Slashdot Mirror
The Pirate Bay's Plans To Encrypt the 'Net
Keeper Of Keys writes "According to newteevee.com, The Pirate Bay, those fun- and freedom-loving Swedes, have embarked on a project to encrypt all internet traffic, probably by means of an OS-level wrapper around all network connections, which would fall back to an unencrypted connection when the other end is not similarly equipped. The move has been prompted by a recent change in Swedish law, allowing the authorities to snoop on network traffic. This will be a boon to filesharers and anyone else concerned about authorities and trade groups' recent moves towards 'policing' network traffic at the ISP level."
Should already be encrypted. If they weren't, they were being pretty careless.
What more do we need?
This will lead to governments putting pressure on ISPs to block all P2P traffic. Say goodbye to downloading Linux or other software P2P once P2P clients default to encryption.
Sounds like a poor man's implementation of IPsec to me...
oh wait, without the standardisation of course.
I can't see a downside from a user perspective, and the only Govt/ISP/etc justifications not to do this are an invasion of privacy (packet headers could be used for QoS, etc). It's like, I dunno, posting all your mail in an sealed envelope instead of on a postcard - you can still put an economy or airmail sticker on it, it just means the postman can't (easily) read your message anymore.
Forget thrust, drag, lift and weight. Airplanes fly because of money.
Doesn't this problem already have a solution?
This would also be a boon to anyone else concerned about civil liberties, presumably. I can't imagine many governments being particularly happy to see such a plan come to fruition.
reply:
"pirate bay has become a haven for child pronographers. shut it down"
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Without preshared keys, this is vulnerable to a man in the middle attack. Your ISP or the government's spies or whoever simply intercept your communications with the other peer at the time of hand shaking and key exchange, and hands their own encryption information to both parties. Decrypt each message, and encrypt it for the other party before sending it down the line.
This protects against casual snooping, but it completely fails to account for the level of involvement that domestic spying already suffers from.
Slay a dragon... over lunch!
With a popular site like Pirate Bay behind it. This might actually catch on. If we all had to use an encrypted protocol to communicate with Google all internet traffic would quickly switch to that format.
Not really, from their site
The goal of transparency to the transport layer means that the user will not have to configure anything, just install the encryption software and go. It also makes sure that encrypted traffic will travel over IP carriers without trouble (except in the case of mandatory transparent proxying). Current IP-transport encryption using tunneling or IPSec do not have the same property. Many low-cost ISPs filter IP protocols and TCP/UDP ports to block encypted traffic and there is always a cost to the user in configuring key-exchange, NAT-traversal and such. Anonymity can be provided by existing IP-anonymizing networks such as tor and i2p since the encryption is transport-independent.
So they are planning to roll out zeroconf IPSec that doesn't NEED to have specific support for NAT traversal. Now, "NAT Traversal" technically just means UDP encapsulation (which in turn results in all fancy MTU problems).
It seems that they are only interested in encrypting the TCP/UDP payload, with key negotiation happening at the start of the session (SYN/ACK packets for TCP, and as a completely separate negotiation with UDP).
If they can go with this, I sure hope they write an informative RFC..
If several million people all started encrypting all of their traffic, there's gonna be a whole lot more CPU usage and therefore more power consumption going on. ThePirateBay, think of the penguins!
(Come to think of it, the consumption increase might be offset by firefox 3 raping CPUs less than firefox 2 used too :)
Today's weirdness is tomorrow's reason why. -- Hunter S. Thompson
TFA mentions some unfinished projects. What about the island they wanted to buy and turn into a sovereign nation? How's that one coming along?
Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
TPB is obviously related to the FSM church, and this is a good thing - they are fighting global warming (and must use encrypted connections because the planet might be listening).
Va Fbivrg Ehffvn, lbh rapelcg gur Cvengr Onl
For over 2 years I have been encrypting my internet connection using a roll-my-own solution. I trust my ISP implicitly - they are one of the few good guys left in the ISP arena. I don't trust my government.
;)
The sad thing is I don't even have anything to hide. But I detest the idea that someone, somewhere, might be monitoring what I'm doing. I use an anonymous email service with PGP encryption, I do all my browsing over a VPN connection to a (cheap) VPS server in another country. For added protection I can then tunnel using SSH to another server in another country which then uses tor to make my final connection.
