The latest alpha release of the Tor Browser uses a deterministic build process for exactly that reason: users of open source software (or the small minority of users with the necessary technical skills) should be able to check that the published binaries match the published source exactly - no malware, no easter eggs, no backdoors. If someone detects a mismatch, they can alert the rest of the community.
Mike Perry, who spent six weeks getting deterministic builds working for Tor, has some interesting thoughts on why this is an important issue for security tools, even if the users completely trust the developers.
I'd like to see more open source projects following Tor's lead. Gitian is a deterministic build tool that might help - it enables multiple people to build a binary from the same source and check that they get identical results.
This case is unusual in that there's been a long series of bomb threats - they could easily have started monitoring all known remailers a week ago. But I wouldn't be surprised if they had all known remailers under surveillance all the time - especially since they know that's necessary if they want to trace a message at any time in the future.
What they should have done is use one of those handy-dandy national security letters or whatever they are called to gain access to the server in secret. They could have pried the private key loose that way, then initiated monitoring on the next server up the chain, another letter, and so on.
Interesting point - I wonder if they though the Riseup admins would blow the whistle and go to jail.
Of course this also falls apart if one of the servers is some place that doesn't like the US and won't honor requests from US law enforcement.
True. Watching this unfold could be an interesting lesson in the international reach (or not) of wiretap and seizure orders.
Unless the server operator was a total dofus, this brings them exactly zero steps towards resolving their problem, because this is exactly the kind of attack that Mixmasters was designed to withstand.
I'm not sure you're right about that. Unlike the more recent Mixminion design, Mixmaster doesn't provide forward secrecy. Each mix uses a long-term public/private key pair. To send a message anonymously, you encrypt it with the public key of each mix you want it to pass through, and each mix uses its own private key to remove a layer of encryption. The last mix in the chain removes the last layer of encryption and delivers the message to its destination. The mixes carry on using the same key pairs indefinitely.
Now imagine you have the wiretapping and server-seizing powers of the FBI and you want to trace a message. You wiretap all the mixes and record the encrypted messages passing between them. When an unencrypted bomb threat pops out of one of the mixes, you seize that mix and use its private key to decrypt all the messages you recorded arriving at that mix. One of them decrypts to the bomb threat. You seize whichever mix that message came from and repeat.
This attack has been known about ten years, which is why Mixminion changes its key pair periodically and uses TLS on the connections between mixes. But remailers don't get much attention these days, so it seems people are still using Mixmaster.
TL;DR: You can trace messages by seizing Mixmaster servers. Expect more servers to be seized in the coming days.
Doesn't that just make the "friend" instantly liable for contributory infringement?
When you download a file through a chain of people, every link in that chain is a friendship. Nobody connects directly to a stranger. So the only people who can bust you for contributory infringement are your own friends, and the only people who can bust them are their own friends, and so on.
It's possible that an infiltrator would spend time building up fake friendships just to bust people for copyright infringement, but it doesn't seem very cost-effective to me. That tactic has been pretty much abandoned in drug policing because it just mops up a few naive people at the edges of the distribution network without ever getting closer to the centre.
By the time the darknet grows enough to be useful there will be some friends of friend of friends that are not so careful and not so trustworthy, and not so cluefull. They will click a link somewhere. Their kids will install some internet game. They will get a piece of malware installed. They will get compromised, then the movies sitting on their computers will be discovered as well as their list of darknet friends, and the jig is up.
Whose jig is up? Not mine. If somebody two or three hops away from me in the darknet gets owned, I don't lose my anonymity, because the only people who know my identity are my immediate neighbours in the darknet, who are people I trust.
In BitTorrent, a single compromised node can identify everyone in the swarm. In a darknet, a compromised node can only identify its immediate neighbours. If you choose your friends carefully you can stay safe, even if your friends' friends aren't so careful.
The first rule of darknets is "Don't talk about darknets" - so they tend to get reinvented a lot.;-)
WASTE and RetroShare are fairly similar, but RetroShare has a lot more features - forums, its own email system, public and private chatrooms, better portability, better firewall traversal, etc.
You're going to need a centralized forum/chatroom, aren't you, where you can meet people and identify those with common interests and focus?
