Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Pirate Bay's Plans To Encrypt the 'Net

Posted by timothy on from the pretty-ned8bdrnki(bdr## dept.

Keeper Of Keys writes "According to newteevee.com, The Pirate Bay, those fun- and freedom-loving Swedes, have embarked on a project to encrypt all internet traffic, probably by means of an OS-level wrapper around all network connections, which would fall back to an unencrypted connection when the other end is not similarly equipped. The move has been prompted by a recent change in Swedish law, allowing the authorities to snoop on network traffic. This will be a boon to filesharers and anyone else concerned about authorities and trade groups' recent moves towards 'policing' network traffic at the ISP level."

19 of 297 comments (clear)

  1. But all decent pirating services... by joleran · · Score: 5, Insightful

    Should already be encrypted. If they weren't, they were being pretty careless.

    1. Re:But all decent pirating services... by Lally+Singh · · Score: 5, Insightful

      Yeah, but then you can tell pretty closely what they are. Port number & encrypted protocol are pretty indicative.

      Instead, encrypting the majority of traffic would make the sniffing capability moot.

      But frankly, I'd rather see them use Tor, maybe with some optimizations for latency-critical operations.

      --
      Care about electronic freedom? Consider donating to the EFF!
    2. Re:But all decent pirating services... by Hatta · · Score: 5, Insightful

      Tor and encryption serve orthogonal purposes. Encryption hides what you're sending, tor hides who you're sending it to.

      --
      Give me Classic Slashdot or give me death!
    3. Re:But all decent pirating services... by xalorous · · Score: 5, Interesting

      TOR is not robust enough to handle P2P traffic. PLUS IT DOES NOT HIDE THE DATA YOU ARE TRANSFERRING. This plan by TPB is designed to encrypt the traffic. A separate TOR-like plan would be required to anonymize source/destination IP's. Or a third option that does both.

      TOR was designed to help people remain anonymous and communicate safely on the web. Misusing it for illegal purposes will cause TOR to become unavailable for its original purpose, which will be sad.

      --
      TANSTAAFL GIGO Acronyms to live by!
  2. Re:SSL over Tor with Pivroxy by JPribe · · Score: 5, Insightful

    More people running TOR servers...

    --

    Why go fast when you can go anywhere? O|||||||O
  3. Man in the Middle by nahdude812 · · Score: 5, Informative

    Without preshared keys, this is vulnerable to a man in the middle attack. Your ISP or the government's spies or whoever simply intercept your communications with the other peer at the time of hand shaking and key exchange, and hands their own encryption information to both parties. Decrypt each message, and encrypt it for the other party before sending it down the line.

    This protects against casual snooping, but it completely fails to account for the level of involvement that domestic spying already suffers from.

    --
    Slay a dragon... over lunch!
    1. Re:Man in the Middle by Fzz · · Score: 5, Informative
      Yes, anonymous public key exchange is vulnerable to a man-in-the-middle attack, unless you use something like the Interlock Protocol, which is probably a bit heavyweight to use for all connections.

      But what this does do is tilt the balance of power against the eavesdropper. It prevents passive eavesdropping attacks - for example it prevents anyone recording all traffic and then after-the-fact deciding what they want to decode.

      Anyone wanting to decode your traffic is forced to be an active adversary, and this makes them detectable, which means they won't do it all the time because there'd be a huge outcry. No more mining all the traffic that passes on internet backbone links - you could tell when the first ISP put an eavesdropping box into their network, and switch to another ISP, which would strongly discourage anyone from doing this in the first place.

      It's much more expensive to be an active man in the middle for all traffic - the best bet would be to downgrade traffic by pretending the other end didn't support the option. Even this isn't cheap. To leave the traffic encrypted and intercept it all would require a ridiculous number of public key accelerators cards.

      In the end, it doesn't stop anyone eavesdropping if they suspect one particular person, but it does make such interception detectable if you know what you're doing, and it does stop them eavesdropping all traffic in the hope of hearing something incriminating.

    2. Re:Man in the Middle by LarsG · · Score: 5, Insightful

      The purpose of this thing is to enable regular home users to avoid the dragnet filtering that the swedes are implementing. Forging replies for every tcp/udp connection crossing the swedish border would make that filtering a lot more expensive.

      --
      If J.K.R wrote Windows: Puteulanus fenestra mortalis!
    3. Re:Man in the Middle by miro+f · · Score: 5, Informative

      The main problem is in step 1.

      - Person 1 takes person 2's public key and encrypts their transfer encryption/decryption key with it

      the big problem with public key cryptography is that you get a public key from person 2, how do you know this public key is actually from person 2 and not from person 3 trying to listen to the conversation? If there's a person listening in the middle they can intercept the traffic on both ends and replace each other person's public key with their own. That way they can pretend to be person 1 to person 2, and pretend to be person 2 to person 1.

      It makes it more difficult, but it's still not impossible, to snoop on that traffic.

      It's the delivery of the public key from person 2 and person 1 that is the biggest problem with public key cryptography, and a problem which certificates and Certificate Authorities have mitigated (to an extent). But for the greater Internet, it's a more difficult proposition to give everyone certificates.

      --
      being vague is almost as cool as doing that other thing...
  4. IPSec + no MTU/NAT issues + zeroconf by Zarhan · · Score: 5, Informative

    Not really, from their site

    The goal of transparency to the transport layer means that the user will not have to configure anything, just install the encryption software and go. It also makes sure that encrypted traffic will travel over IP carriers without trouble (except in the case of mandatory transparent proxying). Current IP-transport encryption using tunneling or IPSec do not have the same property. Many low-cost ISPs filter IP protocols and TCP/UDP ports to block encypted traffic and there is always a cost to the user in configuring key-exchange, NAT-traversal and such. Anonymity can be provided by existing IP-anonymizing networks such as tor and i2p since the encryption is transport-independent.

