Peek-a-Boo(ty) 297
Anemophilous Coward writes "Tom's Hardware has a story detailing cDc's new anonymity app, just demonstrated Sunday. Peek-A-Booty is designed to let surfers access sites blocked by government restrictions, and is essentially, a distributed proxy network. It uses a peer-to-peer model, masking the identity of each node. This means the user can route around censorship that blocks citizens' access to specific IP addresses, because the censor doesn't know they're going there. There is also a website dedicated to the project."
Re:Good for some, nightmare for others (Score:2, Insightful)
What exactly does that have to do with security? Doesn't a "security manager" have anything better to do? If anything, be concerned because it's an encrypted channel for information to move in an out, not that someone might <gasp> be doing some personal surfing on the job</gasp>.
If these sorts of applications make it harder for security "managers" to play Network nazi (small 'n'--Godwin's law does no apply here), that that is an added benefit, so far as I see.
Re:Good for some, nightmare for others (Score:3, Insightful)
The more inspired drones have installed Opera, which doesn't require administrator access to install in Windows. They could presumably use PB. They're a small minority, though.
Re:Good for some, nightmare for others (Score:2, Insightful)
Cat
Re:Good for some, nightmare for others (Score:3, Insightful)
Additionally, your security policy should have language forbidding the use of non-authorized software, thus making the use of said software a fireable offense.
Re:Good for some, nightmare for others (Score:3, Insightful)
Er, good side: USA. To find DeCSS or similar tools without fear of prosecution, for example, or to keep spreadin' the news that "Censorship bad, even when it's done by a (heh) democratically (heh heh) elected (heh heh heh) administration."
Depends on what your job is. If your job is to protect the bank from liability, anonymised browsing allows you to state with certainty "Nobody can link us or our employees with porn surfing. Not us, not nobody."
If you've been tasked with catching a known baddie in the act (perhaps at preteenlolitas.com), then you've got keyloggers, machine caches (they don't have admin access, right?) or just drop VNC [att.com] on their machine and catch them with their pants down, so to speak.
I appreciate your concerns, but really, wouldn't it actually make your job easier if users showed a little courtesy and consideration, and stopped waving their dodgy surfing habits in your face (so to speak)?
Comment removed (Score:2, Insightful)
Re:Good for some, nightmare for others (Score:4, Insightful)
So what you're saying is: "On the good side, fundamental human rights. On the bad side, makes life harder for pointy haired bosses who feel that lunch breaks spent playing cards are fine but lunch breaks surfing porn are an abomination.
And this gives you mixed feelings???
This still won't work! (Score:5, Insightful)
The problem: Say I'm a user who wants to connect to a Peek-A-Booty network. I need to get the address of a node to connect to. How do I get this? The obvious solution, and the one used for Gnutella and other peer-to-peer apps, is to publish a list of nodes (or at least one). But that won't work here -- because then the censors can use the same list to track down the nodes and block and/or disable them. This is especially problematic if you're using Peek-A-Booty as it claims it is meant to be: if you're in a country that filters access (say, China) and the government can track down the users trying to circumvent the filters, they can and will punish/torture/kill those people.
Peek-A-Booty has not solved this problem. Read what Tom's article has to say about it:
That's right -- the only way to connect to a Peek-A-Booty network is word-of-mouth, which is horribly ineffective. Finding a node will be extremely difficult unless you know the right people, and then it's very easy for the censor to ruin it. Trust the wrong person, and your whole network is exposed. Government spies could give out addresses that the claim are Peek-A-Booty networks, then catch anyone who tries to connect to those. Worst of all, they could just offer some huge incentive to people for turning in their friends.I hate to say it, but this system simply isn't ready yet. They have not come up with a technically sound solution.
Re:public proxy (Score:3, Insightful)
My guess is that that's exactly what will happen in restrictive environments if this becomes widespread. A corporate/state "whitelist" will be used to list acceptable sites and all others will be forbidden. If something is found that might be useful, the powers that be can be petitioned to add it to the whitelist. This will of course castrate the power of the net in those restrictive environments, but that's precisely the point, particularly in China.
There's a slight problem here (Score:2, Insightful)
Re:There's a slight problem here (Score:2, Insightful)
Re:Good for some, nightmare for others (Score:5, Insightful)
That doesn't really matter, though. The most vulnerable part of any corporate network is its users, now. A user who's violating the acceptable use policies for his or her employer's network is an automatic security risk. First, such an employee becomes a possible blackmail target. In the case of porn, a network admin must bar porn on a professional network because of the possibility of a sexual harassment suit being filed against the company. That means that the AUP must make accessing such materials through the corporate site a disciplinable offense...hey, presto, instant blackmail. Second, though, any user who is actively subverting procedures put in place to prevent such abuse must believe that he or she "knows better than you do". Although the user's right in the vast bulk of cases, the cost in those rare cases where they're wrong is disastrous. What if the site is malicious? If they can get around your barriers, then what else are they downloading? Do they necessarily even know? How tight are the barriers around their machines?
Would you be willing to bet the company on their care?
Re:This still won't work! (Score:4, Insightful)
And they never will. Why? Because the problem they are attempting to solve is not a purely techincal one. Censorship is a political issue (e.g. involves people, not just machines) and as such demands a political component to it's resolution.
The merit of the program sits on the notion that repressive countries cannot afford to blockade the internet wholesale in order to control access to the proxy network. Ergo the success of the project is based on enough people in non-firewalled countries participating. And this doesn't just mean a lot of p2p proxy nodes, it also means a lot of people publishing a list of gateways.
Much like in the world of warez, the massive proliferation of information would make it difficult if not impossible for the censoring agent not only to keep up with the number of IPs that serve as proxy nodes, but also to keep up with the number of websites that point to potential gateways.
Look, this is a software project designed to break the laws of repressive countries. As such, it will never be a "technical solution" to the problem. At best (and this is what I think they're going for) it is a technical aid in the struggle for freedom. I say cheers to them.
Re:Good for some, nightmare for others (Score:4, Insightful)
Look for the worst and you'll always find it. (Score:4, Insightful)
I don't mind helping everyone equally. Even sexual predators- there are other ways to catch them.
Sorry, kiddie porn is not a trump card with me.
Re:OK, but.... (Score:2, Insightful)
So it would show up as a lot of connections to various IP's, not one single bannable IP.
Re:New trend in /. posting? (Score:1, Insightful)
His media system is not perfect, but it follows some of the same principles that this new sofware follows. The Diamond Age was published in Feb 1995, if you can even remotely describe a technology that will not be invented for 7 years I will be impressed, even if you don't work out all the bugs right now.
This works now (Score:4, Insightful)
Millions of drug users use this model quite happily.
Re:Good for some, nightmare for others (Score:2, Insightful)
Nomenclature (Score:2, Insightful)
This should not be released under the cDc name. (Score:2, Insightful)
Peek-a-booty appears to be a valid program, and may even be really useful for people who have governments blocking them from freely accessing the internet. However, I do think that they should get rid of the cDc name, mainly because cDc is associated with lame backdoor trojans by a lot of people. Also, if it ever got mainstream media attention, it is likely that they would start the article by saying something like: "cDC, the makers of the infamous backdoor trojan program Backorifice...". This is likely to scare people from installing it.
Just my two cents...