I've heard rumours about a distributed network of chatrooms called IRL where you can meet people with similar interests. Apparently it's like IRC except the jokes aren't as good.
Similarly, after LimeWire was shut down the brand was relaunched as a monthly subscription service for slowing your computer down and giving you viruses.
While I agree with your criticism of the "creative economy" fable, I can see one way in which "creative industries" can genuinely increase productivity, and that's by making people want more stuff, or newer stuff, or higher-status stuff, which in turn makes them work harder, keeping the ol' investment capital flowing. Novelty is an important part of that process, and novelty is the sine qua non of the "creative industries": even when the product sucks, at least it's new.
The stimulation of demand through advertising and marketing has been driving Western economies since the Second World War, and it works just as well for intangible as tangible goods. So while I agree with your criticism, I don't think you should limit it to the "creative industries" - I think it applies to any industry that would vanish in a puff of smoke without its advertising department.
It's hard to see why a video store clerk (what is a video store?) is a creative persona.
The "creative class" isn't the class of creative people - it's the class of people whose jobs depend on the production of intangible goods such as stories, music and software. That's why video store employees (remember them?) and software engineers are members of the class but shoe store employees and hardware engineers aren't. It's a well-recognised labour category in the UK, but apparently not in the U.S., according to this excellent article about the creative industries:
In Britain, where the pioneering work on the concept has been done, the category covers design, advertising, theatre, dance, music, visual arts, creative writing, crafts, plus museums and galleries. On the ministerial level it also includes leisure, entertainment, tourism and heritage industries, and sports. The situation in the UK, in particular, is quite different because throughout the 1990s to the present, “creative industry” has been a government-established, recognized, and practiced category for government policy and administration. In the United States, in contrast, the terms “creative industries” and “culture industries” are rarely used outside academic circles. The term “creative economy” does appear in some policy discussions and documents on a local and sometimes regional level. . . . . In other cases, the terms “information economy,” and “intellectual property” are the common framing concepts and cover the effort to control and efficiently commodify creative material, especially in its intangible forms.
The best technical introduction to game theory I've come across is Game Theory: A Critical Introduction by Shaun P. Hargreaves-Heap and Yanis Varoufakis, which introduces the most important concepts while placing them within their philosophical context (for example, to what extent is it reasonable to regard humans as the kind of agents assumed by game theory?). I've been studying game theory for years and wish I'd read this book a long time ago.
If you really have no patience for philosophy, try Game Theory for Applied Economists by Robert Gibbons instead.;-)
John Maynard Smith's Evolution and the Theory of Games is accessible and indispensable.
Less technical works that explore the implications of the theory in fascinating ways include The Evolution of Cooperation (the book that first got me interested in the subject) and The Complexity of Cooperation by Robert Axelrod, and anything by Brian Skyrms.
Having stuck my oar in during a previous consultation, I was emailed a copy of the draft recommendations and asked for feedback. Here's the response I sent to Nominet.
Dear ______,
Thank you for circulating this draft. I'm disappointed to find that Nominet is still considering adopting a policy that effectively grants the police new powers. In a democratic society, the only acceptable way for police powers to be extended is through legislation. If there is a genuine need for the police to be able to take down websites without judicial supervision, Parliament should grant the police that power. If Parliament does not do so, no other organisation should arrogate the right to do so - particularly when, as the draft notes, the Government is currently considering such legislation.
It may be inconvenient for the police, and perhaps even "harmful to consumers", that judicial oversight sometimes imposes delays on police work. Nevertheless, that oversight exists for good reasons, and attempts by the police to circumvent it are misguided and dangerous.
Court orders are available at very short notice for other kinds of urgent police work; if the courts have not seen fit to make orders for taking down websites available to the police as quickly as the police would like then it is worth asking why not. Nominet should not allow itself to be manipulated by the police into short-circuiting the judicial process.
As a piece of quasi-legislation, the draft is seriously lacking. It does not define key terms such as "consumer harm" or "UK law enforcement agencies with which Nominet has a trusted relationship". No process is defined for deciding which cases "involve disputes between private parties, freedom of expression or political speech", or for challenging such decisions.
