Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Pirate Bay's Plans To Encrypt the 'Net

Posted by timothy on from the pretty-ned8bdrnki(bdr## dept.

Keeper Of Keys writes "According to newteevee.com, The Pirate Bay, those fun- and freedom-loving Swedes, have embarked on a project to encrypt all internet traffic, probably by means of an OS-level wrapper around all network connections, which would fall back to an unencrypted connection when the other end is not similarly equipped. The move has been prompted by a recent change in Swedish law, allowing the authorities to snoop on network traffic. This will be a boon to filesharers and anyone else concerned about authorities and trade groups' recent moves towards 'policing' network traffic at the ISP level."

29 of 297 comments (clear)

  1. But all decent pirating services... by joleran · · Score: 5, Insightful

    Should already be encrypted. If they weren't, they were being pretty careless.

    1. Re:But all decent pirating services... by Lally+Singh · · Score: 5, Insightful

      Yeah, but then you can tell pretty closely what they are. Port number & encrypted protocol are pretty indicative.

      Instead, encrypting the majority of traffic would make the sniffing capability moot.

      But frankly, I'd rather see them use Tor, maybe with some optimizations for latency-critical operations.

      --
      Care about electronic freedom? Consider donating to the EFF!
    2. Re:But all decent pirating services... by Dracker · · Score: 3, Insightful

      But the Pirate Bay folks are .. well .. pirates, and Tor frowns upon using high amounts of p2p bandwidth over Tor. If The Pirate Bay is going to endorse a technology, it needs to help them pirate. Freenet or I2P look like better codebases. It all comes down to how secure and convenient they want their protocol to be.

    3. Re:But all decent pirating services... by Hatta · · Score: 5, Insightful

      Tor and encryption serve orthogonal purposes. Encryption hides what you're sending, tor hides who you're sending it to.

      --
      Give me Classic Slashdot or give me death!
    4. Re:But all decent pirating services... by complete+loony · · Score: 3, Insightful

      ... until you join the swarm yourself, get a list of peers from the tracker, and connect to them directly to verify that they are uploading your copyrighted content. It works for the RIAA.

      --
      09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
  2. ISPs react by Ted+Freeman · · Score: 2, Insightful

    This will lead to governments putting pressure on ISPs to block all P2P traffic. Say goodbye to downloading Linux or other software P2P once P2P clients default to encryption.

    1. Re:ISPs react by Jedi+Alec · · Score: 5, Insightful

      Isn't that the point? If all your traffic is encrypted, how is the ISP supposed to tell what is what?

      --

      People replying to my sig annoy me. That's why I change it all the time.
  3. What... wait... IPsec, is that you? by cyb97 · · Score: 4, Insightful

    Sounds like a poor man's implementation of IPsec to me...

    oh wait, without the standardisation of course.

    1. Re:What... wait... IPsec, is that you? by Threni · · Score: 2, Insightful

      > and without all the config hassle...

      If you're expecting end users to do anything, then anything more complicated than `pick a password` and then later `enter the password` is not going to work. Even then, you'll have to deal with people forgetting passwords.

    2. Re:What... wait... IPsec, is that you? by Kent+Recal · · Score: 3, Insightful

      Parent is spot on.

      IPSEC *may* be very well engineered but few of us would want to touch it even with a 10ft pole. Especially those of us who *had* to work with it in the past.
      It should be possible to implement IPSEC without the warts. Hell, IPSEC could be zero-configuration out of the box (linklevel encryption only) with only minimal configuration for peer certificates.

      Good Crypto doesn't have to be painful, see OpenSSH, OpenVPN (commonly chosen instead of IPSEC), GnuPG.

      I just don't see what this has to do with P2P at all? Solution looking for a problem?
      When the ISPs can't sniff our traffic anymore they'll just connect to the trackers and look at the offerings.

      But then I again I never understood the legal fuzz about P2P in first place.
      To me the key is plausible deniability. Store your shared content on an encrypted drive and that's it.

    3. Re:What... wait... IPsec, is that you? by IgnoramusMaximus · · Score: 3, Insightful

      I concur.

      Having to set up some corporate VPNs in the past, I cannot even fathom why anyone in their right mind would choose IPsec over, say, OpenVPN, other then being forced into it by some idiot vendor or a moron manager. The difference in complexity, amount of work on the part of the network designer and sysadmins is just astronomically different between the two solutions.

      From first-hand experience I can only confirm that IPsec is for masochists. Anyone I know who ever tried to deploy the thing does only so once.

