Thomas Pynchon: Internet was invention of elites – mass surveillance / control

“Never forget your Internet was Their invention, this magical convenience that creeps now like a smell through the smallest details of our lives, the shopping, the housework, the homework, the taxes, absorbing our energy, eating up our precious time. And there’s no innocence. Anywhere. Never was. It was conceived in sin, the worst possible. As it kept growing, it never stopped carrying in its heart a bitter-cold death wish for the planet, and don’t think anything’s changed, kid. Call it freedom, it’s based on control. Everybody connected together, impossible anybody should ever get lost, ever again. Take the next step, connect it to these cell phones, you got a total Web of surveillance, inescapable. You remember the comics in the Daily News? Dick Tracy’s wrist radio? It’ll be everywhere, the rubes’ll all be begging to wear one, handcuffs of the future. Terrific. What they dream about at the Pentagon, worldwide martial law.”

— Eddie, from Thomas Pynchon’s Bleeding Edge

The Great Firewall of China and how it blocks Tor traffic

Diagram showing how GFW filters/censors tor traffic
China’s firewall is now able to dynamically recognise Tor usage and block the respective relays and bridges. The diagram above illustrates how this works: 1) the firewall searches for a bunch of bytes which identify a network connection as Tor. If these bytes are found, 2) the firewall initiates a scan of the host which is believed to be a bridge. In particular, 3) the scan is run by seemingly arbitrary Chinese computers which connect to the bridge and try to “speak Tor” to it. If this succeeds, the bridge is blocked.

(via phw’s blog on Tor Project)

Over the last years, we learned a lot about how the Great Firewall of China is blocking Tor. Some questions remained unanswered, however. Roya, Mueen, Jed, and I just published a project which seeks to answer some of these open questions. Being curious as we are, we tried to find answers to the following questions:

  • Is the filtering decentralised (i.e., happening in provinces) or centralised (i.e., happening in Internet exchange points (IXP))?
  • Are there any temporal patterns in the filtering? Or in other words, are there certain times when people are more likely to be able to connect to Tor?
  • Similarly, are there any spatial patterns? Are folks in some special regions of China able to connect to Tor while others cannot?
  • When a computer in China tries to connect to a Tor relay, what part of the TCP handshake is blocked?

It turns out that some of these questions are quite tricky to answer. For example, to find spatial patterns, we need to be able to measure the connectivity between many Tor relays and many clients in China. However, we are not able to control even a single one of these machines. So how do we proceed from here? As so often, side channels come to the rescue! In particular, we made use of two neat network measurement side channels which are the hybrid idle scan and the SYN backlog scan. The backlog scan is a new side channel we discovered and discuss in our paper. Equipped with these two powerful techniques, we were able to infer if there is packet loss between relay A and client B even though we cannot control A and B.

You might notice that our measurement techniques are quite different from most other Internet censorship studies which rely on machines inside the censoring country. While our techniques give us a lot more geographical coverage, they come at a price which is flexibility; we are limited to measuring Internet filtering on the IP layer. More sophisticated filtering techniques such as deep packet inspection remain outside our scope.

Now what we did was to measure the connectivity between several dozen Tor relays and computers in China over four weeks which means that we collected plenty of data points, each of which telling us “was A able to talk to B at time T?”. These data points reveal a number of interesting things:

  • It appears that many IP addresses inside the China Education and Research Network (CERNET) are able to connect to at least our Tor relay.
  • Apart from the CERNET netblock, the filtering seems to be quite effective despite occasional country-wide downtimes.
  • It seems like the filtering is centralised at the IXP level instead of being decentralised at the provincial level. That makes sense from the censor’s point of view because it is cheap, effective, and easy to control.

Now what does all of this mean for Tor users? Our results show that China still has a tight grip on its communication infrastructure, especially on the IP and TCP layer. That is why our circumvention efforts mostly focus on the application layer (with meek being an exception) and pluggable transport protocols such as ScrambleSuit (which is now part of the experimental version of TorBrowser) and obfs4 are specifically designed to thwart the firewall’s active probing attacks.

Check out the comments section of the original blog post at Tor Project for interesting discussion … Also, see “How The Great Firewall of China Is Blocking Tor” (PDF)

It’s time to take mesh networks seriously: developing decentralized computer network architectures

via Wired:

“[…] Compared to the ‘normal’ internet — which is based on a few centralized access points or internet service providers (ISPs) — mesh networks have many benefits, from architectural to political.

[…] An ad hoc network infrastructure that can be set up by anyone, mesh networks wirelessly connect computers and devices directly to each other without passing through any central authority or centralized organization (like a phone company or an ISP). They can automatically reconfigure themselves according to the availability and proximity of bandwidth, storage, and so on; this is what makes them resistant to disaster and other interference. Dynamic connections between nodes enable packets to use multiple routes to travel through the network, which makes these networks more robust.

