize its usage.

Over the years we had to tighten our policy as abuses started to mount. The final straw was an idiot who was collecting kiddie porn and saving it on our network server! We immediately notified the police and he has arrested and prosecuted. The guy literally had hundreds of pictures carefully organized into directories to categorize them. It was obvious (1) that he had been doing it for a while, (2) he had invested a great deal of thought and time in these activities.

The company was dragged into the employee's defense trial. We spent a lot of time and money on attorneys, depositions, etc. It was a nightmare. We were forced to implement a system to control and monitor access to the Internet to insure that this type of thing did not happen again. It is one thing to get caught in that type of situation once but it can't happen again.

So we spent a lot of time and money watching and controlling Internet access. It sucks but it only takes one idiot to mess things up for everyone and there are a lot of idiots out there.

I still think that ideally Internet usage should be the employees' responsibility but in the real world things often get much more complicated.

This works now

[StrawberryFrog]

the only way to connect ... is word-of-mouth, which is horribly ineffective. Finding ... will be extremely difficult unless you know the right people, and then it's very easy for the censor to ruin it. Trust the wrong person, and your whole network is exposed.

Millions of drug users use this model quite happily.

Re:This works now

[Erasmus+Darwin]

"Millions of drug users use this model quite happily."

Drug users are slightly safer. If a single Peek-A-Booty user of a given node is compromised, the government can start watching all traffic to that node and build a giant list of criminals. If a single drug customer is compromised, there're practical limits on how many other clients they can catch during a sting.

Peek-A-Booty is no longer affiliated with CDC

http://cultdeadcow.com/details.php3?listing_id=426

PEEKABOOTY UPDATE
FOR IMMEDIATE RELEASE

LUBBOCK, TX, February 7 -- The CULT OF THE DEAD COW (cDc) would like to clarify a few matters in relation to Peekabooty, an anti-censorship software application currently under development.

Peekabooty was originally the brainchild of the Hacktivismo group, an international cadre of hackers founded by the cDc's Oxblood Ruffin. Hacktivismo's mandate was and is to develop technology in the service of human rights. Peekabooty was its first project; others are in various stages of planning and development.

The CULT OF THE DEAD COW has supported this work from its conception, because we view censorship of the Internet as a cancer that must be excised. However, it should be noted that the cDc membership have not been contributing code or driving the development schedule for Peekabooty. This project was entirely the concern of Hacktivismo group.

Two years ago, Bronc Buster and Mr. Pink wrote the proto-code for the current iteration of Peekabooty. Paul Baranowski (who until recently used the handle "Drunken Master") later became its chief architect and took charge of the Peekabooty programming effort. Some months ago, Paul chose to dedicate himself full-time to refactoring the codebase and finish implementing the remaining functionality.

Paul has recently decided to sever ties with the Hacktivismo group but he will continue to develop the Peekabooty app. Occasionally developers can't find the environment they need to do their best work and now is one such time.

Paul will be leaving Hacktivismo and taking on full responsibility for his work and all future development of his software. So from now on, Paul is directing all aspects of the Peekabooty project. It is no longer a Hacktivismo production. The Hacktivismo group will shift its main focus back to other projects in the pipeline.

We continue to wish Paul the best of luck. We believe that Peekabooty will prove itself to be a liberating force on the Net. Although Hacktivismo has severed formal ties with the project, some members intend to informally contribute their testing skills, etc. to the ongoing effort.

Paul will be presenting a recent snapshot at CodeCon, February 15 - 17, in San Francisco. Go check it out. But please be aware that this is not a launch; Peekabooty is still a work in progress.

Defeating Geographic Region Control

[Robotech_Master]

Most of the comments I've seen for this story talk about how it will be good (or bad) for employee surfing. It occurs to me that this will also be a way to defeat the websites that try to lock out certain regions from being able to access them, for matters of national licensing and such. (I saw a story about that sort of thing on /. a while back, but I'm too lazy to go look it up. :)

Nomenclature

[Dr.+Carl+Jung]

Technology merits aside, why did they have to choose the name 'peek a booty' ?? This really isn't helping us getting rid of the 'pron-fiend-p2p-user' stereotype. I can't imagine the company or technology being recognized by corporate types, either.

Quick Browse

[kevinoshea]

I wonder if a program like Quick Browse - http://www.quickbrowse.com - might also do the trick?

Re: At least you have the monitoring idea right

[shyster]

Beyond that, I think it's wrong for managers of other departments to request/expect I.T. to "fill them in on what so-and-so is doing on the web", or to complain that something's not "locked down tight enough". If you know you have employees surfing where you don't want them surfing, take care of it yourself!

At my last admin gig, I refused to provide managers with info on what sites were being accessed, what email was being rec'd, and what personal files were on hard drives. If a direct order didn't come from an executive or the IT Director, then it was not my place to rat out employees.

Talk about liability! I have no way of knowing/proving that John Doe accessed this site. I only know that John Doe's PC accessed xxx.com. But PHB's won't understand the difference.

Managers wouldn't ask someone in a cube famr what the guy next to him was surfing, why should I be put in that position? The other employees are my colleagues, and I refuse to disrespect them simply because I control the servers.

This should not be released under the cDc name.

[muffen]

I heard about this program a year ago. Back then I wasn't sure what to think about it, because cDc isn't one of the "software producers" I trust. Personally, I would never install anyhing written by them on my computer.

Peek-a-booty appears to be a valid program, and may even be really useful for people who have governments blocking them from freely accessing the internet. However, I do think that they should get rid of the cDc name, mainly because cDc is associated with lame backdoor trojans by a lot of people. Also, if it ever got mainstream media attention, it is likely that they would start the article by saying something like: "cDC, the makers of the infamous backdoor trojan program Backorifice...". This is likely to scare people from installing it.

Just my two cents...

depending on source license && availabilit

[Herr_Nightingale]

I believe that Peek-a-Booty will be GPL'd, or at least open-sourced.. in that case, one would simply distrust the binaries and compile (or DL from trusted site) the program locally.
As far as it goes, however, Back Orifice is notable as one of the trickier trojays to ferret out .. it's a neat piece of code. Assuming the widely-heralded P-a-Booty is coded to the same high standards, I would very much like to get ahold of it.