15 February, 2016

Last Week Tonight Takes on America's War on Voting


To celebrate the return of Last Week Tonight, and primary season in America, here's John doing what he does best.  Especially like that trick Oliver has of pulling it all back together at the end, then bam !

03 February, 2016

In Which The Telegraph Smears Tor


Been a long time since I talked about the Telegraph here.  But yesterday, I came across this particular piece of bullshit reporting from that 'journalistic' organisation, and felt compelled to say something.

That headline above, is frankly...a lie.  First off, Tor is a network, or a technology, not a browser, even if the browser download is the way in which most users will experience Tor these days.  The browser download, being a simplified bundle of the core Tor & proxying software with a modified version of Firefox.  Secondly, the study in question doesn't in any way speak to to the 'overwhelming use' of the Tor browser, but specifically to the use of the so-called Dark Web.  Back to the Telegraph...
There is an "overwhelming" amount of illicit and illegal content on the dark web, a new study shows.
That statement might seem self-evident. But the Tor browser - also known as the dark web or deep web - was created to protect the anonymity of vulnerable people online. It is a web browser just like Google Chrome or Internet Explorer, but it masks the identity of who is browsing and what they're looking at.
The Tor browser is perhaps known as 'the dark web or deep web' -- by fucking idiots !  The so-called 'dark web' is a fear-mongering slur utilised by the government for any services over the internet that in any way bypass conventional IP/HTTP routing, and thus implicitly threaten governmental control and surveillance thereof.  Tor is one of many services that can be used for such means, in this case, via the use of .onion addresses, that are only routeable via the Tor network.  It is not the only technology providing such hidden services, the hidden services are not the primary purpose of the Tor network, and in fact, the hidden services component was a much later addition to Tor.

Don't believe me, that the hidden services, the 'dark web' are not the primary purpose of the Tor network ?  Well, let's look at the study in question, shall we ?
The Tor architecture provides two services – anonymous browsing (property 3), and hosting of anonymous information exchanges (property 5) – through one piece of software, the so-called ‘Tor Browser’. Although distinct, both services employ roughly the same protocols and rely on the same distributed infrastructure. But that is where their mutual dependency ends. There is no technical requirement for anonymous browsing and anonymous hosting to be bundled. Indeed, browsing is overwhelmingly more popular than hosting. Most Tor users have never visited any hidden website at a *.onion address; hidden services account for around 3–6% of overall Tor traffic.27 Most users instead use the software merely to browse the internet's conventional address space more securely or anonymously. An analogy illustrates the significance of anonymous browsing. Alice, who lives in a small town, wants to buy a pregnancy test, but doesn't want to be seen doing so by the shop owner, Bob, a friend of Alice's father. Rather than simply going to the store, Alice wears a mask, walks a detour, and pays in cash. Bob will not be able to identify her or trace her. Alice's privacy and anonymity are assured. Anonymous browsing is not part of the ‘dark web’; it is a legitimate and laudable service that Tor provides.
This is from the very study upon which the Telegraph's scary misleading headline is based.  It says right there that most users have never visited any .onion 'dark web' sites at all, and that hidden services account for around 3–6% of overall Tor traffic.  Three to fucking six percent !  Hell, I've been familiar with Tor since long before there was such a thing as a 'Tor Browser', and I don't think I've ever visited or had reason to visit any hidden 'dark web' sites via Tor myself.  Because...why the fuck would I ?  Tor's primary purpose is, and always has been, simply to provide a modicum of anonymity in browsing the Internet, and the vast majority of users are most likely using Tor in entirely legitimate ways, in entirely legitimate pursuits.

In fact, the US government has repeatedly promoted the use of Tor for such purposes as enabling dissidents and human rights-activists living in authoritarian regimes, to communicate freely, bypassing restrictive governmental policies and controls, to promote liberal Western-style values.  The US government continues to this very day to provide a vast amount of the funding for the Tor project, and to utilise the network itself, and the Tor software was originally in fact invented by the United States Naval Research Laboratory & DARPA.

That's right, this evil evil 'dark web' software, the users of which the Telegraph apparently wishes to smear, was created by, and continues to be funded by the government of the United States of America.

So, in case you're not familiar with how Tor works, and is used by, as noted above, the vast vast majority of its users, here are some illustrations from the EFF.




Tor doesn't provide uncrackable security, certainly not for the likes of the NSA or other US govt. security agencies, and that much more certainly not when they have been involved in its creation and funding of its development from day one.  It simply obfuscates the path of traffic through a random series of nodes, making it difficult for a would-be adversary to monitor the traffic, without control of, and therefore the ability to monitor traffic through, all the nodes in question.  It isn't that inherently secure, even if you trust that the US government hasn't inserted its own backdoors into the system, and any one relying solely on Tor to run, say an international drug-smuggling operation, without detection, would be very stupid indeed.  Of course, the vast majority of users aren't doing anything of the sort.

Back to the Telegraph...
In the first study of its kind, researchers at King's College London found that 57 per cent of sites on Tor facilitate criminal activity, including drugs, illicit finance, and extreme pornography.

The findings are not unexpected - if anything that figure is lower than expected. Tor has been associated with child pornography, gun trading and murder long before now. 
"We expected something along these lines," said Thomas Rid, professor of Security Studies at King's College London and co-author of the study. "Previous studies have established that it's a pretty nasty place."  
Scary, scary fucking stuff indeed !  Child pornography, murder, drugs, extreme pornography !  Sounds pretty nasty huh ?