The vague language in the final paragraph about an "appeal mechanism" and an "independent panel" makes no concrete commitments to meaningful oversight. Indeed, it is difficult to imagine how it could do so, since Nominet does not have any legal powers to punish wrong decisions or make reparations. The courts do - they are the proper venue for such decisions.
But your dog isn't (I assume) a political activist. Facebook doesn't go out of its way to track down accounts with false names, but if someone complains that your account has a false name, it will be suspended until you provide legal documentation of the name, such as a passport or driver's license.
This has happened, and continues to happen, to activists around the world. Michael Anti, the Chinese journalist, was one high-profile case. There's a Facebook fan page about him, but he's no longer allowed to have a Facebook account.
Another good reason to install HTTPS Everywhere, a browser extension that will redirect your Google searches to the HTTPS version of the site. By checking the certificate presented by the server, your browser can then be sure that it's talking directly to Google. (HTTPS Everywhere also works for a lot of other popular sites.)
Or, if you don't like Google, use DuckDuckGo, which uses HTTPS by default with no need for a browser extension.
I think something like TPB model is there to stay, if necessary they'll just move it to be a TOR onion site, still centralized but anonymous.
On that point, it's interesting to see clients like MediaGet and Frostwire 5 incorporating search into the client. If one of the sites they rely on gets shut down, not only could the clients switch to another site at the next upgrade, they could potentially switch to another way of contacting the site (eg through Tor, as you suggested) without the users needing to be any the wiser.
Going distributed is THE way of stopping people from shutting you down.
But ironically, what BitTorrent got right (and it pains me to admit this, because I'm a big fan of pure P2P solutions) was centralising the hard parts - search and peer location - and distributing the easy part - content distribution.
Another area where BitTorrent struck the right balance between pure P2P and pure centralisation was in content curation. Gnutella made it incredibly easy to share a file, but the result was a ton of low-quality, badly-labelled, nearly-identical files. BitTorrent made it just hard enough that only a few, relatively dedicated people would create torrents, and everyone else would just redistribute them. I don't think that was a conscious design decision, but it happened to hit the sweet spot.
Your boss will ask you "How much does it cost to adopt v6?"
And then he'll buy those v4 addresses.
I agree, at the moment that's what will happen - and arguably that's the rational response, at the level of the firm if not at the level of the net as a whole. But in the longer term I believe a market for IPv4 addresses will have two consequences:
1. Organisations that are currently sitting on more address space than they need will start to use it more efficiently so they can sell or lease the surplus. That will ease the address space shortage.
2. New organisations, which don't face a large upgrade cost if they choose IPv6, will buy a few IPv4 addresses for public-facing assets such as websites and mailservers that absolutely have to be reachable by IPv4-only customers. Everything else will be done with IPv6. Then a few years down the line, someone within each organisation will ask, "What share of our revenue comes through the IPv4 site, and how much is that site costing us?" Organisations on the margin will start to drop IPv4 support, creating extra pressure for the remaining IPv4-only organisations to upgrade.
Does this mean that companies will start selling IP addresses for increasing amounts of money?
I hope so - nothing's going to spur IPv6 adoption like having a dollar cost per IPv4 address that you can show to your boss.
should I buy a block of 100 as an investment now?
If you can get away with it, fuck yes! At this stage in the game it's probably only lawyer-plated companies like Microsoft that can force this past IANA, but once the market opens up, jump in.
The goal isn't to liberate people from their ISPs - at least, not initially. Eben Moglen explained in a speech last year that the goal is to liberate people from cloud providers and social networking sites that would like to collect and sell their personal data.
In the longer term, however, Freedom Boxes might also be useful for resisting wiretapping. In a post to the liberation tech mailing list (sorry, I can't link to the actual post since the archives are subscriber-only), Eben Moglen gave the following explanation:
On the question, how can personal servers deal with network
non-neutralities, the answer is by tunneling among themselves. So Bob and Carol and Ted and Alice live in different places, maybe different countries, and have different upstream connectivity providers. If Bob's Freedom Box notices that he can't connect to port X at address Y, the box opens a tunnel to Carol's box, through the encrypted "route" they share, and asks Carol's box to proxy the traffic. If Carol's can't do it, maybe Ted's can. Alice's freedom box, which is located inside a country with a national firewall, uses Bob, Carol, Ted, and a hundred more of her friends abroad to lift her over the national firewall many times a day.
