Filtering the Internet?

[Evildrider]

http://bits.blogs.nytimes.com/2008/01/08/att-and-other-isps-may-be-getting-ready-to-filter/index.html

This could really suck. 

[schild]

Meh. Never gonna happen.

If it did, within a year or two, some company would rise from the ashes of the cable industry and offer an undernet. Or a blacknet. Or skynet.

[Prospero]

This will work as well as DRM.   

[MrHat]

Meh. Never gonna happen.

If it did, within a year or two, some company would rise from the ashes of the cable industry and offer an undernet. Or a blacknet. Or skynet.

<insert smiley with dollar sign eyes>  <insert smiley with a money hat on>

Where the fuck is the right smiley for "That's money".

[Ookii]

Mr. Cicconi said that AT&T has been talking to technology companies, and members of the MPAA and RIAA, for the last six months about implementing digital fingerprinting techniques on the network level.

“We are very interested in a technology based solution and we think a network-based solution is the optimal way to approach this,” he said. “We recognize we are not there yet but there are a lot of promising technologies. But we are having an open discussion with a number of content companies, including NBC Universal, to try to explore various technologies that are out there.”

The revolution will not be televised.

[tazelbain]

This will work as well as DRM.   

This will work because a) extortion works and b) it doesn't require the cooperation of anyone else.
Which why we need a law.  If AT&T wants full control over the traffiic, they need to make their own internet.

[HaemishM]

Getting net neutrality shitcanned was just one part of allowing this kind of fucktardery to happen.

[Prospero]

This will work because a) extortion works and b) it doesn't require the cooperation of anyone else.
Which why we need a law.  If AT&T wants full control over the traffiic, they need to make their own internet.

I'm a networking noob, but it seems to me the problem is unless they create a new network protocol the best they can do is sniff packets looking for something that matches up with the known torrent for "Top Gun". If they are looking for pirated content they have to look at the bits, and unless they can magically say "that string of 1's and 0's feels like a pirated movie" that means they have to have some database of patterns to match against. Either new torrents will appear daily, or someone is going to come up with a way to disguise the contents. This is a game they can't win. Not to mention the 700 MHz band being opened up for pseudo-open access means we have a network coming online soon that is going to be free of any such constraints.

[Morat20]

I'm a networking noob, but it seems to me the problem is unless they create a new network protocol the best they can do is sniff packets looking for something that matches up with the known torrent for "Top Gun". If they are looking for pirated content they have to look at the bits, and unless they can magically say "that string of 1's and 0's feels like a pirated movie" that means they have to have some database of patterns to match against. Either new torrents will appear daily, or someone is going to come up with a way to disguise the contents. This is a game they can't win. Not to mention the 700 MHz band being opened up for pseudo-open access means we have a network coming online soon that is going to be free of any such constraints.

How to Bypass 101:

Build in basic encryption into BitTorrent. Symmetric encryption is very low overhead to do, so you could do something REALLY simple -- it doesn't have to be unbreakable, just infeasible for AT&T to break real-time -- and encrypt the torrent with a session key for as long as the user is connected.

Only difficult part is, of course, creating a shared key when the communications channel is totally compromised. However, that's a problem with a number of well known solutions (although the distributed ones are often icky) --public key being the most common.

[Prospero]

I feel a key signing party coming on...

[Roac]

How to Bypass 101:

Build in basic encryption into BitTorrent.

I thought about that.  Fix for the fix: ban popular Torrent sites.  On a more sophisticated level, perform a man in the middle attack - many web boxes do this now as a feature.  Should custom protocols arise (ie, BTEncrypt or whatever), ban those.  Peer to peer doesn't matter much if you can't get to pirate bay.  There's ways around this of course, but the point isn't to STOP sharing (too costly), it's to make it a huge pain in the ass so that most people quit. 