Mesh network architecture diagram - urban wireless meshCompared to more centralized network architectures, the only way to shut down a mesh network is to shut down every single node in the network.

That’s the vital feature, and what makes it stronger in some ways than the regular internet.

But mesh networks aren’t just for political upheavals or natural disasters. Many have been installed as part of humanitarian programs, aimed at helping poor neighborhoods and underserved areas. For people who can’t afford to pay for an internet connection, or don’t have access to a proper communications infrastructure, mesh networks provide the basic infrastructure for connectivity.

Not only do mesh networks represent a cheap and efficient means for people to connect and communicate to a broader community, but they provide us with a choice for what kind of internet we want to have.

For these concerned about the erosion of online privacy and anonymity, mesh networking represents a way to preserve the confidentiality of online communications. Given the lack of a central regulating authority, it’s extremely difficult for anyone to assess the real identity of users connected to these networks. And because mesh networks are generally invisible to the internet, the only way to monitor mesh traffic is to be locally and directly connected to them.

Yet beyond the benefits of costs and elasticity, little attention has been given to the real power of mesh networking: the social impact it could have on the way communities form and operate.

What’s really revolutionary about mesh networking isn’t the novel use of technology. It’s the fact that it provides a means for people to self-organize into communities and share resources amongst themselves: Mesh networks are operated by the community, for the community. Especially because the internet has become essential to our everyday life.

Instead of relying on the network infrastructure provided by third party ISPs, mesh networks rely on the infrastructure provided by a network of peers that self-organize according to a bottom-up system of governance. Such infrastructure is not owned by any single entity. To the extent that everyone contributes with their own resources to the general operation of the network, it is the community as a whole that effectively controls the infrastructure of communication. And given that the network does not require any centralized authority to operate, there is no longer any unilateral dependency between users and their ISPs.

Mesh networking therefore provides an alternative perspective to traditional governance models based on top-down regulation and centralized control.

Indeed, with mesh networking, people are building a community-grown network infrastructure: a distributed mesh of local but interconnected networks, operated by a variety of grassroots communities. Their goal is to provide a more resilient system of communication while also promoting a more democratic access to the internet. […]”

Read full article at Wired.

U.S. Military Creating Software to Manipulate Social Media

General-David-Petraeus-008‘The US military is developing software that will let it secretly manipulate social media sites by using fake online personas to influence internet conversations and spread pro-American propaganda.

A Californian corporation has been awarded a contract with United States Central Command (Centcom), which oversees US armed operations in the Middle East and Central Asia, to develop what is described as an “online persona management service” that will allow one US serviceman or woman to control up to 10 separate identities based all over the world. […]

The Centcom contract stipulates that each fake online persona must have a convincing background, history and supporting details, and that up to 50 US-based controllers should be able to operate false identities from their workstations “without fear of being discovered by sophisticated adversaries”. […]

Once developed, the software could allow US service personnel, working around the clock in one location, to respond to emerging online conversations with any number of co-ordinated messages, blogposts, chatroom posts and other interventions. Details of the contract suggest this location would be MacDill air force base near Tampa, Florida, home of US Special Operations Command.

Centcom’s contract requires for each controller the provision of one “virtual private server” located in the United States and others appearing to be outside the US to give the impression the fake personas are real people located in different parts of the world.

It also calls for “traffic mixing”, blending the persona controllers’ internet usage with the usage of people outside Centcom in a manner that must offer “excellent cover and powerful deniability”.’

(Source: Fielding, Nick & Cobain, Ian. “U.S. Military Creating Software to Manipulate Social Media“. Guardian, 17 March 2011)

The Filter Bubble: What the Internet is Hiding From You (Eli Pariser)

The internet is increasingly becoming an echo chamber in which websites tailor information according to the preferences they detect in each viewer. When some users search the word “Egypt,” they may get the latest news about the revolution, others might only see search results about Egyptian vacations. The top 50 websites collect an average of 64 bits of personal information each time we visit—and then custom-design their sites to conform to our perceived preferences. What impact will this online filtering have on the future of democracy? We speak to Eli Pariser, author of The Filter Bubble: What the Internet Is Hiding from You. “Take news about the war in Afghanistan. When you talk to people who run news websites, they’ll tell you stories about the war in Afghanistan don’t perform very well. They don’t get a lot of clicks. People don’t flock to them. And yet, this is arguably one of the most important issues facing the country,” says Pariser. “But it will never make it through these filters. And especially on Facebook this is a problem, because the way that information is transmitted on Facebook is with the ‘like’ button. And the ‘like’ button, it has a very particular valence. It’s easy to click ‘like’ on ‘I just ran a marathon’ or ‘I baked a really awesome cake.’ It’s very hard to click ‘like’ on ‘war in Afghanistan enters its 10th year.'”

[…]

——-

Read full transcript at: http://www.democracynow.org/2011/5/27/eli_pariser_on_the_filter_bubble