Clearly the same approach could be used to avoid surveillance as well as filtering. Now, of course, that still assumes your ISP allows you to have some kind of connectivity to some of your friends - NAT could be a major issue here, as other commenters have noted.
The original research paper does a better job of explaining.
* The following torrent sites were studied: Mininova in December 2008, The Pirate Bay in November 2009, and The Pirate Bay again in April 2010.
* Roughly 3,000 user accounts uploaded torrent files to the sites.
* 100 user accounts uploaded 67% of the torrent files, and those torrents accounted for 75% of the downloads.
* Fake content uploaders (antipiracy agencies and malware) accounted for 30% of the torrent files and 25% of the downloads. Many of those accounts could be traced to a small number of IP addresses.
* Profit-driven uploaders (who use free content to advertise private trackers and/or commercial content) accounted for 30% of the torrent files and 40% of the downloads. This is where advertising comes into the picture: people aren't getting paid for the ads shown on torrent sites, they're uploading content as a form of advertising.
* Altruistic uploaders (who release copyrighted content with no profit motive) accounted for 11.5% of the torrent files and 11.5% of the downloads.
(Yes, I realise the figures don't quite add up - I guess there's some rounding in there.)
Al-Jazeera, who may be biased and ignore pop culture B.S. on the front page; or CNN and FoxNews who give priority to celebrity diversion.
Interestingly, clicking on the CNN link from the UK redirects you to CNN's international edition, which has a relatively serious front page, comparable to that of Al-Jazeera.
I guess there's a double standard at work: people "at home" get patronised, whether by Al-Jazeera or CNN, while those "abroad" are treated as adults.
No doubt you're right - but the difficult question is not whether the US and other countries support opposition movements for cynical reasons. Of course they do. The difficult question is whether those movements can still be legitimate. Was everyone who protested after the Iranian elections paid by the CIA? If not, do they still have a legitimate right to demand change, or does US involvement taint every opponent of the regime by association?
Slashdot Mirror
The latest alpha release of the Tor Browser uses a deterministic build process for exactly that reason: users of open source software (or the small minority of users with the necessary technical skills) should be able to check that the published binaries match the published source exactly - no malware, no easter eggs, no backdoors. If someone detects a mismatch, they can alert the rest of the community.
Mike Perry, who spent six weeks getting deterministic builds working for Tor, has some interesting thoughts on why this is an important issue for security tools, even if the users completely trust the developers.
I'd like to see more open source projects following Tor's lead. Gitian is a deterministic build tool that might help - it enables multiple people to build a binary from the same source and check that they get identical results.
Interesting point - I wonder if they though the Riseup admins would blow the whistle and go to jail.
True. Watching this unfold could be an interesting lesson in the international reach (or not) of wiretap and seizure orders.
I'm not sure you're right about that. Unlike the more recent Mixminion design, Mixmaster doesn't provide forward secrecy. Each mix uses a long-term public/private key pair. To send a message anonymously, you encrypt it with the public key of each mix you want it to pass through, and each mix uses its own private key to remove a layer of encryption. The last mix in the chain removes the last layer of encryption and delivers the message to its destination. The mixes carry on using the same key pairs indefinitely.
Now imagine you have the wiretapping and server-seizing powers of the FBI and you want to trace a message. You wiretap all the mixes and record the encrypted messages passing between them. When an unencrypted bomb threat pops out of one of the mixes, you seize that mix and use its private key to decrypt all the messages you recorded arriving at that mix. One of them decrypts to the bomb threat. You seize whichever mix that message came from and repeat.
This attack has been known about ten years, which is why Mixminion changes its key pair periodically and uses TLS on the connections between mixes. But remailers don't get much attention these days, so it seems people are still using Mixmaster.
TL;DR: You can trace messages by seizing Mixmaster servers. Expect more servers to be seized in the coming days.
I used to spend a lot of time evaluating new languages. Now I just use this handy flowchart.