[Morat20]

I thought about that.  Fix for the fix: ban popular Torrent sites.  On a more sophisticated level, perform a man in the middle attack - many web boxes do this now as a feature.  Should custom protocols arise (ie, BTEncrypt or whatever), ban those.  Peer to peer doesn't matter much if you can't get to pirate bay.  There's ways around this of course, but the point isn't to STOP sharing (too costly), it's to make it a huge pain in the ass so that most people quit. 

Banning websites proper runs into the current net-neutrality rules. It's possible packet sniffing and banning, even for pirated material, might run afoul of the law (or the Constitution).

They could still do network analysis and ban peer-to-peer traffic totally, but they'll get shitstomped by people moving to IPs that don't ban it.

[bhodi]

It's very easy to isolate and QoS encrypted torrent traffic. Even encrypted, it's very easy to tell what it is, even if you can't read it.

This shit is all talk and no implementation, don't lose any sleep -- it's not going to happen. Filtering leads to liability and litigation...

[Morat20]

It's very easy to isolate and QoS encrypted torrent traffic. Even encrypted, it's very easy to tell what it is, even if you can't read it.

This shit is all talk and no implementation, don't lose any sleep -- it's not going to happen. Filtering leads to liability and litigation...

Ironic, isn't it? They're least liable as totally open gateways. You'd think they'd take the fucking hint.

[tazelbain]

You have to place it in the broader context of loss of net neutrality.  Sure, filtering won't be reliable, neither is RIAA honey pot system they use today.  A few blocked illegal downloads is just a sided show.  The key difference is to get the ISP to turn on its customers.  The loss of NN gives a new revenue stream to ISPs as an incentive to get into bed with the corporate content creaters.  So ATT gets a contract with NBC/Universal to give priority to official Heroes downloads and filter illegal Heroes Downloads. So now ATT has incentive to turn in the few illegal Heroes Downloaders so it can make more money off the official download.

Now if that is where it stopped, that would alright.  Because while I disagree the current copyright regime, it is the law.  But it really wouldn't stop there.  ISP are not in the habit of having excessive traffic available, so giving priority to some traffic will trend to degrade other traffic.  No need to cut in line if there are no lines.  So now apply this all the content out there on the internet, when ATT gets enough deals with corporate content creators, not only would this degrade unknown content but encourage intentional degration to drive people to corporate content creators.

The end game goes like this: unknown content becomes so slow everyone needs licence to do anything substantial with the internet.  Licences can be revoked without any due process if you even look at the corporate content creators.  That's it, corporations own the internet.  I suppose eventually unknown content will be equated the with whatever boogieman come after terrorists and be outlawed.  Free speech will die on the internet the way it has died on TV.

The only thing stopping it is NN and cusumer choice.  Buying off the politians will take care of the former and getting the major ISPs to buy in will take care of the latter.

[Trippy]

It's very easy to isolate and QoS encrypted torrent traffic. Even encrypted, it's very easy to tell what it is, even if you can't read it.

This shit is all talk and no implementation, don't lose any sleep -- it's not going to happen. Filtering leads to liability and litigation...

Nobody's stopped Comcast yet.

[Morat20]

Nobody's stopped Comcast yet.

Comcast is undoubtably doing network analysis to ID peer-to-peer. They're not peaking into the data stream, they're just wholesale blocking certain IP to IP traffic -- you can't encrypt that section of the packet.

Also, Comcast is a fucking dick, which is why I use someone else. I pay for my fucking bandwidth. If I use every fucking iota of it, so what? That's what I'm paying for.

[Krakrok]

Websites should/will switch to HTTPS everything. I've been thinking of doing it to all my sites.

[Morat20]

Websites should/will switch to HTTPS everything. I've been thinking of doing it to all my sites.

Who are you planning on using as a CA for that?

[Trippy]

Websites should/will switch to HTTPS everything. I've been thinking of doing it to all my sites.

SSL takes gobs and gobs of CPU time. Also that doesn't prevent them from filtering by port or traffic type (it's easy to identify HTTP/s traffic).

