RE: Re: Fwd: Taming the Web - Can the Internet be controlled?

From: Eugene Leitl (Eugene.Leitl@lrz.uni-muenchen.de)
Date: Fri Aug 31 2001 - 07:22:17 MDT


On Fri, 31 Aug 2001, Chen Yixiong, Eric wrote:

> We don't just talk about whether governments can spy on your message
> in transit, but whenever you can actually remain anonymous.

Well, you can. It's not very hard. It is then useful to destroy your
fingerprint, though, as e.g. even short passages of text can be
statistically analyzed for your word frequency and phrase fingerprint,
which is rather unique.

> In theory, governments with powerful enough computers can spy on every
> Internet packet you release and have a good idea of what you do, just

In theory. In practice, you have to install the hardware at ISP side.
Tapping cables is a lot like drinking from a firehose.

If they do, it will not do them an awful lot of good, because the packet's
content is opaque, and the packet's apparent destination is not it's true
destination. It is routed through a remixer network.

> by the IP address and other infomation in the packet header alone.
> Even if you use encryption, your packet must have headers for it to
> get to where you want it to go.

Yes, but the contents of the envelope -- which are encrypted -- will
contain an another envelope. Which is encrypted. Which contains another
envelope -- you get the general idea. The nodes themselves have no clue
what is inside the envelope passing through it, and they don't know wheat
the next node is going to be.

Traffic remixers and onion routers do really exist and do really work.
Ask feds, they just patented them a few days ago, almost 20 years after
they have been described in academic papers, and 15 years after the first
ones started operating. They're a key to a truly anonymous infrastructure.

> With such packet sniffing at strategic points on the Net (such as each
> country's gateways to the rest of the Net) and comparing it with
> seized web logs or even publicly available information such as the
> date and time a message appears on a message board, a government can
> incriminate its citizens for the transmission of data.

I'm afraid the method I mentioned above will make such expensive snooping
fruitless.

> The packet sniffer can also reveal a lot of information about the
> pattern of traffic fron each surfer. Unless the peer to peer

So, whiten your traffic with bogus packets. You thought your ssh
connection was secure? I'm afraid it ain't so, chief, because a simple
mathematical model of your typing pattern leaks bits like crazy.

So, use lots of whitening. It's good for you.

> information network of the future provides access to only a very
> selected group of trusted people, the information about servers users
> can connect to will have to remain public.

You can connect, and you can take the network out from the inside, by
iterating the process. However, some patches on the earth are freer than
others, and unless The Man will completely block all traffic there, you
can connect there. If you wound up on the wrong patch of the geoid, I
suggest to head for freer places. It's worth it. If there are no freer
places left, I suggest picking up an interesting hobby. Like conspiracy to
overthrow the local government.

> Using the anonymous nature of the Net against itself and from an
> overseas site, the government can also act as a new user and use the
> software to find out information about the initial servers the peer to
> peer software can connect to. From there, it can find all these other
> servers and instantly ban their IP addresses, or at least the
> combination of IP addresses and ports with the unwanted service over
> at its own Internet Gateways.

Realtime address banning is nice, but you can only see a few IPs, as a
blacknet node. You have to reveal your IP for them to be able to deal with
you. Becase they know they drop dead from the net once they deal with a
certain IP (otherwise realtime banning would be hardly realtime), they
reenter the network (most IPs nowadays are dynamic, duh), and propagate
the information that you're a rat. Moreover, we have a very nice upsurge
of IEEE 802.11x networks, where users own the ad hoc infrastructure. Much
good the banning will do you, then. Then, there's trust building. New
users will be automatically assumed rats, and a rat will have to serve the
network, before doing it's dirty deed (did I mention that the
infrastucture was agoric?), thus becoming a very valuable rat. Same
applies in attempting flooding. You can't flood, unless you sell your
storage and bandwidth space. Content hashes don't collide. So, your only
attempt will be name space pollution. The hashes themselves are
invulnerable.

> In fact, I will consider it a miracle if such surveillance does not
> already takes place today. Carnivore, or DCS1000 (whatever they had

The average fed is too dumb for that. But the name engineering was sneaky,
wasn't it? Carnivore was a blunder, DCS1000 is inspired. But, however they
name it, they're screwed. They will only catch the sheep, not the wolves.

> renamed it to) shows only a very simple and weak version of
> surveillance software that can potentially exist. In fact, it only
> concerns itself more with mail traffic. If you wonder about web
> traffic, just checking through the logs of a Proxy Server at the ISP
> can tell you who did what at where (meanwhile banning all port 80
> outbound just like what some Singapore ISPs did to all overseas
> sites).

So, mail and web to anywhere but localhost will have to go. Hint: look at
Freenet and Mojonation document addresses. See that localhost part?

