Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Pirate Bay's Plans To Encrypt the 'Net

Posted by timothy on from the pretty-ned8bdrnki(bdr## dept.

Keeper Of Keys writes "According to newteevee.com, The Pirate Bay, those fun- and freedom-loving Swedes, have embarked on a project to encrypt all internet traffic, probably by means of an OS-level wrapper around all network connections, which would fall back to an unencrypted connection when the other end is not similarly equipped. The move has been prompted by a recent change in Swedish law, allowing the authorities to snoop on network traffic. This will be a boon to filesharers and anyone else concerned about authorities and trade groups' recent moves towards 'policing' network traffic at the ISP level."

21 of 297 comments (clear)

  1. But all decent pirating services... by joleran · · Score: 5, Insightful

    Should already be encrypted. If they weren't, they were being pretty careless.

    1. Re:But all decent pirating services... by Lally+Singh · · Score: 5, Insightful

      Yeah, but then you can tell pretty closely what they are. Port number & encrypted protocol are pretty indicative.

      Instead, encrypting the majority of traffic would make the sniffing capability moot.

      But frankly, I'd rather see them use Tor, maybe with some optimizations for latency-critical operations.

      --
      Care about electronic freedom? Consider donating to the EFF!
    2. Re:But all decent pirating services... by Dracker · · Score: 3, Insightful

      But the Pirate Bay folks are .. well .. pirates, and Tor frowns upon using high amounts of p2p bandwidth over Tor. If The Pirate Bay is going to endorse a technology, it needs to help them pirate. Freenet or I2P look like better codebases. It all comes down to how secure and convenient they want their protocol to be.

    3. Re:But all decent pirating services... by Hatta · · Score: 5, Insightful

      Tor and encryption serve orthogonal purposes. Encryption hides what you're sending, tor hides who you're sending it to.

      --
      Give me Classic Slashdot or give me death!
    4. Re:But all decent pirating services... by complete+loony · · Score: 3, Insightful

      ... until you join the swarm yourself, get a list of peers from the tracker, and connect to them directly to verify that they are uploading your copyrighted content. It works for the RIAA.

      --
      09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
  2. What... wait... IPsec, is that you? by cyb97 · · Score: 4, Insightful

    Sounds like a poor man's implementation of IPsec to me...

    oh wait, without the standardisation of course.

    1. Re:What... wait... IPsec, is that you? by Kent+Recal · · Score: 3, Insightful

      Parent is spot on.

      IPSEC *may* be very well engineered but few of us would want to touch it even with a 10ft pole. Especially those of us who *had* to work with it in the past.
      It should be possible to implement IPSEC without the warts. Hell, IPSEC could be zero-configuration out of the box (linklevel encryption only) with only minimal configuration for peer certificates.

      Good Crypto doesn't have to be painful, see OpenSSH, OpenVPN (commonly chosen instead of IPSEC), GnuPG.

      I just don't see what this has to do with P2P at all? Solution looking for a problem?
      When the ISPs can't sniff our traffic anymore they'll just connect to the trackers and look at the offerings.

      But then I again I never understood the legal fuzz about P2P in first place.
      To me the key is plausible deniability. Store your shared content on an encrypted drive and that's it.

    2. Re:What... wait... IPsec, is that you? by IgnoramusMaximus · · Score: 3, Insightful

      I concur.

      Having to set up some corporate VPNs in the past, I cannot even fathom why anyone in their right mind would choose IPsec over, say, OpenVPN, other then being forced into it by some idiot vendor or a moron manager. The difference in complexity, amount of work on the part of the network designer and sysadmins is just astronomically different between the two solutions.

      From first-hand experience I can only confirm that IPsec is for masochists. Anyone I know who ever tried to deploy the thing does only so once.

      Also note that more convoluted and difficult to control a security solution is, more chances of security vulnerabilities, both from the perspective of possible errors in design and implementation of such complex schemes, but also (more likely in practice) from the perspective of faulty deployment by people who do not have time to parse word by word 300 page deployment manuals bristling with obscure acronyms and arcane cryptography concepts.

  3. Pirating or not by BiggerIsBetter · · Score: 4, Insightful

    I can't see a downside from a user perspective, and the only Govt/ISP/etc justifications not to do this are an invasion of privacy (packet headers could be used for QoS, etc). It's like, I dunno, posting all your mail in an sealed envelope instead of on a postcard - you can still put an economy or airmail sticker on it, it just means the postman can't (easily) read your message anymore.