[Krakrok]

SSL takes gobs and gobs of CPU time. Also that doesn't prevent them from filtering by port or traffic type (it's easy to identify HTTP/s traffic).

I realize that which is why people haven't really started doing it until now. However, CPU speeds may be to the point where we can. For example, I can rent a 16Ghz 64-bit 2003 machine for $400 a month (see this article for some SSL performance numbers). Seems like they did 480 sessions a second on a 9.6Ghz server (so 41 million sessions a day?). I don't have a price point on new SSL Accelerator PCI cards at the moment. I'm seeing used ones for $300. Hell, I just moved the office fileserver/webserver to a 11.2Ghz machine.

Yes, you can filter by port but if you use the normal SSL port that everyone else is using (which banks use etc) then you can't much tell the difference (maybe you can at a lower network level I don't know).

The original idea was from here.


As far as a CA goes you can run your own if you really want to. It just causes a scary browser popup box. Or there are free CAs (see this article). If a douchbag can download a Bittorrent client they can download a Firefox plugin that disables the popup for CAs that aren't in the default list.

The purpose of it really isn't to hide BitTorrent style activity but to keep HTTP injections/shaping/filtering/metering etc. from happening like what the ISP in Canada did to send messages to users.

[Morat20]

As far as a CA goes you can run your own if you really want to. It just causes a scary browser popup box. Or there are free CAs (see this article). If a douchbag can download a Bittorrent client they can download a Firefox plugin that disables the popup for CAs that aren't in the default list.

Yes, but I don't trust your CA. If you just start randomly accepting certificates that can't be authenticated to a trusted root, or worst yet just start trusting random roots, you're going to fuck yourself pretty hard at some point.

What you're wanting to run HTTPS for doesn't really need authenticating -- I mean, who do I care if you're really you when all I want is your files -- but HTTPS sort of requires it.

I mean, hell, if you wanted to fuck the internet all you need to do is invalidate one of the bigger CAs. Force them to revoke their certificates. Business would grind to a halt until everyone recertified with someone else, or until the CA could reissuse good certificates.

[Krakrok]

Yes, but I don't trust your CA. If you just start randomly accepting certificates that can't be authenticated to a trusted root, or worst yet just start trusting random roots, you're going to fuck yourself pretty hard at some point.

Why?

[Trippy]

If you blindly accept self-signed certs then anybody can pose as Microsoft, Google, eBay, your banks, credit card companies, whomever.

[Morat20]

Yes, but I don't trust your CA. If you just start randomly accepting certificates that can't be authenticated to a trusted root, or worst yet just start trusting random roots, you're going to fuck yourself pretty hard at some point.

Why?

As Trippy says -- you'll end up sending shit you don't really want to send. :)

Basically, certificates act as a method of origin and identity integrity. Specifically, we're talking how do I know that guy is legit? It all comes down to Public/Private keys and distribution of those keys.

I can prove you are you if I take your public key, encrypt a message with it, send it to you, and you can echo back the plaintext to me. (Or more likely, verify I'm ME by sending it back to me encrypted in my public key). Or you can encrypt something with your private key and send it to me, and if your public key decrypts it I know you're you.

In fact, session keys for HTTP sessions are pretty much generated that way -- I log onto a website and immediately ask for a certificate (which contains your information, including your public key). But you might be lying, so I basically check who signed your certificate -- and then check them. Each check basically requires me to verify a digital signature using the signer's public key, which means I need their certificate. And it goes all the way up to a trusted root. The root I have "out of band". I trust him, and already have his public key. So I verify his signature, and thus I can validate all the way down. (He only signs people he trusts, etc).

That's the whole point of certificates. It's to allow me to just ASK for your public key, and be sure the one I just got is in fact yours.