When you download a file through a chain of people, every link in that chain is a friendship. Nobody connects directly to a stranger. So the only people who can bust you for contributory infringement are your own friends, and the only people who can bust them are their own friends, and so on.
It's possible that an infiltrator would spend time building up fake friendships just to bust people for copyright infringement, but it doesn't seem very cost-effective to me. That tactic has been pretty much abandoned in drug policing because it just mops up a few naive people at the edges of the distribution network without ever getting closer to the centre.
Whose jig is up? Not mine. If somebody two or three hops away from me in the darknet gets owned, I don't lose my anonymity, because the only people who know my identity are my immediate neighbours in the darknet, who are people I trust.
In BitTorrent, a single compromised node can identify everyone in the swarm. In a darknet, a compromised node can only identify its immediate neighbours. If you choose your friends carefully you can stay safe, even if your friends' friends aren't so careful.
WASTE and RetroShare are fairly similar, but RetroShare has a lot more features - forums, its own email system, public and private chatrooms, better portability, better firewall traversal, etc.
I've heard rumours about a distributed network of chatrooms called IRL where you can meet people with similar interests. Apparently it's like IRC except the jokes aren't as good.
Similarly, after LimeWire was shut down the brand was relaunched as a monthly subscription service for slowing your computer down and giving you viruses.
Looks like someone already created a torrent.
Wow, Jacob Appelbaum has really changed since he joined that church...
The stimulation of demand through advertising and marketing has been driving Western economies since the Second World War, and it works just as well for intangible as tangible goods. So while I agree with your criticism, I don't think you should limit it to the "creative industries" - I think it applies to any industry that would vanish in a puff of smoke without its advertising department.
The "creative class" isn't the class of creative people - it's the class of people whose jobs depend on the production of intangible goods such as stories, music and software. That's why video store employees (remember them?) and software engineers are members of the class but shoe store employees and hardware engineers aren't. It's a well-recognised labour category in the UK, but apparently not in the U.S., according to this excellent article about the creative industries:
If you really have no patience for philosophy, try Game Theory for Applied Economists by Robert Gibbons instead. ;-)
John Maynard Smith's Evolution and the Theory of Games is accessible and indispensable.
Less technical works that explore the implications of the theory in fascinating ways include The Evolution of Cooperation (the book that first got me interested in the subject) and The Complexity of Cooperation by Robert Axelrod, and anything by Brian Skyrms.
Having stuck my oar in during a previous consultation, I was emailed a copy of the draft recommendations and asked for feedback. Here's the response I sent to Nominet.
Dear ______,
Thank you for circulating this draft. I'm disappointed to find that Nominet is still considering adopting a policy that effectively grants the police new powers. In a democratic society, the only acceptable way for police powers to be extended is through legislation. If there is a genuine need for the police to be able to take down websites without judicial supervision, Parliament should grant the police that power. If Parliament does not do so, no other organisation should arrogate the right to do so - particularly when, as the draft notes, the Government is currently considering such legislation.
It may be inconvenient for the police, and perhaps even "harmful to consumers", that judicial oversight sometimes imposes delays on police work. Nevertheless, that oversight exists for good reasons, and attempts by the police to circumvent it are misguided and dangerous.
Court orders are available at very short notice for other kinds of urgent police work; if the courts have not seen fit to make orders for taking down websites available to the police as quickly as the police would like then it is worth asking why not. Nominet should not allow itself to be manipulated by the police into short-circuiting the judicial process.
As a piece of quasi-legislation, the draft is seriously lacking. It does not define key terms such as "consumer harm" or "UK law enforcement agencies with which Nominet has a trusted relationship". No process is defined for deciding which cases "involve disputes between private parties, freedom of expression or political speech", or for challenging such decisions.
The vague language in the final paragraph about an "appeal mechanism" and an "independent panel" makes no concrete commitments to meaningful oversight. Indeed, it is difficult to imagine how it could do so, since Nominet does not have any legal powers to punish wrong decisions or make reparations. The courts do - they are the proper venue for such decisions.