Security is cheap (the whole setup probably sets me back around $50/mo including my 8mbit dsl line), but it just requires the time, persistence and knowledge to set it up in the first place. If an end-to-end solution can be built-in to the OS AND we can be certain as can be there are no back doors, then this can only be a good thing.
For those who in the meantime who want to protect themselves but are not too sure where to begin, get yourself a cheap VPS (hundreds of providers out there), set up OpenVPN and off you go. You can even use SSH to tunnel a SOCKS connection for an easier option. I would suggest OpenVPN as a starting point though, as it makes it easier to expand later, e.g. tunneling an SSH connection to another server through the VPN, which can then connect to tor running on localhost on the second machine. Should your connection be intercepted at the ISP level (the most likely?) then they'll have a double-encrypted tunnel to deal with, and then probably an ssl-encrypted https stream inside that as well if you're careful about where you surf.
Anonymous Coward for obvious reasons
Result: CPU wins.
I've been thinking about this for years now.
Go a step ahead in the arms race. Start encrypting before people the control gets to an unbearable point.
This is guillotining the king when he's still trying to make the senate make remove his position's time limit.
Just knowing that this is important for more people makes me a bit happier.
Thanks for the good news. Now tell me someone is addressing how to create an internet that doesn't depend on telecom corporations and I may cry.
What about HTTPS? Couldn't an ISP do the same thing and capture personal information such as SSN's, credit card and bank account numbers and then share that information with anyone it wants to? I would imagine that once something like this is compromised at the ISP level, it would cause people to stop using legitimate services on the internet because they can't trust their ISP's.
We'll make great pets
i know it shouldn't be that way but...the world isn't as it should be. If someone wants to start encrypting anything and everything, including legitimate usages without heavily sensitive information (which is fine and dandy and helps privacy, so its all good and fine), don't start associating it with people who DO have something to hide.
TPB is doing a huge disservice now. The idiots up there will automatically be like "SEE SEE SEE ?!?!?! Encryption == Piracy, pirates download porn, porn == child porn, think of the children, ban free usage of encryption!!" And then we'll be -worse- off than we are now.
Clean up your act first, THEN advocate encryption, and all will be well.
This demonstrates the sheer stupidity of our so-called Democratic Governments. Once the pedophiles, terrorizers and crooks were the only ones who needed to encrypt their work. But governments are wasting so many tax payer dollars to spy on their own citizens for no good reason, that now the citizens are turning to encryption too. Now instead of having to concentrate on a small island of encrypted comms, Government will now have to sift through a sea of it. We've got dumb and shady politicians (hey thanks for your FISA betrayal, Obama) and public servants more interested in building empires then generally protecting the people who pay their salaries (that's the taxpayer, not the politicians).
Surely what they're proposing is basically SSL, everywhere, if a handshake shows that they support it?
The problem with slashdot is that most of its users were bullied and stuffed into lockers as kids!
Better yet, they could find use for an existing proposal, complete with code: OTCP. It transparently encrypts TCP sessions in a way that would defeat Comcast's (and China's) eavesdropping/RST forging; if they wanted to defeat OTCP, they'd have to intercept and rewrite all SYN packets, which is a lot more burdensome. It can't guarantee perfect security, but perfect security is mutually exclusive with providing full backwards compatibility with the existing Internet.
FAQ:
Q: Can't this be broken by man-in-the-middle attacks?
Yes. However, note that this would require interception of traffic which is much more costly than sniffers in parallel and legally more troublesome for the attacker. Additionally, userland crypto protocols could be extended to include the shared secret in their certified handshakes, thus giving them MITM-proof security which includes the TCP layer.
Q: Doesn't this break NATs?
NATs rewrite the IP addresses and port numbers in the packets, which we don't include in our MAC protection, so everything should work. If the NAT happens to rebuild the whole packet, the OTCP offer in the SYN packet will be removed. In this case we loose OTCP but, most importantly, we don't break any users.
NATs which monitor the application level and try to rewrite IP address in there will be broken by this. However, the number of protocols which do this is small and clients may be configured by default not to offer OTCP when the destination port number matches one of these protocols (IRC and FTP spring to mind). This is a hack, but the downside to users of OTCP must be as small as possible.