It's designed to defeat a rather nasty man-in-the-middle attack. Say I'm A (user) and I want to buy something online from company B. Now, I go ask B for it's public key, so we can generate a secure session (the session key needs to be generated and passed between us securely). Say Hacker C just steps in the way. He intercepts my request for B's public key, and sends his own. He asks B for B's public key and gets it. Now he can be "invisible" between us -- decrypting my messages, reading them, reencrypting them with the correct public key, and sending them to the company. He's an invisible go-between, because he managed to replace my request for B's public key. When the session key is generated -- he can read it. Which means I can shop, buy my shit, have it actually delivered -- and he's just stolen my credit card information without me even noticing.

Ceritficates -- and CA's -- prevent this. Instead of asking company B for their public key, I ask for their certificate. Hacker C can't forge that, because it's digitally signed -- if he changes or replaces B's public key, the signature won't match and I'll reject it. BUT if I'm stupid enough to put in a whole bunch of CA's as "trusted" that aren't -- say, one's he's made -- he can create his own certificate that validates all the way up to a trusted root. Then he can steal the session key.

You really, really, REALLY don't want to add CA's as "trusted" unless you really trust them. They're the linchpin of all online commerce.

[Krakrok]

You do realize that for say $2k I can set up a US corporation over the internet, get a signed certificate from Thawte (which is owned by Verisign and is a root CA in both IE and FireFox), and the only verification they do is call on the phone (which could be VOIP) and say 'Are you, you?'? Seems like security through obscurity to me which isn't 'secure' in the sense you mean at all.

Here is a free certificate from a mainstream CA. And here is their  no ID check (security only) SSL cert. Root CA in 99.3% of browsers they claim.

How does that stop me from pretending to be your bank? Consumers don't click the 'secure' icon of the browser to verify that it's signed by whatever and verified by 'Verisign' etc. I know I don't.


Here's the Firefox dialog that lets you temporarily accept a certificate.

[Morat20]

You do realize that for say $2k I can set up a US corporation over the internet, get a signed certificate from Thawte (which is owned by Verisign and is a root CA in both IE and FireFox), and the only verification they do is call on the phone (which could be VOIP) and say 'Are you, you?'? Seems like security through obscurity to me which isn't 'secure' in the sense you mean at all.

Here is a free certificate from a mainstream CA. And here is their  no ID check (security only) SSL cert. Root CA in 99.3% of browsers they claim.

How does that stop me from pretending to be your bank? Consumers don't click the 'secure' icon of the browser to verify that it's signed by whatever and verified by 'Verisign' etc. I know I don't.

Yes, you can temporarily accept (or permanently accept) certificates or certificate authorities. It's just not a good idea. And your original statement was, in effect, stating "Users should just start implicitly trusting CAs and rootCA's." which is a bad idea.

And yes, it's quite easy to get a certificate. It's supposed to be. They're in the busy of granting certificates. Here's part of a basic certificate (borrowed from wikipedia) :
Version: 1 (0x0)
       Serial Number: 7829 (0x1e95)
       Signature Algorithm: md5WithRSAEncryption
       Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc,
               OU=Certification Services Division,
               CN=Thawte Server CA/emailAddress=server-certs@thawte.com
       Validity
           Not Before: Jul  9 16:04:02 1998 GMT
           Not After : Jul  9 16:04:02 1999 GMT
       Subject: C=US, ST=Maryland, L=Pasadena, O=Brent Baccala,
                OU=FreeSoft, CN=www.freesoft.org/emailAddress=baccala@freesoft.org
       Subject Public Key Info:

I've bolded the important part -- the Common Name. Another part of certificate verification is checking the common name against the host. They're not really verifying "identity" as in "Are you really the Bank of Zurich" -- they're checking "Are you really HostName:Host". The cert you can get is only valid if I get it from the hostname you gave them.

So take our man-in-the-middle attack -- to succeed you have to first get a legit certificate that utilizes the hostname of the site you're going to fake. Which is rather hard, as the trusted CA's that are accepted by default for most browsers sort of check those things. So you have to basically validate up to a fake or untrusted CA, which means getting the user to accept it.

