Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Build a Browser-Based Darknet

Posted by kdawson on from the easy-come-easy-go dept.

ancientribe writes "At Black Hat USA next month, researchers will demonstrate a way to use modern browsers to more easily build darknets — underground private Internet communities where users can share content and ideas securely and anonymously. HP's Billy Hoffman and Matt Wood have created Veiled, a proof-of-concept darknet that only requires participants have an HTML 5-based browser to join. No special software or configuration is necessary, unlike with darknets such as Tor. Veiled is basically a 'zero footprint' network, in which groups can rapidly form and disappear without a trace. The researchers admit darknets are attractive to bad guys, too, but they say they think these more easily set-up and dismantled nets will be more popular for mainstream (and legit) users." In somewhat related news, reader cheesethegreat informs us that version 0.7.5 of FreeNet has hit the tubes.

29 of 163 comments (clear)

  1. Worried, maybe. by arizwebfoot · · Score: 4, Interesting

    The researchers admit darknets are attractive to bad guys, too.

    Yeah, I would be worried about all those sock hat wearing pedophiles out there.

    Of course maybe Craigslist could use it to advertise their wares.

    --
    Beer is proof that God loves us and wants us to be happy.
    1. Re:Worried, maybe. by arizwebfoot · · Score: 3, Insightful

      You mean, like, our own government?

      Have you no shame?

      --
      Beer is proof that God loves us and wants us to be happy.
    2. Re:Worried, maybe. by hansraj · · Score: 4, Insightful

      Yes, darknet is attractive to bad guys but so is expectation of privacy in general.

    3. Re:Worried, maybe. by Opportunist · · Score: 4, Funny

      Have you no shame?

      Is that still a requirement for a public office?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    4. Re:Worried, maybe. by Opportunist · · Score: 4, Insightful

      And that's exactly the reason why this will be outlawed immediately as soon as a sizable portion of the population (in the western world, folks, I'm not talking about Iran, China and Burma here) uses it to circumvent the governmental snooping that's running rampart.

      Can't outlaw it, you say? Because we're in a free world and thus they can't just simply outlaw encryption?

      Ok, they won't. What we'll get is a law that makes you liable if you "faciliate the spread of pedophilia". After all, if you help a pedo you're in the wrong as well, ain't you? Since you can't really determine what kind of data you roll around in a darknet (it would kinda defeat the purpose if you could), darknet proponents would get their IP sniffed and law enforcement would download any kind of kiddy porn they could find in the darknet. As soon as the IP of a proponent can be linked to the porn (say, a chunk came from him because it was stored at his part of the cloud), the trap closes, the law enforcement can "prove" that darknet proponents are "only" in for the kiddy porn and thus darknet is an evil tool of child exploitation.

      Gimme a single reason to believe this won't happen, I beg you.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    5. Re:Worried, maybe. by Gotenosente · · Score: 5, Insightful

      I think you are probably right and this type of thing will be attempted. However, in that situation, I would think that one could argue they had no knowledge that that's what they were partaking in. After all, that's the design of the system, right? Hell, if I help out a guy with a flat tire who happens to proceed to rape a child, am I guilty of aiding a pedophile? No, because there are plenty of legit reasons why a guy would be driving around in a car. Just as there are plenty of legit reasons why someone would want to surf entirely anonymously.

    6. Re:Worried, maybe. by Opportunist · · Score: 4, Insightful

      That would make sense. But do you think a judge will be able to tell the difference, more so when he is told that he should better NOT tell the difference? It will be made a tool that faciliates child porn, and no "honest citizen" needs it... do you think this argumentation wouldn't be used? And all too readily believed by those that don't really care too much as long as they got YouTube and Twitter?

      The idea that something should be legal because it is usually used for legal means and only in exceptions for illegal ones is one of the past. The same analogy could be used for guns, cars, almost anything human made can be used for good and ill. The problem here is that darknets are by their very definition something governments cannot regulate or control, and thus they will bring all the firepower they have into the field to destroy them if they see wide public use. The only reason we haven't seen them cracking down hard on them is simply that the amount of people using (or even knowing about) them is minimal. If darknets become a tool usable (and used) by the average computer user, they will become a target of governments which are all too eager to control and monitor what their citizens do.

      I.e. pretty much all governments on this planet.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    7. Re:Worried, maybe. by Gotenosente · · Score: 5, Interesting

      I share your fear. Here's what I think the key is: tie this type of tech up with something that almost all "good" citizens would be against from the start. Ie debut this as a vehicle for freedom of information in oppressive, countries. I think we have enough people in the US who believe that there is some sort of Axis of Evil out there that needs to be defeated by Freedom. Iran would be ideal, China would probably work. We need to give John Q Public a good first impression. Maybe an author writing a nice novel would be helpful too.