Q: So can't I break this by filtering the offer from the SYN packet?
Yes. Application level protocols could be extended to sense this downgrade attack and stop working, but mostly see the points above: it's much more expensive to do this since it needs to be done in the router and it's legally more troublesome for the attackers.
Q: Won't this take too much time?
It's additional CPU load, certainly. The Crypto++ and OpenSSL benchmarks suggest that a full core should be able to handle this at 1 Gbps. Most servers don't see anything like that traffic. Maybe more concerning is the DDoS possibility of using ObsTCP to add additional load via a SYN flood. Since we're using curve25519, no computation is needed to answer a SYN. The shared key computation only occurs when the handshake completes and an optimised curve25519 can do that in about 250us (2.33GHz Core2)
Q: What about my high-performance network?
Obviously this makes no sense for "inside the datacenter" and other, high-performance networking environments. ObsTCP is disabled by default for destinations in the private IP address ranges and root can disable is for any CIDR range.
Q: But then I'm wasting CPU time and packet space whenever I'm running SSH or HTTPS
Right. Userland can turn off OTCP using a sockopt if it wishes, or it could just not enable itself for the default destination ports which these protocols use. (Again, that would be an ugly intrusion of default port numbers into the kernel, but this idea wasn't that beautiful to begin with.)
The success of this all depends on whether the major distros will accept this as part of their core set of default packages. As long as everyone has to install it manually, it will always be an ineffective toy, but if a lot of servers start supporting it (which would only happen if it's a default), then there is incentive for the clients to use it, and in turn more incentive for servers to do it.
Not totally following your point. Looking "like it was written in C" is.. a bad thing?
My turnips listen for the soft cry of your love
Isn't this called Tor? http://www.torproject.org/
You're complaining about shortcomings in implementation. That's a general problem with crypto... crypto geeks don't care about iser interfaces. RSA goes back to 1977, and we still don't have good PGP/GPG support in most email clients. The solution is not to invent a new protocol, it's to invent a new user interface that's compellingly easy. SSL is a pain in the neck... except when you're using it in a web browser it's almost invisible, and SSH bootstraps from it to make something that's much easier to set up than SSL telnet.
Yes, Crypto Barbie, if TPB doesn't at least make it possible to use IPSEC as the encryption layer (whether they have a workaround for ISPs that block IPSEC or not) they're not part of the solution.
public key: pRon
private key: RIAA
I hope those "happy and fun loving" THIEVES (not Swedes) like jail.
To install software they made...so they could hide illegal copyright violation softwares they stole?
What makes anyone think this isn't just a new means to distribute a trojan to create a botnet with encrypted storage on YOUR pc?
Oh sure...the article doesn't mention that...and they are law abiding kiddies that wouldn't do that ..right....
This already exists; furthermore, it's been around for years. It's called Freenet: http://en.wikipedia.org/wiki/Freenet
Here in Buenos Aires, Argentina I use a local version:
http://www.buenosaireslibre.org/
Not to forget some people would probably argue that your general privacy and freedom to talk to others with no one listening is more important than file sharing.
Some other people would probably not since those are the people which hopes to catch some bad guys using techniques such as this one and don't care about the breach of their own privacy since they have nothing to hide them self and trust everyone to be good.
There's a project called Anonet that has developed a similar wrapper infrastructure.
Anonet is a "virtual Internet" that utilizes OpenVPN and Quagga to provide a layer of anonymity and deniability on top of the Internet. It uses a chaotic yet cooperative routing scheme which allows any one to use any IP address while still maintaining their existing Internet connection.
It has everything on it that the Internet does: torrent trackers, web servers, FTP servers, DNS infrastructure, PGP keyservers, IM, IRC, streaming audio, game severs, etc. All Internet-aware applications should work fine as Anonet is simply an addition to your operating system's routing table.