      Also note that more convoluted and difficult to control a security solution is, more chances of security vulnerabilities, both from the perspective of possible errors in design and implementation of such complex schemes, but also (more likely in practice) from the perspective of faulty deployment by people who do not have time to parse word by word 300 page deployment manuals bristling with obscure acronyms and arcane cryptography concepts.

  4. Pirating or not by BiggerIsBetter · · Score: 4, Insightful

    I can't see a downside from a user perspective, and the only Govt/ISP/etc justifications not to do this are an invasion of privacy (packet headers could be used for QoS, etc). It's like, I dunno, posting all your mail in an sealed envelope instead of on a postcard - you can still put an economy or airmail sticker on it, it just means the postman can't (easily) read your message anymore.

    --
    Forget thrust, drag, lift and weight. Airplanes fly because of money.
    1. Re:Pirating or not by Koiu+Lpoi · · Score: 3, Insightful

      It's funny you say that. It's almost like what happens on 4chan's /b/ "random" board are closer to human nature, because people are not held back by personal inhibitions.

  5. Re:SSL over Tor with Pivroxy by JPribe · · Score: 5, Insightful

    More people running TOR servers...

    --

    Why go fast when you can go anywhere? O|||||||O
  6. you think you can defeat govt that easy? by circletimessquare · · Score: 4, Insightful

    reply:

    "pirate bay has become a haven for child pronographers. shut it down"

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  7. Watt?! by LSD-OBS · · Score: 3, Insightful

    If several million people all started encrypting all of their traffic, there's gonna be a whole lot more CPU usage and therefore more power consumption going on. ThePirateBay, think of the penguins!

    (Come to think of it, the consumption increase might be offset by firefox 3 raping CPUs less than firefox 2 used too :)

    --
    Today's weirdness is tomorrow's reason why. -- Hunter S. Thompson
  8. Re:Man in the Middle by aaaaaaargh! · · Score: 3, Insightful

    I'm not sure, but as it stands there seems to be an even simpler attack. Mallory, the man in the middle, just makes sure that when Alice establishes the initial, unencrypted connection to Bob, Bob's reply is forged to indicate that he doesn't support encryption. As a result, all traffic will be unencrypted.

  9. Re:IPSEC? by LarsG · · Score: 4, Insightful

    How many users do you know that (a) even knows what dns is (b) controls the dns name for their ip (c) is able to configure said dns to include their public key?

    OE works fine for geeks, but is too heavy if the goal is to get average home users encrypted.

    --
    If J.K.R wrote Windows: Puteulanus fenestra mortalis!
  10. Clean up your act first, encrypt later. by Shados · · Score: 2, Insightful

    i know it shouldn't be that way but...the world isn't as it should be. If someone wants to start encrypting anything and everything, including legitimate usages without heavily sensitive information (which is fine and dandy and helps privacy, so its all good and fine), don't start associating it with people who DO have something to hide.

    TPB is doing a huge disservice now. The idiots up there will automatically be like "SEE SEE SEE ?!?!?! Encryption == Piracy, pirates download porn, porn == child porn, think of the children, ban free usage of encryption!!" And then we'll be -worse- off than we are now.

    Clean up your act first, THEN advocate encryption, and all will be well.

  11. Re:Man in the Middle by LarsG · · Score: 5, Insightful

    The purpose of this thing is to enable regular home users to avoid the dragnet filtering that the swedes are implementing. Forging replies for every tcp/udp connection crossing the swedish border would make that filtering a lot more expensive.

    --
    If J.K.R wrote Windows: Puteulanus fenestra mortalis!
  12. Crypto Barbie: "IPSEC IS HARD" by argent · · Score: 5, Insightful

    You're complaining about shortcomings in implementation. That's a general problem with crypto... crypto geeks don't care about iser interfaces. RSA goes back to 1977, and we still don't have good PGP/GPG support in most email clients. The solution is not to invent a new protocol, it's to invent a new user interface that's compellingly easy. SSL is a pain in the neck... except when you're using it in a web browser it's almost invisible, and SSH bootstraps from it to make something that's much easier to set up than SSL telnet.

    Yes, Crypto Barbie, if TPB doesn't at least make it possible to use IPSEC as the encryption layer (whether they have a workaround for ISPs that block IPSEC or not) they're not part of the solution.

