[liberationtech] on the traceability of circumvention tools

Helen Belcastro hbelcast at dsv.su.se
Wed Sep 15 23:17:22 PDT 2010 

Hey all,

I am attending the Internet Governance Forum in Vilnius, discussing many
crucial issues, among others, security risks, intellectual prop rights,
freedom of expression and responsibility of intermediaries, Internet/ICT
for development etc, etc.
Are you here?

Helen Belcastro
ICT Governance Advisor
SPIDER - Swedish Program for ICT in Developing Regions
>
> I read the latest quotes from Evgeny and Jacob Appelbaum and see that they
> are criticizing Haystack mainly on the basis of security risks. To me, the
> main problem with Haystack has been that Austin Heap misled the public to
> believe the software was widely distributed and used in Iran. This is a
> case of personal failure, and I would caution against bringing security
> risk arguments into the mix. I believe that overemphasizing the
> security/traceability risks can potentially harm the circumvention
> community at large.
>
> Haystack does have some security risks. I was given a copy of the software
> a few weeks ago to send to testers in Iran. I ran the software locally and
> inspected its traffic. Haystack was connecting to a single IP each time I
> ran it. If that specific IP was shared among all the copies of Haystack,
> and if the Iranian government could obtain a copy of the software, it
> could find all the other test users. One way to reduce this risk is to use
> the minimum number of testers required and limit the tester group to
> trusted individuals. To Haystack's credit, they told me not to give the
> software to more than two people and to ask them not to share it. A second
> problem I saw was that Haystack was sending queries to two specific
> websites each time it launched. I wrote about this to Haystack's team and
> mentioned that such queries can easily be detected by header inspection of
> packets. I was told that the issue would be fixed in the production
> version and that they will use a much larger li
>  st of websites in the queries.
>
> These problems may have put testers at a higher risk than was necessary.
> However, in the context of wider usage of circumvention tools, I do not
> think that the Haystack team put testers in serious danger. Almost all
> circumvention tools, including Tor and Ultrasurf, can be traced. However,
> circumvention tools are not illegal in Iran and most people do not feel at
> risk using them.
>
> There are many ways of detecting circumvention tools. For example, when
> you launch a circumvention tool, the software goes through an
> initialization process to figure out how to connect to the outside world.
> Often it starts by trying a limited set of IPs in the hundreds or
> thousands.  A government can run one or more copies of the software to
> discover a fair share of these IPs. It can then determine who has tried to
> connect to the IPs and locate them. In practice there are better ways to
> detect usage of tools such as Ultrasurf or Tor; the applications have
> different signatures in the type of packets they send in the first few
> seconds after launch. Governments can monitor the packet traffic to detect
> usage or block the applications.
>
> While it is well known that circumvention tools are traceable, it has not
> impeded their use in Iran. Using circumvention tools is not illegal in
> Iran (and it seems anywhere else in the world). Hundreds of thousands of
> Iranians are using circumvention tools on daily basis and are not afraid
> to say so publicly. Even supporters of the Iranian government use them to
> write on censored websites such as Friendfeed.
>
> Can traceability be a problem? Yes, in theory it can. Iranian government
> can decide one day to round up a few Haystack users to embarrass Hillary
> Clinton for supporting it, or alternatively can round up a few Tor users
> and charge them with espionage for using a tool sponsored (in the past) by
> the US Navy. These are all hypothetical risks to consider of course. But
> as far as we know these things have never happened.
>
> Any risks associated with the traceability can be largely mitigated by the
> wider use of circumvention tools. For example, owning satellite TV
> receivers --unlike circumvention tools-- is illegal in Iran but they are
> so widely used that people are not feeling insecure. Even the seasonal
> scare tactics of the police breaking into a few houses and confiscating
> satellite dishes and ticketing the owners have not reduced the wide
> adoption, which is now estimated to be at 40% of all the households.
>
> The damaging part of the traceability-risk argument for to the rest of the
> circumvention tool initiatives is that  non-traceability of circumvention
> tools in highly controlled networks--whether it's  Iran, China or a
> private company's network-- is too high of a standard to achieve, and I
> can argue in a separate note that it is not a critical property for
> circumvention tools to have anyway.
>
>
> -mehdi
>
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>

More information about the liberationtech mailing list