This will have approximately zero benefits. As many users have already pointed out, such a system is still vulnerable to interception, and if you think the NSA will have trouble cracking commercial encryption, you're just wrong. But more to the point, whether or not traffic is encrypted really doesn't matter. ISPs are perfectly capable of filtering and suppressing traffic without any idea of the content of the packets in question simply by analyzing the pattern of traffic. For example, a BitTorrent connection can be pretty easily recognized by looking for activity on certain ports. But even if you switch ports, the large number of incoming/outgoing connections is a dead giveaway. You don't need to know exactly what's in the TCP packet to know that the IP traffic looks like a BitTorrent (or VoIP, or streaming video, or what have you) connection. And you can't encrypt IP headers or your ISP won't be able to route the traffic at all. There really isn't a technical solution for this as far as I can tell. It's whack-a-mole at best. The real solution is regulation, but exactly what kind of regulation is still very much up in the air.
I not only knew what you were tallking about but passed over it and started reading the next comment without a stutter. A few seconds passed. Then I cringed and wondered "What have I become?"
Thanks a lot for shaking me to the core. Nice way to start the day. :-(
If we don't start encrypting our activities on the Net, be prepared for increased government intervention in everything we do. Here in Latvia, if you are caught with one illegal song, your entire computer is confiscated. Encryption makes sense.
This projects has been worked on for years now. I never read their papers, so I can't comment on the technical side, but they surely designed it for decentralization and anonymity:
http://gnunet.org/
Please don't blindly use TOR for P2P. You'll bring TOR to its knees. TOR is supported by volunteers and isn't designed for the massive load P2P would put on it. Plus, TOR only provides anonymity at the destination, and it only hides your IP. TOR does not provide encryption. Snooping at your ISP would still show all packets in the clear.
TANSTAAFL GIGO Acronyms to live by!
Of course, I could just go to that site's web site and see what they advertise, assuming that most people are going there for that purpose. If I'm sniffing the user's connection at their ISP, I could also see if they're connecting to 10-20 other user sites simultaneously, which would look a lot like bittorrent.
But that workaround doesn't account for :
- Hosting service that host several web sites on a single server, thus all sharing the same IP but answering to different DNS names in the HTTP request. It happens a lot, almost any of the cheap hosting service works that way.
=> You'll get multiple connections anyway, and there's no single website to check for advertised content.
- Although there *are* bittorrent trackers written in PHP, there are a lot of people using a simple web server for the website and indexing only and running the tracker on a separate machine.
In that case there won't be anything to check on the same IP address, the website has a different address compared to the tracker.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
It's called infridgemnet not stealding you mororn.
That's why they should base it on OpenPGP. Allow (no: encourage) people to share fingerprints out-of-band. Encourage people to cert identities where that out-of-band communication has happened, then WoT from there.
TPB's weirdo agenda (piracy) is just a tiny part of the world's overall need for secure communications. If they build on the existing OpenPGP WoT, then they gain from everyone else's efforts along these lines, as well as contribute to that effort.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
You are still dependent on BIGCO's wire for your internet access. If the ISP wants to spy on you and they can't read the packets, they will simply drop them. What are you going to do about that? Switching ISPs is not an option when they all engage in the same behavior. So, c'mon, cough it up. What's your solution now?
What?
Why encrypt pirate traffic?
AFAIK, they "get you" by joining the network as a peer and then writing down all the IPs that send them pieces of the torrent.
I don't think they do it by monitoring network traffic--that would be a pain in the butt.
It's not hard to gain access to many of these networks, and their real goal is just to slow piracy (stopping it is a little far out). All they really need to do to slow it is start suing users and the rest will run scared, like they did with Kazaa et al. Real pirates will go underground, for sure, but they wont have as much of an impact on sales as say, Napster.
Latewire
Interception has been a looming threat all along. Most people just didn't take it seriously, so we didn't do anything about it. Now we have a credible bogeyman, and the job is finally going to get done.
For once: thank you, government. You gave us the motivating fear, without which, we only had rational thought (which wasn't enough).
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
What about freenet?
I can stand brute force, but brute reason is quite unbearable. There is something unfair about its use. It is hitting be
It's not moran it's "insidious claude"
I see two routes :
- add SSL support to all applications.
- develop a "dynamic" version of IPsec
As I understand it, IPsec means your computer will use unencrypted connections except when accessing an IP address in some range covered by IPsec. So one wishs to configure IPsec dynamically, but this isn't so easy since the connections must be established quickly, both to encrypted & unencrypted machines.