    So they are planning to roll out zeroconf IPSec that doesn't NEED to have specific support for NAT traversal. Now, "NAT Traversal" technically just means UDP encapsulation (which in turn results in all fancy MTU problems).

    It seems that they are only interested in encrypting the TCP/UDP payload, with key negotiation happening at the start of the session (SYN/ACK packets for TCP, and as a completely separate negotiation with UDP).

    If they can go with this, I sure hope they write an informative RFC..

  5. Not just about pirating by Anonymous Coward · · Score: 5, Interesting

    For over 2 years I have been encrypting my internet connection using a roll-my-own solution. I trust my ISP implicitly - they are one of the few good guys left in the ISP arena. I don't trust my government.

    The sad thing is I don't even have anything to hide. But I detest the idea that someone, somewhere, might be monitoring what I'm doing. I use an anonymous email service with PGP encryption, I do all my browsing over a VPN connection to a (cheap) VPS server in another country. For added protection I can then tunnel using SSH to another server in another country which then uses tor to make my final connection.

    Security is cheap (the whole setup probably sets me back around $50/mo including my 8mbit dsl line), but it just requires the time, persistence and knowledge to set it up in the first place. If an end-to-end solution can be built-in to the OS AND we can be certain as can be there are no back doors, then this can only be a good thing.

    For those who in the meantime who want to protect themselves but are not too sure where to begin, get yourself a cheap VPS (hundreds of providers out there), set up OpenVPN and off you go. You can even use SSH to tunnel a SOCKS connection for an easier option. I would suggest OpenVPN as a starting point though, as it makes it easier to expand later, e.g. tunneling an SSH connection to another server through the VPN, which can then connect to tor running on localhost on the second machine. Should your connection be intercepted at the ISP level (the most likely?) then they'll have a double-encrypted tunnel to deal with, and then probably an ssl-encrypted https stream inside that as well if you're careful about where you surf.

    Anonymous Coward for obvious reasons ;)

    1. Re:Not just about pirating by Anonymous Coward · · Score: 5, Funny

      Hi Jeff. I've been archiving copies of that porn site you started with your girlfriend. Cool security setup you've got though. Glad its working out. Tor exit node campers ftw!

  6. Re:SSL over Tor with Pivroxy by WingedHorse · · Score: 5, Interesting

    Won't work like that, I'm affraid.

    When Finland started "Filtering the internet to protect the children" and among other sites filtered a website that criticized quality of the work that police was doing with the internet censoring it got difficult for me to get to that site by using TOR. Why? Because with so many tor servers in Finland it often took several extra reloads to get a server outside the borders of the censorship.

    The last thing I want to do now is add more anonymous and uncontrolled hops, which could be to servers in countries that watch the traffic too closely or even ran by such governments. Every hop is an extra chance to MitM attack. Unless I first aquire the Public Key directly in which case anyone monitoring already knows what site I'll access to and makes TOR needless.

    Or is there something I have missed?

    --
    Fine print: I work in internet advertising.
  7. Re:Pirating or not by Hal_Porter · · Score: 5, Interesting

    Makes you wonder what the internet would look like if you had real privacy actually. Hope you like /b/

    --
    echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
  8. Re:ISPs react by Jedi+Alec · · Score: 5, Insightful

    Isn't that the point? If all your traffic is encrypted, how is the ISP supposed to tell what is what?

    --

    People replying to my sig annoy me. That's why I change it all the time.
  9. Re:Watt?! by lilomar · · Score: 5, Funny

    Pirates prevent global warming. Heretic.

    --
    The creator of this post (Jacob Smith) hereby releases it, and all of his other posts, into the public domain.
  10. Crypto Barbie: "IPSEC IS HARD" by argent · · Score: 5, Insightful

    You're complaining about shortcomings in implementation. That's a general problem with crypto... crypto geeks don't care about iser interfaces. RSA goes back to 1977, and we still don't have good PGP/GPG support in most email clients. The solution is not to invent a new protocol, it's to invent a new user interface that's compellingly easy. SSL is a pain in the neck... except when you're using it in a web browser it's almost invisible, and SSH bootstraps from it to make something that's much easier to set up than SSL telnet.

    Yes, Crypto Barbie, if TPB doesn't at least make it possible to use IPSEC as the encryption layer (whether they have a workaround for ISPs that block IPSEC or not) they're not part of the solution.

  11. TOR != encryption by xalorous · · Score: 5, Insightful

    Please don't blindly use TOR for P2P. You'll bring TOR to its knees. TOR is supported by volunteers and isn't designed for the massive load P2P would put on it. Plus, TOR only provides anonymity at the destination, and it only hides your IP. TOR does not provide encryption. Snooping at your ISP would still show all packets in the clear.

    --
    TANSTAAFL GIGO Acronyms to live by!
    1. Re:TOR != encryption by chihowa · · Score: 5, Informative
      Tor provides anonymity at the source, too. Your first hop is encrypted from you to the Tor network. Your ISP only sees that you are using Tor, not to whom you are connecting. The last hop's ISP can see your traffic in the clear, though. If there's identifying (or secret) information it is vulnerable at the last hop.

      But you're right, Tor is an anonymizing network, it's not end-to-end encryption.

      --
      If you want a vision of the future, imagine a youtube comments section scrolling - forever.