Did we mention that the 'dark web' sites in question were a product of a secondary (and not inherently illegitimate*) function of Tor, not even utilised by the vast majority of Tor users ?
Tor offers anonymous browsing to people across the world. Users in countries with strict censorship laws, like China or Iran, can use it to access mainstream sites - like Facebook - securely. Rid and Moore found that the vast majority of material on Tor was not just illegal in places like China or Iran, but in more liberal jurisdictions too.
Here, in the same fucking paragraph, the Telegraph conflates the anonymous browsing (such as use of fucking Facebook), which is the sole usage of the vast majority of users with the hosting of illegal materials on so-called 'dark web' sites.
The sites included marketplaces for drugs, fire arms and weapons, and explicit, illegal pornography. The study found a "near-absence" of Islamic extremist sites on Tor.
"Militants and extremists don't seem to find the Tor hidden services infrastructure very useful. So there are few jihadis and militants in the darknet," said Rid. "It's used for criminal services, fraud, extreme, illegal pornography, cyber attacks and computer crime."
Know why that is ?  Because, they're not fucking stupid !  Because they know full well, that if the US government wants to find them on an US-govt-designed and funded network of mild anonymity, it can, and will.  The US government could crush the Tor network any time it wanted to, but insofar as a) Tor isn't any meaningful threat to security-services, b) Dissidents in foreign competitor states utilise Tor, and c) Agents of the US govt. itself utilise Tor, it has no compelling reason to do so.

What the US government, and its proxy poodle in Westminster, would like to do, is utilise fearmongering rhetoric about 'terror' attacks, to convince the public, and technology-companies, that it is in the public interest that the privacy of Western citizens be intentionally compromised, via the dilution of encryption technology, and the building of government-accessible backdoors into common security software.  The sort of breathless hyperbole in which right-wing publications such as the Telegraph specialise is perfect for such a purpose.
Rid and Moore commend Tor for offering vulnerable people access to anonymous browsing. But they said Tor needs to work harder to encourage its community to build a safe and legitimate browsing experience.
Did they say that ?  I must have missed it...
"The developers made Tor for a different purpose - they wanted security, not crime. It's up to them to change the direction," said Rid. "It's up to them to have a sensible discussion about ways to reduce crime, to get more legitimate users in." 
Now here, I can only assume the quotation is the result of an interview (what, the Telegraph doing actual reporting...like actual journalists ?), as I don't see such language in the report.  Regardless, this is shit.  We've already established that the vast majority of usage is merely anonymous browsing (which is, in the authors' words, 'a legitimate and laudable service that Tor provides'), and how the hell can Tor's developers be held responsible for the content provided by the 'hidden services' on their network, without fundamentally compromising the relative anonymity that is the whole raison d'etre of the Tor network to begin with ?

Is the argument that as the functionality of hidden services could theoretically be used for ill purposes, that it should be removed ?  The same is true of the anonymous browsing functionality, innocent as the vast majority of usage may be/probably is.  The same is true of all technology.  Hell, in the US, special constitutional protections are given to the ownership of tools (i.e. guns, firearms), whose primary if not sole purpose is to murder living beings.  But the fact that a subset of the functionality of a mildly anonymising technology might be used for illicit purposes, that...that is a reason for ripping apart what little guarantee of privacy is currently available to us on the internet ?
Tor's example will no doubt be used in the encryption debate that is circulating around the snoopers' charter, according to Rid and Moore. 
"Tor's ugly example should loom large in technology debates," Rid and Moore conclude. "The line between utopia and dystopia can be disturbingly thin."
This is just...WTF ?  Wait, why am I still quoting the fucking Telegraph ?
The other quandary is how to deal with darknets. Hidden services have already damaged Tor, and trust in the internet as a whole. To save Tor – and certainly to save Tor's reputation – it may be necessary to kill hidden services, at least in their present form. Were the Tor Project to discontinue hidden services voluntarily, perhaps to improve the reputation of Tor browsing, other darknets would become more popular. But these Tor alternatives would lack something precious: a large user base. In today's anonymisation networks, the security of a single user is a direct function of the number of overall users. Small darknets are easier to attack, and easier to de-anonymise. The Tor founders, though exceedingly idealistic in other ways, clearly appreciate this reality: a better reputation leads to better security.85 They therefore understand that the popularity of Tor browsing is making the bundled-in, and predominantly illicit, hidden services more secure than they could be on their own. Darknets are not illegal in free countries and they probably should not be. Yet these widely abused platforms – in sharp contrast to the wider public-key infrastructure – are and should be fair game for the most aggressive intelligence and law-enforcement techniques, as well as for invasive academic research. Indeed, having such clearly cordoned-off, free-fire zones is perhaps even useful for the state, because, conversely, a bad reputation leads to bad security. Either way, Tor's ugly example should loom large in technology debates. Refusing to confront tough, inevitable political choices is simply irresponsible. The line between utopia and dystopia can be disturbingly thin.
Less oblique, less misleading, less blatantly crass government-propaganda.  Still crap.

But, now I'm getting into the realm of disputing the report's findings & conclusions, which wasn't where I started, with the Telegraph's blatantly misleading headline.  So, let's step back a bit...



See those results above, from Google News ?  The bottom three accurately characterise the report's findings, and the subject thereof.  Only the one at the top from the Telegraph manages, unintentionally or not, to completely conflate the lesser functionality of 'hidden services' with the wholly legitimate purpose of 'anonymous browsing', and to smear the vast majority of Tor users as a result.  Fuck, I hate the Telegraph...


* Imagine say Iranian or Chinese dissidents, wanting to not merely communicate freely over Tor, without detection of government authorities, but also wanting to provide a stable hosting source of shared documentation within their groups.