Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Build a Browser-Based Darknet

Posted by kdawson on from the easy-come-easy-go dept.

ancientribe writes "At Black Hat USA next month, researchers will demonstrate a way to use modern browsers to more easily build darknets — underground private Internet communities where users can share content and ideas securely and anonymously. HP's Billy Hoffman and Matt Wood have created Veiled, a proof-of-concept darknet that only requires participants have an HTML 5-based browser to join. No special software or configuration is necessary, unlike with darknets such as Tor. Veiled is basically a 'zero footprint' network, in which groups can rapidly form and disappear without a trace. The researchers admit darknets are attractive to bad guys, too, but they say they think these more easily set-up and dismantled nets will be more popular for mainstream (and legit) users." In somewhat related news, reader cheesethegreat informs us that version 0.7.5 of FreeNet has hit the tubes.

11 of 163 comments (clear)

  1. Re:Bad Guys by plover · · Score: 4, Informative

    And don't forget that just because you think it's safe doesn't mean that it actually IS safe. Check out the BlueCoat proxy, which is a corporate web proxy/filter that also works on SSL connections (via man-in-the-middle attack.) All your company has to do is drop their own root certificate on your machine, and unless you're in the habit of checking the sites providing your signature, you may never spot it. (Fortunately Firefox displays the certificate's site name next to the padlock icon.) There's also nothing stopping a corporation from installing a key sniffer or remote observation software on their equipment, which includes your desktop.

    Just in case you were thinking that you were "safe" blowing whistles on a darknet at work.

    I guess the "Post Anonymously" box isn't going to help me now anyway.

    --
    John
  2. Re:HTML5 by Jugalator · · Score: 3, Informative

    None that I know of, but Firefox, Safari, Chrome, (and Opera?) should have rudimentary support for parts of it, like the video tag, and the canvas tag.

    Not that I know if that's what they're referring to though.

    All major browers today have very poor HTML 5 support though. It's still not even a finalized standard.

    --
    Beware: In C++, your friends can see your privates!
  3. Re:Not surprising -- browsers are basically OSes by morgan_greywolf · · Score: 3, Informative

    Microsoft realized that early on, which is why Explorer was integrated into Windows in the first place. And it's also why they're fighting to try to keep IE on top.

    No, Netscape and Sun realized that early on, which is where the concept of browser plugins, JavaScript, and ultimately, Java come from. Then they started wagging their tongues about it rather than sit there and quietly implement stuff (ala Google), so Microsoft.moved to "cut off their air supply" (direct quote from a Microsoft memo used as evidence in their antitrust case) by integrating Internet Explorer into Windows.

    --
    My blog
  4. Attractive to bad guys? by The+Archon+V2.0 · · Score: 2, Informative

    The researchers admit darknets are attractive to bad guys, too

    So is encryption. So is privacy. So are knives. So is food. So is living another day. It's not wrong just because it can be used to ill ends.

    Or, to be all profound and Latin and stuff: abusus non tollit usum.

  5. Re:HTML5 by tholomyes · · Score: 4, Informative

    Here's the details on which browsers support what parts of the new features of HTML5 thus far: http://www.quirksmode.org/dom/html5.html.

    According to quirksmode, it appears that Safari 4.0 has the most complete support, followed by FF 3.5b and IE8. Chrome and Opera do not appear to, at least as far as supporting the new features is concerned.

    --
    When did the future switch from being a promise to a threat? -C. Palahniuk
  6. Re:HTML5 by tholomyes · · Score: 3, Informative

    Also note quirksmode's caveat:

    "The compatibility information above is only for the HTML5 features I tested; they do not necessarily say anything about the browsers' overall HTML5 support. The number of tests will slowly expand."

    --
    When did the future switch from being a promise to a threat? -C. Palahniuk
  7. Re:Bad Guys by Opportunist · · Score: 5, Informative

    I have something to hide. It's called my private life and it's nobody's business. Not yours, not some company's and most certainly not my government's.

    I think it was Franklin who said, if the people fear the government, it's a tyranny, if the government fears its people, it's liberty. I think the US (and a good portion of the rest of the planet) would need a few leaders like the founding fathers of the US. If they could see what came to their dream, what they fought for, died for and had others die for, I think they'd get fed up enough to start over.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  8. Re:Worried, maybe. by Gotenosente · · Score: 2, Informative

    "almost all "good" citizens would not be against"

  9. HOW? by rosvall · · Score: 2, Informative

    Since there are zero details in TFA, i'm just going to speculate that one of three things is going on, in order of increasing probability:
    1. HTML 5 creates all sorts of fantastic new ways to communicate anonymously through a central server. In that case, please fill me in. In genuinely interested.
    2. The researchers have implemented something like the dining cryptographers protocol in js and php.
    3. TFA is utter bullshit

  10. Re:Bad Guys by OpenGLFan · · Score: 2, Informative

    I guess the "Post Anonymously" box isn't going to help me now anyway.

    I know it's an offhand comment, but it already doesn't help you. /. still stores who you are; you can't moderate and post in the same story, even if you checked "post anonymously."

  11. Re:A Seriously Important Requirement by L4t3r4lu5 · · Score: 2, Informative
    Much like Tor.
    • The client software pseudo-randomly assigns you an identifier which is used for connections on that network.
    • Your first connection to the next node in the chain may be identifiable as you, but your destination is not known. It goes "Well, I'm connected to these three guys, and I'll send this packet that way. I'll remember that response packets need to go back to the same identifier on the return."
    • The next node does not know your originating IP address, only the identifier the software assigned to you and that you want to be routed to another location.
    • The second to last node in the chain knows where you want to go, but only that this identifier wants to get there; Not what the IP address of that identifier is.
    • The whole process is repeated back, with the two ends of the chain only knowing one half of where you want to go, and the places in between don't know jack apart from your identifier (which is only of any use if both ends of the connection are compromised)

    .
    The added bonus with darknets is you also host the information you retrieve, increasing availability.

    --
    Finally had enough. Come see us over at https://soylentnews.org/