sexta-feira, abril 21, 2017

Tor2Web Proxy: "The Dark Net - How to Stay Anonymous Online Even from the NSA" by Peter Johansen




The darkness exists in the human mind not the technology.
Victorian Portugal was full of dark secrets that have had a negative effect on
this society ever since, far more than the internet has.


There's the "dark web" - i.e. the web you need to use Freenet or Tor or something like access (and those two are just examples, and they form distinct non-interconnected webs). And then there's the "deep web" - this is websites whose content is not indexed by search engines, because you need to register or pay to access the contents, or has Flash front ends, or is otherwise unavailable to a search engine. This is the thing that is likely much larger than the freely available web, and it's usually because there's money to be made by gate-keeping access to it. There's very little illegal, immoral or otherwise dodgy about the deep web; most of it is for-pay services, which are usually easy to clamp down on if they're illegal - just follow the money. 

Am I missing something here?

Yes. Google doesn't search every machine on the Internet. most of those don't have websites on them. Google only gets links by people who either fill out a "request for indexing" form or by following links from other pages. So if you create a website on your home machine and don't tell anyone...it's part of the dark web. It only exists to people who know about it. If you post your link inside a chat room that isn't accessible to Google (maybe because you must login with a password, like say Yahoo chat) ...then it's still part of the dark net. However, it's obscurity rather than security. no one can find it because no one can second guess your url. However, (again) Freenet users don't talk to each other. The user doesn't ask the website author for the site like the regular, it asks a friend to do so on their behalf...who may ask someone on their behalf...thus no can work out who is reading the content. A system of replication ensures the author doesn't point directly at a machine but just somewhere "generally" in the network. Thus, everyone is anonymous. Even if Google could index the content...they wouldn't know what they were indexing or where it came from. Two aspects of Freenet immediately bother me, which is why I won't be downloading or using it. First up is the distributed nature of the data storage - even if my use is perfectly legal, it could be storing material on my computer which is not only illegal but also highly offensive. Now, perhaps that doesn't bother you, but it bothers me. Secondly, per the Freenet site, "Files are encrypted, so generally the user cannot easily discover what is in his data store, and hopefully can't be held accountable for it." Did you spot that there? hopefully. I must say that I find that statement rather irresponsible; fortunately, in Portugal especially there’s no RIPA legislation where you can be sent to jail for not revealing your encryption keys, irrespective of the content you are protecting. And if this sounds far-fetched, you should be aware that it has already happened (http://www.theregister.co.uk/2009/11/24/ripa_jfl/). There is also no commercial element in Freenet. The developers have deliberately eschewed the creation of anonymous money. That takes the rug from under some criminal activity. On the practical side of things, Freenet is slow and not an ideal environment for swapping large files. On Freenet, most people choose to remain anonymous; that limits their interactions to a degree. On the conventional internet groups of people may work together using opaque encrypted connections and truly conspire in illegality if they wish; they sacrifice their anonymity to connect in the first place. Conspiracies are broken by their weakest link. Most (perhaps all setting aside whatever GCHQ accomplishes) clever internet police detective work begins from traditional policing methods. A suspect is brought to their attention somehow either by acting suspiciously on the internet (say a chatroom) or by coming under suspicion in the ordinary world. The suspect's computer is inspected and this may lead to new suspects. At that point the police may opt to operate a scam to catch others in the act. Freenet was developed to promote freedom of speech, particularly in places like China.

TOR, at present, is anonymous only in some internet transmission modalities.

There is much distasteful material on the internet and doubtless on Freenet. I suspect that much of this is the same stuff cycling round and round. The priority for law enforcement should not be the relatively easy option of identifying people in possession of this material but rather at grabbing those who create it in the first place. This is where the traditional internet is so important because only on it is there commerce. Cabals sharing a criminal interest, operating covertly and not putting the product of their activities for sale on the internet will be broken only by serendipity arising from traditional policing methods.

ToR causes a marked slowing of browser response. That's because the number of people using it are relatively few. What would make these technologies sit up and work is the introduction of millions of new non-combatant users motivated to avoid governmental surveillance and copyright controls. These dark side technologies are relatively immature, yet I can see at least one design that links ToR, Kademlia and strong cryptography that would present an intractable file sharing system and alternative email backbone. The question is this: given that relatively few malcontent users are using simple technologies, is it desirable to obfuscate them behind millions of benign users deploying strong technologies because of incontinent legislation? If I were employed by the Portuguese secret service, I'd be rather concerned about losing the ability to see the bad guys from the trees.

