Slashdot Mirror
The Pirate Bay's Plans To Encrypt the 'Net
Keeper Of Keys writes "According to newteevee.com, The Pirate Bay, those fun- and freedom-loving Swedes, have embarked on a project to encrypt all internet traffic, probably by means of an OS-level wrapper around all network connections, which would fall back to an unencrypted connection when the other end is not similarly equipped. The move has been prompted by a recent change in Swedish law, allowing the authorities to snoop on network traffic. This will be a boon to filesharers and anyone else concerned about authorities and trade groups' recent moves towards 'policing' network traffic at the ISP level."
Should already be encrypted. If they weren't, they were being pretty careless.
Sounds like a poor man's implementation of IPsec to me...
oh wait, without the standardisation of course.
I can't see a downside from a user perspective, and the only Govt/ISP/etc justifications not to do this are an invasion of privacy (packet headers could be used for QoS, etc). It's like, I dunno, posting all your mail in an sealed envelope instead of on a postcard - you can still put an economy or airmail sticker on it, it just means the postman can't (easily) read your message anymore.
Forget thrust, drag, lift and weight. Airplanes fly because of money.
More people running TOR servers...
Why go fast when you can go anywhere? O|||||||O
reply:
"pirate bay has become a haven for child pronographers. shut it down"
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Without preshared keys, this is vulnerable to a man in the middle attack. Your ISP or the government's spies or whoever simply intercept your communications with the other peer at the time of hand shaking and key exchange, and hands their own encryption information to both parties. Decrypt each message, and encrypt it for the other party before sending it down the line.
This protects against casual snooping, but it completely fails to account for the level of involvement that domestic spying already suffers from.
Slay a dragon... over lunch!
Not really, from their site
The goal of transparency to the transport layer means that the user will not have to configure anything, just install the encryption software and go. It also makes sure that encrypted traffic will travel over IP carriers without trouble (except in the case of mandatory transparent proxying). Current IP-transport encryption using tunneling or IPSec do not have the same property. Many low-cost ISPs filter IP protocols and TCP/UDP ports to block encypted traffic and there is always a cost to the user in configuring key-exchange, NAT-traversal and such. Anonymity can be provided by existing IP-anonymizing networks such as tor and i2p since the encryption is transport-independent.
So they are planning to roll out zeroconf IPSec that doesn't NEED to have specific support for NAT traversal. Now, "NAT Traversal" technically just means UDP encapsulation (which in turn results in all fancy MTU problems).
It seems that they are only interested in encrypting the TCP/UDP payload, with key negotiation happening at the start of the session (SYN/ACK packets for TCP, and as a completely separate negotiation with UDP).
If they can go with this, I sure hope they write an informative RFC..
If several million people all started encrypting all of their traffic, there's gonna be a whole lot more CPU usage and therefore more power consumption going on. ThePirateBay, think of the penguins!
(Come to think of it, the consumption increase might be offset by firefox 3 raping CPUs less than firefox 2 used too :)
Today's weirdness is tomorrow's reason why. -- Hunter S. Thompson
Va Fbivrg Ehffvn, lbh rapelcg gur Cvengr Onl
For over 2 years I have been encrypting my internet connection using a roll-my-own solution. I trust my ISP implicitly - they are one of the few good guys left in the ISP arena. I don't trust my government.
;)
The sad thing is I don't even have anything to hide. But I detest the idea that someone, somewhere, might be monitoring what I'm doing. I use an anonymous email service with PGP encryption, I do all my browsing over a VPN connection to a (cheap) VPS server in another country. For added protection I can then tunnel using SSH to another server in another country which then uses tor to make my final connection.
Security is cheap (the whole setup probably sets me back around $50/mo including my 8mbit dsl line), but it just requires the time, persistence and knowledge to set it up in the first place. If an end-to-end solution can be built-in to the OS AND we can be certain as can be there are no back doors, then this can only be a good thing.
For those who in the meantime who want to protect themselves but are not too sure where to begin, get yourself a cheap VPS (hundreds of providers out there), set up OpenVPN and off you go. You can even use SSH to tunnel a SOCKS connection for an easier option. I would suggest OpenVPN as a starting point though, as it makes it easier to expand later, e.g. tunneling an SSH connection to another server through the VPN, which can then connect to tor running on localhost on the second machine. Should your connection be intercepted at the ISP level (the most likely?) then they'll have a double-encrypted tunnel to deal with, and then probably an ssl-encrypted https stream inside that as well if you're careful about where you surf.
Anonymous Coward for obvious reasons
Won't work like that, I'm affraid.