  13. answer two by aliquis · · Score: 3, Insightful

    Not to forget some people would probably argue that your general privacy and freedom to talk to others with no one listening is more important than file sharing.

    Some other people would probably not since those are the people which hopes to catch some bad guys using techniques such as this one and don't care about the breach of their own privacy since they have nothing to hide them self and trust everyone to be good.

  14. Its needed by Mick+Malkemus · · Score: 4, Insightful

    If we don't start encrypting our activities on the Net, be prepared for increased government intervention in everything we do. Here in Latvia, if you are caught with one illegal song, your entire computer is confiscated. Encryption makes sense.

  15. TOR != encryption by xalorous · · Score: 5, Insightful

    Please don't blindly use TOR for P2P. You'll bring TOR to its knees. TOR is supported by volunteers and isn't designed for the massive load P2P would put on it. Plus, TOR only provides anonymity at the destination, and it only hides your IP. TOR does not provide encryption. Snooping at your ISP would still show all packets in the clear.

    --
    TANSTAAFL GIGO Acronyms to live by!
    1. Re:TOR != encryption by Phroon · · Score: 2, Insightful

      Tor is an anonymizing network, it's not end-to-end encryption.

      With the use of Hidden services, it is. If you connect to a Hidden service on Tor, the last hop in the Tor network is to the server your connecting to and it is end-to-end encrypted.

      Tracker data and .torrent transfer would be good uses for this channel, but not the raw data. I'm surprised TPB doesn't have it already set up.

  16. Server sharing or multiple servers by DrYak · · Score: 2, Insightful

    Of course, I could just go to that site's web site and see what they advertise, assuming that most people are going there for that purpose. If I'm sniffing the user's connection at their ISP, I could also see if they're connecting to 10-20 other user sites simultaneously, which would look a lot like bittorrent.

    But that workaround doesn't account for :

    - Hosting service that host several web sites on a single server, thus all sharing the same IP but answering to different DNS names in the HTTP request. It happens a lot, almost any of the cheap hosting service works that way.
    => You'll get multiple connections anyway, and there's no single website to check for advertised content.

    - Although there *are* bittorrent trackers written in PHP, there are a lot of people using a simple web server for the website and indexing only and running the tracker on a separate machine.
    In that case there won't be anything to check on the same IP address, the website has a different address compared to the tracker.

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  17. Re:Not just about pirating by Anonymous Coward · · Score: 1, Insightful

    Wouldn't the latency involved in your myriad of connections kill any sort of gaming or, dare I say it, legal BT traffic?

    You do understand that the Internet has usefulness beyond that of consumer entertainment, right? And can you understand that someone with the skills to set up what he described might also have more important things to do with his time than pop heads in Counterstrike?

    It's amazing. Everyone defends privacy as a "human right" in principle, but when they actually encounter someone who's willing to do more than talk about it, they treat him like a freak. This phenomenon isn't limited to discussions of privacy; anyone with interests beyond "what was on television last night" has been on the receiving end of the same insolent smirk from Johnny Average: "Well, sure, I guess X is important and all, but why would you waste your time doing that when you could be partying instead? Whatever, buddy!"

    Speaking of wasted time: bye bye, Slashdot.

  18. Plus, IPsec and IKE just *suck*, by design by Anonymous Coward · · Score: 2, Insightful

    The IPsec RFCs were the most overly-complicated, vaguely/badly written standards docs ever, resulting in IPsec implementations that were all bloaty, incompatible pieces of sh*t on every OS that tried to do it. (I worked on an IPsec implementation, so I know firsthand).

    Horrible protocols, designed by committee, extended by big early adopters in ways that totally made any latercomer's implementation a living nightmare (looking at *you*, Cisco and MS).

    Hell, the standards didn't even specify adequately how connections should be renewed, so everyone just does it differently. You might be able to connect to an alien IPsec endpoint, but good freaking luck trying to get the connection to renew properly when both ends don't make the same assumptions. Don't even bother asking about using certificates between different vendors' stacks, the lab that does interoperability testing just laughs at the whole situation.

    SSH tunnelling (or even openVPN) ends up being so much easier it's just not worth even looking at IPsec.

    It was so bad they started working on IKEv2 before anyone even had significant success with IKEv1. Bleah.

  19. Re:Speaking of unfinished projects by cliffski · · Score: 2, Insightful

    believe it or not, some people don't think that taking other peoples work for free is cool. When you grow up and get a job, you will understand.

    --
    DRM-free indie games for the PC and Mac: Positech Games