[liberationtech] Appelbaum's Ultrasurf report

[Jacob Appelbaum]

Hi x z,

On 04/18/2012 02:42 PM, x z wrote:
> Thanks Jacob for your detailed reply. I have some more comments below (the
> last two points are more important than the first two).
> 
> - Re Ultrasurf's block page featuring advertisement. Yes, from a purist's
> point of view, advertisement and money have some intrinsic evilness in it,
> but we have to accept it in the real world. The block page attaching a
> Google Analytics cookie is not great for privacy or anonymity. Yes I think
> they should disclose this, but this deserves a warning, not "condemnation"
> as it appears to be.

It's not about purism - it's about the practical nature of tracking
users. This is not a critique of capitalism or anything of the sort. The
point is that they should _not_ do it, if they also claim to be
anonymous, untrace/untrack-able, and so on.

Perhaps we disagree on this point but clearly, they agreed enough to
change it - ironically to something perhaps worse. Sigh.

> 
> - The nature of Ultrasurf blocking porn *is* different to government
> censorship - the latter is forceful, the former is not, one can easily use
> other tools to access porn, people do have choices here.
> 

What other choices do they have? If we accept the circumvention tools
don't actually circumvent all blocks, what has been created? Seems
pretty weird.

Neither is transparent and frankly, if LGBT users are using the tool,
they don't deserve some kind of liberation? This is why censorship of
any kind is pretty much a disaster - combine with the fact that they try
to profit from that disaster? I find that perhaps ironic but certainly,
I find it in bad taste.

They're not exactly the same but I think it's a distinction without much
of a difference.


> - You said "*Yes, I find that actually a useful way to test if a tool would
> even work at all in China - can users of the tool access sites in China?*"
> - I think we should clarify what "work" and "block" means. A user in China
> does not need to use Ultrasurf to browse websites hosted inside China, he
> uses Ultrasurf to surf the internet outside GFW. The fact that GFW blocks
> access *from* Ultrasurf does not indicate that Ultrasurf does not *work*.
> Yes, when a Syrian user wants to use Ultrasurf to visit sites hosted in
> China, it'll fail, but does it matter?

Actually, it does! That's the amazing part!

As far as the tool "working" - If Ultrasurf tries to connect to
65.49.14.0/24 at start up, we can infer from the test I mentioned that
this will fail to connect. Sure enough - that is the result!

Regarding non-functional access - the internet is fragmented, it is sad
but also a reality. We should not contribute further to that
fragmentation, we should seek to correct or route around the damage.

Furthermore - what happens when a user in China can't access sites in
China from the tool? I suspect it may cause the user to unproxy
themselves, with other windows open and well, uh oh.

> 
> - The last point is what I want to stress, you stated that "a key idea must
> be to think beyond circumvention" at the very end of your long reply to me.
> I think this point is the fundamental reason for the tension between you
> and Ultrasurf. Security, anonymity and privacy (SAP) are very important, I
> agree with it, but I also think that *circumvention in itself* is important
> as well. What China (I don't know the other countries) needs most
> *is*circumvention, whileas SAP is only icing on the cake. This is why
> Ultrasurf
> has been so popular and has benefited the world hugely.

Chrome isn't a circumvention tool. It has a secure automatic updating
tool. It would be absolutely insane if Google said "oh whatever, we're
just a web browser" and didn't offer a secure way to update Chrome.

You can't have effective circumvention that presents no risks without
being honest about the security and privacy needs of your users. I think
it's possible to do it without anonymity but I think that is actually
the wrong course of action. We see this in reality by the fact that
Ultrasurf has been served with some kind of legal process and has, as I
understand it, given up data to someone claiming to be law enforcement.

What user's of the software need most is circumvention, perhaps. But
security, privacy, and anonymity are part of the circumvention picture.
It's not just about hopping over a firewall. BASE64 encoding isn't
enough, even if it "works" for getting past content filters. We have to
think beyond that and to really develop threat models, designs and so on.

> 
> Lastly, I must add that your Ultrasurf study and report are very useful and
> extremely important in making Ultrasurf more secure and force them to be
> more honest in their marketing.

Thanks.

All the best,
Jake