[liberationtech] Appelbaum's Ultrasurf report

[x z]

Hi Jacob,

2012/4/18 Jacob Appelbaum <jacob at appelbaum.net>

> Hi x z,
>
> On 04/18/2012 02:42 PM, x z wrote:
> > Thanks Jacob for your detailed reply. I have some more comments below
> (the
> > last two points are more important than the first two).
> >
> > - Re Ultrasurf's block page featuring advertisement. Yes, from a purist's
> > point of view, advertisement and money have some intrinsic evilness in
> it,
> > but we have to accept it in the real world. The block page attaching a
> > Google Analytics cookie is not great for privacy or anonymity. Yes I
> think
> > they should disclose this, but this deserves a warning, not
> "condemnation"
> > as it appears to be.
>
> It's not about purism - it's about the practical nature of tracking
> users. This is not a critique of capitalism or anything of the sort. The
> point is that they should _not_ do it, if they also claim to be
> anonymous, untrace/untrack-able, and so on.
>
> Perhaps we disagree on this point but clearly, they agreed enough to
> change it - ironically to something perhaps worse. Sigh.
>
> >
> > - The nature of Ultrasurf blocking porn *is* different to government
> > censorship - the latter is forceful, the former is not, one can easily
> use
> > other tools to access porn, people do have choices here.
> >
>
> What other choices do they have? If we accept the circumvention tools
> don't actually circumvent all blocks, what has been created? Seems
> pretty weird.
>
> Ultrasurf is only one tool, there are tons of other tools, including Tor,
that people can use. A circumvention tool does not need to be perfect to be
useful.

Neither is transparent and frankly, if LGBT users are using the tool,
> they don't deserve some kind of liberation? This is why censorship of
> any kind is pretty much a disaster - combine with the fact that they try
> to profit from that disaster? I find that perhaps ironic but certainly,
> I find it in bad taste.
>
> I'm not sure if LGBT is even relevant here. I don't agree with you that
"censorship of any kind is a disaster".

They're not exactly the same but I think it's a distinction without much
> of a difference.
>
>
> > - You said "*Yes, I find that actually a useful way to test if a tool
> would
> > even work at all in China - can users of the tool access sites in
> China?*"
> > - I think we should clarify what "work" and "block" means. A user in
> China
> > does not need to use Ultrasurf to browse websites hosted inside China, he
> > uses Ultrasurf to surf the internet outside GFW. The fact that GFW blocks
> > access *from* Ultrasurf does not indicate that Ultrasurf does not *work*.
> > Yes, when a Syrian user wants to use Ultrasurf to visit sites hosted in
> > China, it'll fail, but does it matter?
>
> Actually, it does! That's the amazing part!
>
> As far as the tool "working" - If Ultrasurf tries to connect to
> 65.49.14.0/24 at start up, we can infer from the test I mentioned that
> this will fail to connect. Sure enough - that is the result!
>
> From my limited knowledge of Ultrasurf, this is one of its main technical
limitations. Ultrasurf has to update it frequently. The lifespan of a
version is quite short in China, since Chinese authority is actively
looking to block Ultrasurf's server IP ranges. Chinese users usually get
new versions via email or from other channels. This is probably less an
issue in other countries.

Regarding non-functional access - the internet is fragmented, it is sad
> but also a reality. We should not contribute further to that
> fragmentation, we should seek to correct or route around the damage.
>
> As far as I know, there's not a lot of good stuff inside China that people
want to access from outside; and also, China's GFW rarely blocks
foreigner's access to content in China. So, few people need circumvention
tools to access content in China. I feel your claim that "(Ultrasurf)
*contribute
further to* the *fragmentation*" is rather moot.

Furthermore - what happens when a user in China can't access sites in
> China from the tool? I suspect it may cause the user to unproxy
> themselves, with other windows open and well, uh oh.
>
> This is not a big deal at all. A typical Chinese user has multiple
browsers, one with proxy to access websites outside GFW, another to browse
domestic websites directly. Of course this is an area for improvement, but
not a deal killer.

>
> > - The last point is what I want to stress, you stated that "a key idea
> must
> > be to think beyond circumvention" at the very end of your long reply to
> me.
> > I think this point is the fundamental reason for the tension between you
> > and Ultrasurf. Security, anonymity and privacy (SAP) are very important,
> I
> > agree with it, but I also think that *circumvention in itself* is
> important
> > as well. What China (I don't know the other countries) needs most
> > *is*circumvention, whileas SAP is only icing on the cake. This is why
> > Ultrasurf
> > has been so popular and has benefited the world hugely.
>
> Chrome isn't a circumvention tool. It has a secure automatic updating
> tool. It would be absolutely insane if Google said "oh whatever, we're
> just a web browser" and didn't offer a secure way to update Chrome.
>
> Google is a big company with abundant resources and big responsibilities.
It is unfair to ask Ultrasurf to hold the same high standard as Google,
because it lacks the resources and it has its own priorities.

You can't have effective circumvention that presents no risks without
> being honest about the security and privacy needs of your users. I think
> it's possible to do it without anonymity but I think that is actually
> the wrong course of action. We see this in reality by the fact that
> Ultrasurf has been served with some kind of legal process and has, as I
> understand it, given up data to someone claiming to be law enforcement.
>
> What user's of the software need most is circumvention, perhaps. But
> security, privacy, and anonymity are part of the circumvention picture.
> It's not just about hopping over a firewall. BASE64 encoding isn't
> enough, even if it "works" for getting past content filters. We have to
> think beyond that and to really develop threat models, designs and so on.
>
> Circumvention and SPA (security, privacy, anonymity) are two things. What
most people in China, Syria and other repressive regimes need most is the
former. SPA are for those who involve in sensitive activities, this is an
important group, but a very small group too. I think this is a critical
point the developers should keep in mind - what is your software's use
case? what is the other guy's software's use case?

Best,

>
> > Lastly, I must add that your Ultrasurf study and report are very useful
> and
> > extremely important in making Ultrasurf more secure and force them to be
> > more honest in their marketing.
>
> Thanks.
>
> All the best,
> Jake
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20120420/0762c655/attachment.html>