> Using Artifical Intelligence technology of the future, expect to see a
> lot of smiling faces at Government Network Headquarters over their
> success at tracing posters.

Dumb posters, maybe. But, I somehow don't expect a lot of smiling feds.
Call it a hunch, or something.

> There also exists one possibility that we had not yet see on the Net:
> "Proxy-Spoofing". This term (that I created a year ago) represents a
> concept that allows one to spoof another user's identity provided it
> can determine what a user will do in the near future. On a plain-text
> connection, this allows the any devious Government (or person with
> control of the Internet gateway) to spoof another user's packet,
> somewhat like two-way lying.

Try doing that with Gale.

> We take the case of posting to a newsgroup. Firstly, the spoofer
> intercepts the poster's packet en route. Secondly, it drops this

How does he I know I'm posting to a newsgroup? Mallory can watch all the
anonymous remailers, much good it will do to him. He sees packets emerging
from me and entering the remixing network. He loses track of these packets
after just a few iterations of traffic remixing. He sees lots of nasty
packets in clear entering gateways into public fora, but he can't trace it
back to me, provided I stripped the message clear of my fingerprint
(Google translator reiterated would come to mind).

> packet from routing and injects a new packet in with identical headers
> but different content, such that the data does not match the original
> data. For instance, the Government can just place an additional
> statement that contains defamatory remarks such that the user gets
> into trouble with lawsuits or with Government laws.

If you insist to use broken tools, they will catch you. So, don't use
broken tools.

> With encryption, it can experience some problems but not too much that
> we cannot solve it. With the method below, a nasty Government can
> still get its hands on the decryption sequence and do on the fly
> decrypting and encrypting.

Your concerns are not new, and have been addressed in late 1980s.

> A Government can also create a huge database of valid addresses and
> destination that it permits while banning all other addresses, citing
> pornography or other issues to justify this.
>
> To get around the problem of banning too many of the wrong sites, it
> could provide users with a unencrypted-only link for accessing other
> sites. Censors or censor-bots can then analyse what the user saw and
> did, and if it determined that the site provides no harm, it can add
> this site to the database.

A police state is not addressed by things cypherpunkly, it is best
addressed in physical space with military hardware. See the conspiracy for
the purpose to overthrow the government part.

> You can try sending an encrypted packet, but even if the Government
> router cannot understand this data, it can at least corrupt or destroy
> it.

See above.

> In addition, Governments can create backdoors into user's computers
> via spyware. Under the guise of a free Government accounting software,
> free ISP software or something which spurs users to downlod the file,
> a Government can potentially monitor every tap of a user, especially
> if this user has a broadband Internet connection.

Once again, not being dumb helps.

> To avoid detection, the software can use the user's web browser (such
> as Internet Explorer) to send data, and working with a proxy server,
> it can merely pretend to access a website the user previously and
> frequently accesses but with a special header or distinct signature
> such that the Governmental Proxy Server will intercept this instead of
> passing it on as it usually does.

So, only run trusted software. Do all the nasty bits stuff on an airgap
protected machine, or in a hardware crypto containment. It's as easy as
that.

> We don't even need a lot of data, just some passwords and private PGP
> keys. Once it gets into the system, it can also spread through the
> whole network like a network worm.

See above.

> There exists a rumor that M$ wants to replace the current TCP/IP
> network with another of its proprietary design to "fix" a problem that
> originated with it providing raw sockets capability in Windows XP
> which can potentially make an ordinary computer a very powerful DDOS
> attack machine. We must take the idea that the Net may switch to a

Once you corrupted a remote system with a magic packet, you own it. Why
relying on Redmond's crappy stacks if you can use your own? Upgrade it
with the best of *BSD derived offerings. Speaking of which, we should
thank proprietary vendors for offering us free resources to run BlackNode
nodes, packaged in worms.

> more traceable system seriously that will deny anonymous connections
> for fear of a DDOS attack.

If you don't speak anything else than the lingua franca of the Internet,
you've just severed yourself from the network. Many vendors tried that,
and all of them failed, with AOL being a possible exception.

> What I propose here may consist of workable or unworkable situations,
> however, we must take notice of this and perhaps develop
> countermeasures beyond the current network system. This means that
> developing peer to peer systems may seem insufficient, but we may
> actually need to stop the passing of certain laws and International
> Treaties that threaten this freedom.

Good concerns. I suggest you google over to cypherpunks, and start
reading.

> I do not know any new counter-measures not in public discussion as of
> now, but I hope, by setting all of you to ponder this issue, that we
> may eventually develop a suitable and powerful counter-measure.

The specs and the theory is all there. All we need are coders.

-- Eugen* Leitl leitl
______________________________________________________________
ICBMTO : N48 10'07'' E011 33'53'' http://www.lrz.de/~ui22204
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3



This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 08:10:17 MST