    8. Re:Worried, maybe. by Anonymous Coward · · Score: 3, Insightful

      I think you are probably right and this type of thing will be attempted.
      However, in that situation, I would think that one could argue they had no knowledge that that's what they were partaking in. After all, that's the design of the system, right?
      Hell, if I help out a guy with a flat tire who happens to proceed to rape a child, am I guilty of aiding a pedophile? No, because there are plenty of legit reasons why a guy would be driving around in a car. Just as there are plenty of legit reasons why someone would want to surf entirely anonymously.

      That might be enough to convince a jury, especially if the FBI doesn't find anything else incriminating on your systems.

      But it is more than enough to get a warrant, your front door kicked off the hinges, and all your equipment confiscated for literally years. And you'll be lucky to get any of it back, ever, guilty or not.

      As for your example above, they will approach it in the same fashion as P2P is treated. They will simply claim that it's "common knowledge" that most users of that service are involved in some type of shady business. It really pisses me off, but it seems that these days if you show that you are trying to hide anything, you are pretty much presumed guilty of something.

    9. Re:Worried, maybe. by cayenne8 · · Score: 3, Interesting
      "it's all in how you bypass the legally approved process of governing."

      Kinda like how Obama fired that Inspector General, without following the law Obama himself voted in, where you have to give congress 30 days notice AND a written reason why the IG was being fired?

      Nah...the govt. doesn't need a darknet or anything to bypass the legally approved processes...

      They just count on the general public/press not caring, and so far, it seems to work.

      --
      Light travels faster than sound. This is why some people appear bright until you hear them speak.........
    10. Re:Worried, maybe. by Trahloc · · Score: 4, Funny

      I use to spend vacations with my family and sleep in the back of the truck while driving across country. In the back of this truck there was bundles of rope (never know when you'll need it), shovels (ditto), and an unconscious kid (driving thousands of miles made me sleepy when I was 8). I don't see anything wrong with that.

      --
      The Goal: A long simple life filled with many complex toys.
    11. Re:Worried, maybe. by Opportunist · · Score: 4, Insightful

      Here's your counter argument: In repressive governments like the Chinese, those darknets serve a very sensible purpose because they allow them the right to free speech and discussion of politics. Here, there is no reason for those as you may already speak your mind, and thus the only reason to use them in the "free world" is to do something illegal.

      Bet nobody realizes that they're used for exactly the same thing in "repressive" states: To do something illegal. Like, say, enjoy freedom of speech.

      Isn't it strange that we're all for handing people the ability to circumvent their laws if we consider those laws "wrong", but we dread the same at home?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  2. Good by timpdx · · Score: 4, Insightful

    Now get it out to the protesters in Iran and spread it in China for that matter.

  3. You mean? by bigattichouse · · Score: 3, Interesting

    So legitimate users in Iran or China might be able to hook into a darknet that has a portal to the real world outside? Kinda like good old packet HAM radio used to.

    --
    meh
  4. Bad Guys by aaandre · · Score: 5, Insightful

    Of course secrecy is attractive to bad guys. Problem is according to current legislation we are all bad guys, always crossing some obscure irrelevant law we don't know about.

    So one man's secrecy is another man's privacy and protection from overreaching criminalization.

    Oh, and anything you write or view on the internet, say over the phone, purchase, sms about, dial on your phone, etc. is saved and archived forever, by default, unless you make a special effort to enforce your right of privacy. Even that special effort does not guarantee protection and furthermore, that effort is not difficult to notice, and boom, you are someone with something to hide, i.e. one of the bad guys.

    War is peace. Doublegood peace.

    1. Re:Bad Guys by plover · · Score: 4, Informative

      And don't forget that just because you think it's safe doesn't mean that it actually IS safe. Check out the BlueCoat proxy, which is a corporate web proxy/filter that also works on SSL connections (via man-in-the-middle attack.) All your company has to do is drop their own root certificate on your machine, and unless you're in the habit of checking the sites providing your signature, you may never spot it. (Fortunately Firefox displays the certificate's site name next to the padlock icon.) There's also nothing stopping a corporation from installing a key sniffer or remote observation software on their equipment, which includes your desktop.

      Just in case you were thinking that you were "safe" blowing whistles on a darknet at work.

      I guess the "Post Anonymously" box isn't going to help me now anyway.

      --
      John
    2. Re:Bad Guys by Opportunist · · Score: 5, Informative

      I have something to hide. It's called my private life and it's nobody's business. Not yours, not some company's and most certainly not my government's.