So my suggestion forget about a complete solution. Instead focus on increasing the quantity of encrypted traffic.
- convince companies handling private information, like facebook, to support both SSL and IPSec, thus increasing the SSL traffic on the internet.
- Move all p2p apps to SSL.
- Add dynamic updating of IPsec ranges from some open registry.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
John Gilmore already pushed for this to happen. Didn't get enough traction. However, maybe he didn't have a good enough threat model? Maybe now there is one? Here's John's URL:
http://www.toad.com/swan.html
Don't piss off The Angry Economist
This is yet another problem solved with IPv6, for which IPsec support is mandatory. RFC 4025 provides a method for opportunistic encryption between hosts using keys stored in DNS (type "IPSECKEY").
The implementation is simple:- when initiating a connection, look up the IPsec key of the destination using the IPSECKEY record of the destination address in the reverse dns zone (ip6.arpa).
I think Sweden's law is actually a good thing. The more governments and/or companies that are snooping on internet traffic, the more encouragement it provides for people to use encryption.
The IPsec RFCs were the most overly-complicated, vaguely/badly written standards docs ever, resulting in IPsec implementations that were all bloaty, incompatible pieces of sh*t on every OS that tried to do it. (I worked on an IPsec implementation, so I know firsthand).
Horrible protocols, designed by committee, extended by big early adopters in ways that totally made any latercomer's implementation a living nightmare (looking at *you*, Cisco and MS).
Hell, the standards didn't even specify adequately how connections should be renewed, so everyone just does it differently. You might be able to connect to an alien IPsec endpoint, but good freaking luck trying to get the connection to renew properly when both ends don't make the same assumptions. Don't even bother asking about using certificates between different vendors' stacks, the lab that does interoperability testing just laughs at the whole situation.
SSH tunnelling (or even openVPN) ends up being so much easier it's just not worth even looking at IPsec.
It was so bad they started working on IKEv2 before anyone even had significant success with IKEv1. Bleah.
I get how this is useful for traffic between two private parties. But if one party is supposed to be publically available, e.g. a site that hosts torrent pointers, then how exactly does encryption AFTER that help? You pull on the string that's showing, the whole sweater unravels.
Towards the Singularity.
There should, no, there MUST be an option to prevent it from falling back on an unencrypted connection. Failure to implement this means you may as well not have encryption at all, since you never know if it's encrypted or not. The EFF needs your donations so it can go all over the world and fight to repeal laws allowing government idiots to snoop on communications, and to create laws that make it illegal to snoop or to create laws that allow such snooping. Governments all over the world are out of control.
McCain/Palin '08. Now THAT's hope and change!
From what I've seen the only need to know you've been sending torrent pieces to other clients and this is visible on your IP address. The encryption would do nothing as officials (or MAFIAA for that matter) could simply start the torrent and see what IP addresses seed the torrent to them. Passworded files are already bad enough in terms of longevity and security, the passwords will become lost as sites disappear from free hosting sites for basic policy violation or other reasons, and the password is listed in plain text, which is indexed by say, Google. I have found the password to stuff I downloaded from isohunt with google (isohunt usually lacks documentation to their files for some reason and if I don't remember the exact one or the website link is broken there's not many other ways to find it), I don't see how encryption will make any difference. Remember that ISPs and the government (well, except in Sweden) are not the persons filing the lawsuits (and ISPs fact are more than likely to receive them merely for having it on their network).
Some encyrption would be nice. I'm really tired of the throttling of content even if it's legal. I recently discovered when downloading some legal torrents (New NIN album - distributed free online by NIN)that it appears Time Warner Cable is throttling Torrent traffic. Any time I attempted to DL the album my HTTP: traffic slowed to an absolute craw (5KPS or slower). Rebooted the cable modem, back up to "Turbo" speed while surfing. Start up torrent client. Instant crawl. Rebooted cable modem. Speed back to normal, until torrent traffic was recognized. What a PITA!
~I Remain~ ~Captain Red~
The internet should remain free. Free of government intervention. Personal responsibility should abound and caution, restraint and liberty should be the corner stones.
This is the idea, the dream and the right of all people, whether in reality or cyberspace.