    --
    Forget thrust, drag, lift and weight. Airplanes fly because of money.
    1. Re:Pirating or not by Koiu+Lpoi · · Score: 3, Insightful

      It's funny you say that. It's almost like what happens on 4chan's /b/ "random" board are closer to human nature, because people are not held back by personal inhibitions.

  4. Re:SSL over Tor with Pivroxy by JPribe · · Score: 5, Insightful

    More people running TOR servers...

    --

    Why go fast when you can go anywhere? O|||||||O
  5. you think you can defeat govt that easy? by circletimessquare · · Score: 4, Insightful

    reply:

    "pirate bay has become a haven for child pronographers. shut it down"

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  6. Watt?! by LSD-OBS · · Score: 3, Insightful

    If several million people all started encrypting all of their traffic, there's gonna be a whole lot more CPU usage and therefore more power consumption going on. ThePirateBay, think of the penguins!

    (Come to think of it, the consumption increase might be offset by firefox 3 raping CPUs less than firefox 2 used too :)

    --
    Today's weirdness is tomorrow's reason why. -- Hunter S. Thompson
  7. Re:Man in the Middle by aaaaaaargh! · · Score: 3, Insightful

    I'm not sure, but as it stands there seems to be an even simpler attack. Mallory, the man in the middle, just makes sure that when Alice establishes the initial, unencrypted connection to Bob, Bob's reply is forged to indicate that he doesn't support encryption. As a result, all traffic will be unencrypted.

  8. Re:IPSEC? by LarsG · · Score: 4, Insightful

    How many users do you know that (a) even knows what dns is (b) controls the dns name for their ip (c) is able to configure said dns to include their public key?

    OE works fine for geeks, but is too heavy if the goal is to get average home users encrypted.

    --
    If J.K.R wrote Windows: Puteulanus fenestra mortalis!
  9. Re:ISPs react by Jedi+Alec · · Score: 5, Insightful

    Isn't that the point? If all your traffic is encrypted, how is the ISP supposed to tell what is what?

    --

    People replying to my sig annoy me. That's why I change it all the time.
  10. Re:Man in the Middle by LarsG · · Score: 5, Insightful

    The purpose of this thing is to enable regular home users to avoid the dragnet filtering that the swedes are implementing. Forging replies for every tcp/udp connection crossing the swedish border would make that filtering a lot more expensive.

    --
    If J.K.R wrote Windows: Puteulanus fenestra mortalis!
  11. Crypto Barbie: "IPSEC IS HARD" by argent · · Score: 5, Insightful

    You're complaining about shortcomings in implementation. That's a general problem with crypto... crypto geeks don't care about iser interfaces. RSA goes back to 1977, and we still don't have good PGP/GPG support in most email clients. The solution is not to invent a new protocol, it's to invent a new user interface that's compellingly easy. SSL is a pain in the neck... except when you're using it in a web browser it's almost invisible, and SSH bootstraps from it to make something that's much easier to set up than SSL telnet.

    Yes, Crypto Barbie, if TPB doesn't at least make it possible to use IPSEC as the encryption layer (whether they have a workaround for ISPs that block IPSEC or not) they're not part of the solution.

  12. answer two by aliquis · · Score: 3, Insightful

    Not to forget some people would probably argue that your general privacy and freedom to talk to others with no one listening is more important than file sharing.

    Some other people would probably not since those are the people which hopes to catch some bad guys using techniques such as this one and don't care about the breach of their own privacy since they have nothing to hide them self and trust everyone to be good.

  13. Its needed by Mick+Malkemus · · Score: 4, Insightful

    If we don't start encrypting our activities on the Net, be prepared for increased government intervention in everything we do. Here in Latvia, if you are caught with one illegal song, your entire computer is confiscated. Encryption makes sense.

  14. TOR != encryption by xalorous · · Score: 5, Insightful

    Please don't blindly use TOR for P2P. You'll bring TOR to its knees. TOR is supported by volunteers and isn't designed for the massive load P2P would put on it. Plus, TOR only provides anonymity at the destination, and it only hides your IP. TOR does not provide encryption. Snooping at your ISP would still show all packets in the clear.

    --
    TANSTAAFL GIGO Acronyms to live by!