|
This ought to go over REAL well with our wiretapping happy government! How much you wanna bet there will be legislation saying using this will be a Federal crime which, of course, means when the rest of the world implements it we’ll be cut off?
The Pirate Bay Wants to Encrypt the Entire Internet
The team behind the popular torrent site The Pirate Bay has started to work on a new encryption technology that could potentially protect all Internet traffic from prying eyes. The project, which is still in its initial stages, goes by the name “Transparent end-to-end encryption for the Internets,” or IPETEE for short. It tackles encryption not on the application level, but on the network level, the aim being that all data exchanged on your PC would be encrypted, regardless of its nature — be it a web browser streaming video files or an instant messaging client. As Pirate Bay co-founder Fredrik Neij (a.k.a. Tiamo) told me, “Even applications that don’t supporting encryption will be encrypted where possible.”
Neij came up with the idea for IPETEE back when European politicians were starting to debate a Europe-wide move to DMCA-like copyright enforcement efforts, which were eventually authorized in the form of the Intellectual Property Rights Enforcement Directive in the spring of 2007. “I wanted to come up with something to make it harder for data retention,” said Neij. But he didn’t publish the initial draft proposal until early this month, when the discussion about privacy and surveillance online suddenly became urgent again. The Swedish parliament passed a new law in June that allows a local government agency to snoop on “the telephony, emails, and web traffic of millions of innocent individuals,” as the EFF’s Danny O’Brien put it. Neij promises that his new encryption scheme will be ready before the law takes effect next January.
IPETEE will likely be implemented as an add-on to operating systems like Windows and OS X. It will essentially do its work in the background, handling all incoming and outgoing IP traffic without any further interference from the user.
What was that line from Star Wars? “The more you tighten your grip, the more systems that will slip through your fingers”?
🙂
I’ve been advocating for this for TEN YEARS. I’m not hopeful.
1) All email should be encrypted and signed. (easy)
2) All web traffic should be encrypted (easy)
3) The ISPs, IT guys and other snoops should not be able to know where users are surfing. (harder, I think)
“Let’s say you want to open a video download from a remote machine. IPETEE would first test whether the remote machine is supporting the crypto technology”
This is D.O.A. Why would most websites implement this?
At the RSA conference this year I met a lot of vendors of network monitoring products who claimed that data running through a VPN was just as detectable as open data. All claimed to be able to detect and even crack encrypted transmissions.
The products they sold where for corporations that want to know who is doing what on their networks. One area of concern that these products claim to detect and kill are file sharing apps.
I spoke to multiple vendors of these products and asked them about the situation where someone at a workstation was running a VPN connection to somewhere else, and they were running file-share or massive downloads inside the VPN. All of them said that was not a problem.
Now, these being salesmen, I don’t believe them. They keep their engineers gagged and tied up in closet. Their claim also defies what I know about data encryption, VPN tunnels, etc.
Now that being said, there is information that can be derived from pattern analysis, even if you can’t read the messages themselves.
During WWII, before they were able to effectively decrypt the German Enigma machine, British intelligence was able to derive information from the patterns of German communications. By getting to know the operators, the volume, time of day, and by synchronizing information to known events, they could make reasonable assumptions about what was being discussed over the German comms.
I think that these high-end analysis packages I saw at RSA are doing that…. analyzing the patterns and making assumptions. They might even attempt to crack secured comms, and they might succeed if it was poorly protected.
#4 – I’ve been in security for years. What the sales people were referring to (but wouldn’t tell you) is that their product doesn’t allow for the VPN connections to go from behind the firewall to an outside server/machine. They can’t actually read anything (other than amount of traffic) on an already secured/encrypted connection.
#1
I think Tsun Zu’s quote is even better:
“He who protects everything protects nothing.”
#4,
The thing with file-sharing is that they are likely not trying to “see” the traffic payload and information in the packet header, but rather the characteristics of the traffic itself (length of transmission, size of packets, is it bursty or constant?). Thus, one can tell if a certain type of transmission is most likely a file download.
This way of determining the type of traffic could easily detect benign downloads such as downloading a linux ISO, but it’s possible that there are certain metrics that allow for more accurate detection of undesirable types of traffic.
This is just my guess on how this would pan out. My gut feeling is that even encrypted traffic can be classified and thus may not fully protect users. It will protect sensitive data from being viewed for the most part, but I think there would be gotchas involved for sure.
#6
Tsun Zu, amazing chap. I like it!