Best regards,
______
This has happened, and continues to happen, to activists around the world. Michael Anti, the Chinese journalist, was one high-profile case. There's a Facebook fan page about him, but he's no longer allowed to have a Facebook account.
Or, if you don't like Google, use DuckDuckGo, which uses HTTPS by default with no need for a browser extension.
On that point, it's interesting to see clients like MediaGet and Frostwire 5 incorporating search into the client. If one of the sites they rely on gets shut down, not only could the clients switch to another site at the next upgrade, they could potentially switch to another way of contacting the site (eg through Tor, as you suggested) without the users needing to be any the wiser.
But ironically, what BitTorrent got right (and it pains me to admit this, because I'm a big fan of pure P2P solutions) was centralising the hard parts - search and peer location - and distributing the easy part - content distribution.
Another area where BitTorrent struck the right balance between pure P2P and pure centralisation was in content curation. Gnutella made it incredibly easy to share a file, but the result was a ton of low-quality, badly-labelled, nearly-identical files. BitTorrent made it just hard enough that only a few, relatively dedicated people would create torrents, and everyone else would just redistribute them. I don't think that was a conscious design decision, but it happened to hit the sweet spot.
I agree, at the moment that's what will happen - and arguably that's the rational response, at the level of the firm if not at the level of the net as a whole. But in the longer term I believe a market for IPv4 addresses will have two consequences:
1. Organisations that are currently sitting on more address space than they need will start to use it more efficiently so they can sell or lease the surplus. That will ease the address space shortage.
2. New organisations, which don't face a large upgrade cost if they choose IPv6, will buy a few IPv4 addresses for public-facing assets such as websites and mailservers that absolutely have to be reachable by IPv4-only customers. Everything else will be done with IPv6. Then a few years down the line, someone within each organisation will ask, "What share of our revenue comes through the IPv4 site, and how much is that site costing us?" Organisations on the margin will start to drop IPv4 support, creating extra pressure for the remaining IPv4-only organisations to upgrade.
I hope so - nothing's going to spur IPv6 adoption like having a dollar cost per IPv4 address that you can show to your boss.
If you can get away with it, fuck yes! At this stage in the game it's probably only lawyer-plated companies like Microsoft that can force this past IANA, but once the market opens up, jump in.
In the longer term, however, Freedom Boxes might also be useful for resisting wiretapping. In a post to the liberation tech mailing list (sorry, I can't link to the actual post since the archives are subscriber-only), Eben Moglen gave the following explanation:
Clearly the same approach could be used to avoid surveillance as well as filtering. Now, of course, that still assumes your ISP allows you to have some kind of connectivity to some of your friends - NAT could be a major issue here, as other commenters have noted.
* The following torrent sites were studied: Mininova in December 2008, The Pirate Bay in November 2009, and The Pirate Bay again in April 2010.
* Roughly 3,000 user accounts uploaded torrent files to the sites.
* 100 user accounts uploaded 67% of the torrent files, and those torrents accounted for 75% of the downloads.
* Fake content uploaders (antipiracy agencies and malware) accounted for 30% of the torrent files and 25% of the downloads. Many of those accounts could be traced to a small number of IP addresses.
* Profit-driven uploaders (who use free content to advertise private trackers and/or commercial content) accounted for 30% of the torrent files and 40% of the downloads. This is where advertising comes into the picture: people aren't getting paid for the ads shown on torrent sites, they're uploading content as a form of advertising.
* Altruistic uploaders (who release copyrighted content with no profit motive) accounted for 11.5% of the torrent files and 11.5% of the downloads.
(Yes, I realise the figures don't quite add up - I guess there's some rounding in there.)
Interestingly, clicking on the CNN link from the UK redirects you to CNN's international edition, which has a relatively serious front page, comparable to that of Al-Jazeera.
I guess there's a double standard at work: people "at home" get patronised, whether by Al-Jazeera or CNN, while those "abroad" are treated as adults.
No doubt you're right - but the difficult question is not whether the US and other countries support opposition movements for cynical reasons. Of course they do. The difficult question is whether those movements can still be legitimate. Was everyone who protested after the Iranian elections paid by the CIA? If not, do they still have a legitimate right to demand change, or does US involvement taint every opponent of the regime by association?