      I think it was Franklin who said, if the people fear the government, it's a tyranny, if the government fears its people, it's liberty. I think the US (and a good portion of the rest of the planet) would need a few leaders like the founding fathers of the US. If they could see what came to their dream, what they fought for, died for and had others die for, I think they'd get fed up enough to start over.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    3. Re:Bad Guys by EdIII · · Score: 3, Interesting

      I don't think you have thought that through enough. What is your basis for your claim of it being impractical? Remember, we went to the Moon. I would think that was the definition of impractical at the time. However, if you can disregard the conspiracy theories, we actually did step foot on a soundstage, I mean the Moon.

      Storage capacity? There are plenty of examples of extremely large storage arrays at universities and data centers that did not cost anywhere near "trillions" of dollars to build and construct. 500 million dollars would be enough to construct a data center with a few Exabytes of storage at today's prices. Let's say $100 per Terabyte. $200M worth of hard drives would get you 2 Exabytes of non redundant storage capacity. Using an appropriate RAID setup you could even gain redundancy and lose less than 10% of that storage space. You got $300M left to build the rest of the data center. It's possible. Just Google for news about Exabyte data centers being constructed.

      Take a phone conversation for example. Let's say 2.5 kB/s is the data rate. If a person talked 16 hours a day, that would put them at a 144 MB storage capacity per person per day. Let's just assume 250 million people a day are talking. That would put it at 36,000 Terabytes of storage. I know that sounds big, but that's only a few percent of a *single* Exabyte. A data center with multiple Exabytes could store weeks worth before filling up.

      Now of course why would you even want to keep RAW data? You wouldn't. Let's convert it to text instead. You could assume about 130 words per minute spoken on average, which should be pretty conservative. Assuming Unicode text, with no compression, an average word length of 10 characters (twice the real amount?), that would take you from 144 MB per person per day, to......... 2.5 MB per person per day. That's quite a reduction right there. Now we only need ~625 Terabytes to store the text of every single voice conversation every day.

      Hmmmmm. It's starting to seem like that $500M data center is capable of storing quite a few years worth of transcripts. About 9 years worth to be exact. So let's say...

      60 MILLION DOLLARS PER YEAR.

      That's it. Just for voice transcripts. Even if I am off by a whole order, that is only 600 million dollars per year. A far cry from your "trillions" of dollars estimate is it not?

      I don't even think you would need the transcripts either. Not all of them. Analyze them for keywords, context, blah blah blah and you can start to keep databases of relationships between people and categorize them based on the content of their speech. The information just became more valuable, and a lot more CONDENSED.

      Now let's say it costs ten times that to analyze SMS, purchase records, blogs, etc. We are still a far cry away from your impractical threshold.

      Put simply, Google, Yahoo, MS, are already in the business of working with that much data and processing it.

      BUT, BUT, BUT WHY?

      That's the real question. Would the government, the big bad government, even be interested in a database that had relationships, political and religious views, spending patterns, movement patterns (grocery store, then the bank, etc.)?

      I think the answer is yes. Either in the guise of security, protecting the children, defeating the terrorists, defeating the communists, defeating some sort of 'ism, there is a continual pressure to provide these "tools" to government. I don't think "tin foil hat" arguments are going to cut it much longer.

      Clearly it's possible on a technical basis to store and process this much information, and at least in other governments, there is clearly the desire and motivation to use such abilities.

      but logs and cache gets flushed unless there is a reason to keep it.

      Do you know that for a fact? Everywhere? DNS records from local ISP's are VALUABLE. Targeted advertising is a big thing right now. Don't forget commercial motivations

  5. HTML5 by Amazing+Quantum+Man · · Score: 3, Interesting

    Which browsers (please include note if it's beta) support HTML 5?

    --
    Fascism starts when the efficiency of the government becomes more important than the rights of the people.
    1. Re:HTML5 by Jugalator · · Score: 3, Informative

      None that I know of, but Firefox, Safari, Chrome, (and Opera?) should have rudimentary support for parts of it, like the video tag, and the canvas tag.

      Not that I know if that's what they're referring to though.

      All major browers today have very poor HTML 5 support though. It's still not even a finalized standard.

      --
      Beware: In C++, your friends can see your privates!
    2. Re:HTML5 by tholomyes · · Score: 4, Informative

      Here's the details on which browsers support what parts of the new features of HTML5 thus far: http://www.quirksmode.org/dom/html5.html.

      According to quirksmode, it appears that Safari 4.0 has the most complete support, followed by FF 3.5b and IE8. Chrome and Opera do not appear to, at least as far as supporting the new features is concerned.

      --
      When did the future switch from being a promise to a threat? -C. Palahniuk
    3. Re:HTML5 by tholomyes · · Score: 3, Informative

      Also note quirksmode's caveat:

      "The compatibility information above is only for the HTML5 features I tested; they do not necessarily say anything about the browsers' overall HTML5 support. The number of tests will slowly expand."