When Finland started "Filtering the internet to protect the children" and among other sites filtered a website that criticized quality of the work that police was doing with the internet censoring it got difficult for me to get to that site by using TOR. Why? Because with so many tor servers in Finland it often took several extra reloads to get a server outside the borders of the censorship.
The last thing I want to do now is add more anonymous and uncontrolled hops, which could be to servers in countries that watch the traffic too closely or even ran by such governments. Every hop is an extra chance to MitM attack. Unless I first aquire the Public Key directly in which case anyone monitoring already knows what site I'll access to and makes TOR needless.
Or is there something I have missed?
Fine print: I work in internet advertising.
You cannot trust the exit node in tor, it's still plain text most of the time and you're vulnerable to MITM attacks. If you look at your traffic on tor you'll find lots of sneaky shit going on like ad replacement, swapped out cookies, and there's certainly more curious people out their watching the node traffic out of curiosity with wireshark/driftnet/snort than just me. Mind you I behave and I'm simply curious, where as most of the nodes out there will attempt to profit in some way from your ignorance that gets perpetuated repeatedly throughout the internet.
Not to be a dick, just sayin'.
www.isoHunt.com
How many users do you know that (a) even knows what dns is (b) controls the dns name for their ip (c) is able to configure said dns to include their public key?
OE works fine for geeks, but is too heavy if the goal is to get average home users encrypted.
If J.K.R wrote Windows: Puteulanus fenestra mortalis!
Isn't that the point? If all your traffic is encrypted, how is the ISP supposed to tell what is what?
People replying to my sig annoy me. That's why I change it all the time.
You're complaining about shortcomings in implementation. That's a general problem with crypto... crypto geeks don't care about iser interfaces. RSA goes back to 1977, and we still don't have good PGP/GPG support in most email clients. The solution is not to invent a new protocol, it's to invent a new user interface that's compellingly easy. SSL is a pain in the neck... except when you're using it in a web browser it's almost invisible, and SSH bootstraps from it to make something that's much easier to set up than SSL telnet.
Yes, Crypto Barbie, if TPB doesn't at least make it possible to use IPSEC as the encryption layer (whether they have a workaround for ISPs that block IPSEC or not) they're not part of the solution.
Not to forget some people would probably argue that your general privacy and freedom to talk to others with no one listening is more important than file sharing.
Some other people would probably not since those are the people which hopes to catch some bad guys using techniques such as this one and don't care about the breach of their own privacy since they have nothing to hide them self and trust everyone to be good.
There's a project called Anonet that has developed a similar wrapper infrastructure.
Anonet is a "virtual Internet" that utilizes OpenVPN and Quagga to provide a layer of anonymity and deniability on top of the Internet. It uses a chaotic yet cooperative routing scheme which allows any one to use any IP address while still maintaining their existing Internet connection.
It has everything on it that the Internet does: torrent trackers, web servers, FTP servers, DNS infrastructure, PGP keyservers, IM, IRC, streaming audio, game severs, etc. All Internet-aware applications should work fine as Anonet is simply an addition to your operating system's routing table.
If we don't start encrypting our activities on the Net, be prepared for increased government intervention in everything we do. Here in Latvia, if you are caught with one illegal song, your entire computer is confiscated. Encryption makes sense.
Please don't blindly use TOR for P2P. You'll bring TOR to its knees. TOR is supported by volunteers and isn't designed for the massive load P2P would put on it. Plus, TOR only provides anonymity at the destination, and it only hides your IP. TOR does not provide encryption. Snooping at your ISP would still show all packets in the clear.
TANSTAAFL GIGO Acronyms to live by!
Why encrypt pirate traffic?
AFAIK, they "get you" by joining the network as a peer and then writing down all the IPs that send them pieces of the torrent.
I don't think they do it by monitoring network traffic--that would be a pain in the butt.
It's not hard to gain access to many of these networks, and their real goal is just to slow piracy (stopping it is a little far out). All they really need to do to slow it is start suing users and the rest will run scared, like they did with Kazaa et al. Real pirates will go underground, for sure, but they wont have as much of an impact on sales as say, Napster.
Latewire
This is yet another problem solved with IPv6, for which IPsec support is mandatory. RFC 4025 provides a method for opportunistic encryption between hosts using keys stored in DNS (type "IPSECKEY").
The implementation is simple:- when initiating a connection, look up the IPsec key of the destination using the IPSECKEY record of the destination address in the reverse dns zone (ip6.arpa).
I think Sweden's law is actually a good thing. The more governments and/or companies that are snooping on internet traffic, the more encouragement it provides for people to use encryption.