Ugh. Ok, so who is creating all this dark content? Are there 400-500 times more people creating content than we 'know' about? On the net content is king. There is unlinked content, mostly image files, but frankly most of that is probably illegal sexual stuff and while there is some truly unpleasant stuff out there in the hard to find places there are an awful lot more legal porn images (because it's a vast business) and teenagers on youtube putting up clips of them taking the piss out of their mates, because it's easier than videoing the construction of homemade nuclear devices.

Google doesn't simply search JSTOR - publishers are required to provide google with something called an abstract to crawl before their content can be indexed (basically the non-subscriber landing page). I create content on the darkweb (silly term) everyday such as hidden back content to support published websites, and none of it is crawled by google or anyone else for that matter. And none of it is in the least bit illegal or even morally dubious. Most of the unknown web is full of boring web infrastructures, and certainly not child pornography.

Predictive searches never show porn related stuff (or so I have read); I guess that would conflict with Google's public image, but if you type rotten you get rotten.com before you've typed tomatoes; some time ago Google courted some controversy by refusing to take down a racist photoshopped pic of Michelle Obama - citing rules that they only removed content when legally required to do so, all of which makes their ethics seem a little patchy. The point I'm trying to make is that I would gladly trade free albums for the loss of sites like rotten.

I'll probably get criticised for this and I'm aware that there is no perfect solution. No-one wants an internet with little free content and a big buy button on the top of the screen, but I am concerned about the excesses of the internet (never mind the dark web freenet thing) and its influence on peoples' morality and behaviour. I think the idea of "public" content being in the minority is a complete fantasy and the percentages plucked from the air, also I think it should be made clearer that there is a big difference between actively hidden content and activity for clandestine, political or paranoid reasons, and content that is simply defunct, old outdated websites that no one links to any more but aren't deleted, abandoned personal websites or free websites for companies that have gone out of business. Hard drive space is cheap these days and older websites don't take up much room. Also important is separating traffic from actual useful available web content, files or communication; no doubt a huge amount of traffic is taken up by spam and automated programs like trojans and the like. The idea of a huge goldmine of interesting secret information that dwarfs the public web makes no sense, the number of users and content publishers in these "sub nets" are by their very nature minuscule.

Virtually everyone I know with a computer does or has at some point downloaded music or films through Limewire or rapidshare or whatever, and those who haven't have at the very least watched unlicensed rips of shows on youtube for example - and none of those people would consider themselves criminal, even remotely. It's one of the odd things I've always thought about the whole filesharing thing - it's right there, hugely visible and you don't need to search far to get to it - just post the name of a record in google and you're likely to get to a rapidshare link or an equivalent within two or three pages of results. Google will probably lead you to thousands more pirated works than I imagine you'd ever find on freenet.

Johansen’s book is not earth-shattering, but it gives all the basic necessary ingredients for you to dip your toes in the water dark-web-wise.


2 comentários:

Book Stooge disse...

If "Peter Johansen" was actually interested in Anonymity, he'd use an obviously fake pseudonym, like "PJ" or "The Man". Using his real name shows that he's after cash.

he should have talked to me first before publishing this. I could have given him some tips *wink*

I like how you suss out the distinction between anonymous and obscure. I'm obscure, not anonymous. Just look at some of the posts I tag 'personal' and I reveal all sorts of info about myself. If I was a bajillionaire, I'm sure that would be used against me. But considering that I have to use the library to keep my reading habit going, what's the point of being anonymous? I try to keep myself safe online, so I don't get hit with id theft, but honestly, that type of thing usually happens when groups steal data from big companies and there is nothing I can do about them.

Manuel Antão disse...

It's nigh on impossible not to leave a digital footprint in this day and age. On top of that, staying stealthy requires a lot of work,and sometimes I just don't bother.

I'me using the tor browser while typing this words. Moreover, I'm using this tor browser on a sandiebox virtual machine. As soon as I leave the virtual machine, all my traces vanish up in the air so to speak...the virtual machine is no longer there. When I boot it again, it's just another brand new different session. But as I said, sometimes I just don't bother...