Yes, you CAN successfuly prosecute a man-in-the-middle attack by convincing users to accept certificates that are invalid, or cannot be verified. Nothing is perfect. But if you want to ensure that happens, you create a world wherein people just...accept certificates willy-nilly and add in CAs as trusted rootCA's without thinking.

Now, I don't know about Joe User -- but if my bank suddenly throws a certificate error, and my computer pops up a message that states "There's a problem here, and it could be someone is trying to obtain confidential information" -- I'm going to come back later, NOT accept the certificate.
 

[Krakrok]

Yes, you can temporarily accept (or permanently accept) certificates or certificate authorities. It's just not a good idea. And your original statement was, in effect, stating "Users should just start implicitly trusting CAs and rootCA's." which is a bad idea.

But if you want to ensure that happens, you create a world wherein people just...accept certificates willy-nilly and add in CAs as trusted rootCA's without thinking.

Now, I don't know about Joe User -- but if my bank suddenly throws a certificate error, and my computer pops up a message that states "There's a problem here, and it could be someone is trying to obtain confidential information" -- I'm going to come back later, NOT accept the certificate. 

What I said was "If a douchbag can download a Bittorrent client they can download a Firefox plugin that disables the popup for CAs that aren't in the default list.". I didn't advocate encouraging people to click through scary popups.

How having a browser plugin that auto accepts temporary SSL certs is going to cause your bank to give you scary popups I'm not quite sure.

You still haven't demonstrated to me that the current root CA system is somehow 'secure' and that adding a local CA on more web servers than currently exists is somehow going to destabilize e-commerce as we know it. Mainly because I don't trust the current root CA system to be secure. It gives a facade of accountability but that is all.


I only assume you latched onto the CA part of the HTTPS idea because it provides a central authority which could be subverted at the government or ISP level for packet shaping/metering/filtering/blocking purposes. Otherwise I have no problem using the current root CA certs (other than it's a cost barrier to entry for having a website). Registrar providers could optionally provide a CA for every domain they handle.

[JoeTF]

How to Bypass 101:

Build in basic encryption into BitTorrent.

I thought about that.  Fix for the fix: ban popular Torrent sites.  On a more sophisticated level, perform a man in the middle attack - many web boxes do this now as a feature.  Should custom protocols arise (ie, BTEncrypt or whatever), ban those.  Peer to peer doesn't matter much if you can't get to pirate bay.  There's ways around this of course, but the point isn't to STOP sharing (too costly), it's to make it a huge pain in the ass so that most people quit. 

They have been doing all of that for a year or so already.

One thing that pisses me of is that legitimate government have to go through loads of redtape and effort* to put a wiretaps on single guy, while those ISP fucks get to eavesdrop on everyone 100% of time. I don't want anyone without warrant reading through my private communications, which is exactly what fully automated, content-aware filter does. It's incredible responsibility FFS! Knowing how telcom admins work, I'm pretty sure one day after system goes live it will be used to filter out credit card numbers or homemade porn jpgs.

   
Oh, and the funny thing is it's actually much, much cheaper to double the bandwidth than to fuck around with filtering.

[Morat20]

You still haven't demonstrated to me that the current root CA system is somehow 'secure' and that adding a local CA on more web servers than currently exists is somehow going to destabilize e-commerce as we know it.

It won't. It's a bad idea only in the same sense that "Downloading video codecs off the internet" is a bad idea. If you get into the habit of just trusting malformed certificates, unverifiable certificates, or installing CAs as "trusted" willy-nilly, you're just going to fuck yourself.

Destabilizing e-commerce was a tangent -- if you could force the main root CA's to decert their certificates, you'd shut down vast swathes of the online world. They're the linchpin for e-commerce, because certificates are the basis for how secure sessions are created.

Mainly because I don't trust the current root CA system to be secure. It gives a facade of accountability but that is all.

I'm sure the people running the banks would love to hear that.