      --
      When did the future switch from being a promise to a threat? -C. Palahniuk
  6. Easier is better by tnk1 · · Score: 3, Insightful

    If its easier to use, you will definitely see more people using it who are legitimate. Tor and other darknets are a pain in the ass to use, and they clearly have a larger proportion of people using it for more nefarious purposes. The reason is simple: they *need* to use it because they are bad guys. Good guys, unless they fully comprehend the threats against them, are less likely to go to the effort. Hopefully this works out and is secure. It would be a big plus for people who don't want to deal with the hassle, not to mention, they don't want instantly incriminating software on their machine. My guess is that the Chinese and Iranian government minders don't like you if they see you getting your hands on anything like a Tor/Freenet software package.

  7. Re:Iran? China? by MrMista_B · · Score: 3, Funny

    How about Germany? Britian?

  8. Re:Not surprising -- browsers are basically OSes by morgan_greywolf · · Score: 3, Informative

    Microsoft realized that early on, which is why Explorer was integrated into Windows in the first place. And it's also why they're fighting to try to keep IE on top.

    No, Netscape and Sun realized that early on, which is where the concept of browser plugins, JavaScript, and ultimately, Java come from. Then they started wagging their tongues about it rather than sit there and quietly implement stuff (ala Google), so Microsoft.moved to "cut off their air supply" (direct quote from a Microsoft memo used as evidence in their antitrust case) by integrating Internet Explorer into Windows.

    --
    My blog
  9. Re:Talking in secret by pjt33 · · Score: 4, Insightful

    Talking in secret in advance helps them to take to the streets at the same time and in the same place.

  10. Very Useful by jefu · · Score: 3, Interesting

    Currently to do shared chat/video chat/audio/documents... most systems are dependent on servers of one sort or another. Making something that could work on a more peer-to-peer level would be very useful indeed as it would help alleviate (though probably not entirely eliminate) the reliance on servers that are often under someone else's control. If you doubt the usefulness of this, just look at what is happening in Iran right now.

  11. Tomatoes are way more dangerous than darknets by Rick+Bentley · · Score: 3, Funny

    Ninety-two point four per cent of juvenile delinquents have eaten tomatoes.

    Eighty-seven point one per cent of the adult criminals in penitentiaries throughout the United States have eaten tomatoes.

    Informers reliably inform that of all known American Communists ninety-two point three percent have eaten tomatoes.

    Eighty-four per cent of all people killed in automobile accidents during the year 2004 had eaten tomatoes.

    Those who object to singling out specific groups for statistical proofs require measurements within in the total. Of those people born before the year 1850, regardless of race, color, creed or caste, and known to have eaten tomatoes, there has been one hundred per cent mortality!

    In spite of their dread addiction, a few tomato eaters born between 1850 and 1900 still manage to survive, but the clinical picture is poor-their bones are brittle, their movements feeble, their skin seamed and wrinkled, their eyesight failing, hair falling, and frequently they have lost all their teeth.

    Those born between 1900 and 1950 number somewhat more survivors, but the overt signs of the addiction's dread effects differ not in kind but only in degree of deterioration. Prognostication is not hopeful.

    Exhaustive experiment shows that when tomatoes are withheld from an addict, invariably his cravings will cause him to turn to substitutes-such as oranges, or steak and potatoes. If both tomatoes and all substitutes are persistently withheld-death invariably results within a short time!

    The skeptic of apocryphal statistics, or the stubborn nonconformist who will not accept the clearly proved conclusions of others may conduct his own experiment.

    Obtain two dozen tomatoes-they may actually be purchased within a block of some high schools, or discovered growing in a respected neighbor's back yard! - crush them to a pulp in exactly the state they would have if introduced into the stomach, pour the vile juice into a bowl, and place a goldfish therein. Within minutes the goldfish will be dead!

    Those who argue that what affects a goldfish might not apply to a human being may, at their own choice, wish to conduct a direct experiment by fully immersing a live human head* into the mixture for a full five minutes.

    * It is suggested that best results will be obtained by using an experimental subject who is thoroughly familiar with and frequently uses the logical methods demonstrated herein, such as:

    (a) The average politician. Extremely unavailable to the average citizen except during the short open season before election.

    (b) The advertising copywriter. Extremely wary and hard to catch due to his experience with many lawsuits for fraudulent claims.

    (c) The dedicated moralist. Extremely plentiful in supply, and the experimenter might even obtain a bounty on each from a grateful community.





    THE DREAD TOMATO ADDICTION Mark Clifton This essay originally appeared in the February 1958 edition of Astounding. The dates in this version have been modified (all dates plus 50 years).

    --
    My favorite quote doesn't fit into 120 characters. Now no one will like me.
  12. Re:If I give a killer a ride... by shentino · · Score: 3, Insightful

    Perhaps he saw that the terrorists have already won by getting our governments to take all our freedoms away.

    Yes I said it.

    The terrorists have won.