I propose they call it the Secure Socket Layer.
wait...didn't hacktivismo already embark on such a thing....six-four....which basically got absorbed by tor(onion routers)? What's wrong with onion routers, other than the fact that they're slow to resolve connections?
TOR does not provide encryption. Snooping at your ISP would still show all packets in the clear.
TOR does provide encryption. The only way to see the unencrypted traffic would be to sniff the traffic as it leaves the tor exit node. Sniffing your tor traffic at the ISP wouldn't show anything but an encrypted data stream. Look it up:
http://www.torproject.org/overview.html.en
The number of posts that were modded up after stating that TOR doesn't provide encryption is absolutely mind boggling. Does anyone here even care how TOR works, or is just sounding like an authority good enough to get you a +5 Insightful no matter how off base your statements are? Christ. I'm disappointed in you slashdot mods.
Just set up https: and be done with it. If more websites did this, you'd have the same effect, and most people only visit 8-9 sites throughout the course of a normal day anyway.
In my opinion, one of the big coups waiting to happen on the internet is the co-opting of P2P clients into the TOR network. The big Bittorrent clients already offer a TOR client mode option. But what would happen if they started offering a TOR client/server option instead. We could see a vast increase in the size, and hopefully speed of the TOR network overnight. That is if any of the big Bittorrent clients were willing to pull it off.
May the Maths Be with you!
I use Tor occasionally for political rhetoric because I don't want to be seen as a dissident and end up on some government watchlist. There are also anonymous proxy servers which are often backdoored and darknets such as Freenet that seem to be fairly secure but slower than molasses.
I wouldn't mind seeing another player on the scene with some fresh ideas and maybe even mainstream support.
I've been using the internet for 2 decades and I've watched it morph from the geek sector to explosive innovation (my favorite period) to the current commercial state. Big business largely controls the content now.
Although I'm certainly glad I can bank and do business on the internet, I think something like this could help us bring the power back. I for one don't trust the government or their corporate bedfellows.
^^vv<><>BA
It's important with these kind of topics to discuss the difference between illegal and immoral. Part of the whole PROBLEM is that so much that is NOT immoral is illegal. I think that ALL information should be free (and I'm a musician!), and that includes all media, software, and the like. There are historically many great minds that also feel this way and frankly diminish me both in their eloquence and lucidity on the subject. My personal favorite is probably Benjamin Franklin:
"As we enjoy great advantages from the inventions of others, we should be glad of an opportunity to serve others by any invention of ours; and this we should do freely and generously."
I would argue that all media, software, or anything else that can be transferred as 1s and 0s would qualify as an "invention" in modern terms.
And for that reason, I use TOR, and just about any other tool possible to protect myself legally, as I feel very confident on moral grounds. Furthermore, I strongly advocate civil disobedience in a society where our "free" market has been completely overrun by corporate monopolies and the government is now owned outright by those same monopolies.
What needs to happen now is that TOR and other technologies like the discussed Pirate Bay one night to be improved, used more widely, and made more robust. Frankly, I'd prefer a global ad hoc wifi network running fully encrypted and fully p2p for all data.
Putting the genie back in the bottle of content control and pay for play is never going to happen anyway, no matter where you stand morally or legally on the issue. So really this whole discussion is moot. However, we should clearly outline the moral issues (and listen to greater minds like Franklin) for other reasons moving forward in the future.
I hold very few opinions. I hold information based on observation and fact. If you wish to disagree, please use facts.
I want it! Not just for THAT kind of activity but all possible activity. Why signal the Man that your are doing crime but only encrypting when you are doing crime? Let a million law abiders help protect all of our privacy.
I stand corrected. I just read the overview link posted by AC. So, the encryption is there.
The whole process is too expensive for full network encryption though. And my original point is that TOR shouldn't be overloaded with P2P. It is abusive of the network and could potentially cause legal issues for TOR which might interfere with their ability to offer their legitimate services.
TANSTAAFL GIGO Acronyms to live by!
TOR does encrypt the data in transit, except the last hop from the router network to the destination.
TANSTAAFL GIGO Acronyms to live by!
You are all failing to see the value of this. It prevents the NSA from spying on the people. It's the people who are the innocent ones. The global elite want to implement a global police state. This encryption prevents the Orwellian police from spying on the people and crushing dissent.