Fraq zr na rznvy ng abzqrhfre@uhfu.pbz
Gryy zr jul lbh obgurerq gb qrpbqr guvf.
#2 – GregAllen – The ISPs, IT guys and other snoops should not be able to know where users are surfing.
http://www.torproject.org/ – Combine it with the TOR addon for Firefox and you’re good to go. The speed is limited though.
#9 – NomDeUser – Fraq zr na rznvy ng abzqrhfre@uhfu.pbz
Gryy zr jul lbh obgurerq gb qrpbqr guvf.
And that my friends… was the report from our friend in Poland.
The encryption on my message number 9 was secure for 17 minutes.
I think this is a good idea, but it needs to be a real solid encryption. Much more solid than the NSA would like.
Here is a good question: seeing that encryption is a form of DRM, and I am transmitting my copyrighted material (anything I create), and someone taps it and decrypts it without my permission, can’t they be charged for violating the DMCA’s anti-circumvention provisions?
Sounds great but I’d bet money just about every government is going to ban the process or demand back doors.
Police states like the US, Britain, China, Iran, and Pakistan would have their security forces flittering in their undies at the very thought.
No, these government are not equally oppressive yet but they are about equally intrusive in that they want to have their heads up everybody’s bum past their shoulder blades.
This sounds like a good idea, but this won’t cover your tracks. ISPs can still what what IPs you’re connecting to, and it’s not hard for anyone to tell that you’re surfing on a bit torrent search page. And you don’t need deep packet analysis to tell a user on your network is using P2P software.
Problem I have with this is how much additional overhead will this place on my computer (and network hardware) having to decrypt every packet I get, and send.
@10,14: There are two problems that are unfortunately for now in collision: privacy and anonymity.
#14: You can have anonymity vs. your ISP if you use TOR network setup #10 advocates. They won’t know IP’s you are visiting. However, that does not give you the privacy as ISP can snoop on what your packets are.
#10: You can have privacy (ex. ISP’s wouldn’t have a clue what are you transferring) using encryption, but ISP could snoop on IP’s you visit.
As of now, there is nothing really good that would do both tasks. Hope, PB’s invention goes in direction of solving both issues.
Finally @#10: Even TOR networks have become less useful due to the various agencies injecting their own servers in the pool. Very hard to avoid. So they can glean some info (not trivial). Encryption is so far ahead of the snoops. So, privacy of the content is well but anonymity has serious issues at present.
@14: TOR does place significant delays on the traffic but encryption is almost transparent (insignificant overhead) with the present technology.
If you use an encrypted anonymous proxy all that your ISP will know is that you connected to that service. They won’t see any of the the sites you visit. They can get bandwidth data but not what the transmission contains…
@14: “Problem I have with this is how much additional overhead will this place on my computer (and network hardware) having to decrypt every packet I get, and send.”
You’re kidding, right? What planet/decade are you from? See “Moore’s law”.
Wasn’t fighting export restrictions and proposals for government key escrow and the Clipper chip one of the first things the EFF did when the organization was founded?
Constant encryption/decryption can be slower than you think.
Either way, even if the entire internet were encrypted it doesn’t mean it would be anonymous.
The internet would still be based on TCP/IP, IP addresses and DNS servers.
Encryption on this level ISNT encryption..
its a NEW format.
And if EVERYONE has to do it, then its no longer SAFE.
No. 2: I’m all for encryption.
How frequently will newbies lose a regular password? So do you thnk they can deal with public private key pair?
Engima is not all that difficult to use for a seasoned user. And yes I have my keys backed up.
Encryption ensures jobs for the NSA while fostering national security. I want our hackers to be better than their hackers.
People need to be protected from their government, not the other way around.
Karl Rove refuses to honor a subpoena, yet he’s part of a bunch of psychos that want the government to spy on us all Soviet-style.
No surprise though, because the origin of neoconservativism is from communist idealogy.
@#18 – I keep my entire hard-drive encrypted, and the overhead to run Vista is almost non-existent.
@#19 – You have no idea what you’re talking about. With public key encryption, once you encrypt a message no one can read it but the intended recipient — not even you the sender. It is secure.
I know there are systems that get around proxies but if you live in an oppressive environment like China or in most US corporations, the mere ACT of getting around a proxy gets you busted.
That’s why the whole internet needs to be encrypted.
@!#GSDG 23WEsd SDF@34 _#I#@$ ADGF
Oh sorry, the above comment is encrypted.