Peek-a-Boo(ty)

Anemophilous Coward writes "Tom's Hardware has a story detailing cDc's new anonymity app, just demonstrated Sunday. Peek-A-Booty is designed to let surfers access sites blocked by government restrictions, and is essentially, a distributed proxy network. It uses a peer-to-peer model, masking the identity of each node. This means the user can route around censorship that blocks citizens' access to specific IP addresses, because the censor doesn't know they're going there. There is also a website dedicated to the project."

Good for some, nightmare for others

[Dark Paladin]

I can see both the good and bad of this application.

On the good side: China. Folks over there who have to deal with the gigantic "Firewall O' Death" (also known as the "Damn it, Communism works so stop reading about how it doesn't" Firewall) can possibly use this tool to get to the outside information they need to keep spreadin' the news that "Information good."

On the other side, as a Security Manager in a bank who's sometimes asked to go find out if person XYZ has been accessing nakedhairyeyebrowedcheerleaders.com, I can see how this utility might make it impossible for me to do my job.

So I've got mixed feelings on this utility.

Easily blocked too...

[Nijika]

THe problem is restrictive governments have people on staff to look for stuff like this. This app (while I haven't tested it) pulls from multiple sources. I like the idea a lot. Sorta moving towards a P2P web network where you can browse content like you do now but peer to peer rather than client / server.

Isn't it ironic...

[devaldez]

...that the peek-a-booty website requires registration?! I thought the whole thing was directed toward anonymity.

The day an anonymous website gets registration info from me is the day I cross completely into PHB syndrome.

So, who is using my computer?

[kryzx]

Ok, the premis sounds good, peer to peer to route around restrictions. But if I'm in the peer network, does that mean others are accessing sites they can't get to through my computer? So will goatse.cx be showing up in the company logs next to my computer's ip address? If I'm proxy serving for someone who can't get to it, it seems likely.

There are risks associated with this...

[Graabein]

Those who need this most are perhaps people fighting against human rights abuses and living under oppressive regimes. The problem is that the simple act of installing Peek-a-Booty could potentially put these people at risk.

Furthermore, since the software acts as a proxy service, this means that anyone, anywhere could potentially be hosting controversial material at any given time.

The cDc acknowledges this, in an interview with The Register [theregister.co.uk]:

"The app can be obscured, but not hidden as you correctly point out. We are going to give advance briefings to grassroots organizations who will act as one distribution chain; risk assessment will be part of that. Obviously, if someone is already on 'state radar', they would not be a suitable candidate," cDc member Oxblood Ruffin told us.

The above is from an article dated July 2001, so it might not be entirely up to date. Still, think twice and do your own research before installing if you for some reason are afraid of having the authorities come knocking on your door.

Gang mentality?

[Anonymous Coward]

Hmmm... gangs act in funny ways. They often think if they conduct illegal activites en masse they are somehow shielded from the law.
I certainly would not want to use an anonymous network where some sicko could be using your computer to conduct their crimes. Do you think the cops would really understand or care how those files got onto your computer? No. Off to jail you go.

Spooky prediction

[Rogerborg]

The Great Rogerborgio will make a spooky prediction. When Peek-a-Booty 1.0 reaches 100,000 downloads, a story will break that the client contains a hostile trojan that lets "evil hackers" take control of your machine, impersonate you, steal your credit card details, and screw your shrieking girlfriend in the ass while you watch helplessly, tears of frustration streaming down your shocked, betrayed face.

The story will be submitted by a "credible group of anonymous white hat hackers" and run - unquestioned - by BBC Online and - slightly questioned, at best - by Reuturs, and every other online news source will pick it up from there and spread it as gospel truth.

It will not be true. It will be Fear, Uncertainty and Doubt, pure and simple. Many interested parties will want Peek-a-Booty to fail. In fact, there are so many - governmental and industrial - that even the Great Rogerborgio cannot peer through the mists of time sharply enough to determine the culprit.

But it will happen. And remember, you read it here first.

Aims & Reality

[greygent]

While the aims and goals of this project are commendable, I can't help but think that this program will be utilized moreso by old men wanting to look at kiddie porn safely, than those in oppressed countries.

One can simply see this trend with the GNUtella network, and monitoring the search strings people send out. They're full of stuff such as "hairless pre-teen sex" and "dogs fucking women".

I'd be much more interested in running Peek-A-Booty if it had some sort of information-type limiting, but this would go against the whole basic concept of the program. I'd be glad to assist those who are oppressed, but WILL NOT help sexual predators and the like.

Maybe people who want to help those in oppressive countries should throw up rogue squid proxy servers with bandwidth rate limiting and perhaps some client access limiting (*.cn, *.ru, and soon, *.us). This is what I do and it works quite well.

I don't even advertise it, but quite a few people find it and use it (mostly people in southeast asia, actually)

Re:Good for some, nightmare for others

[R2.0]

I hope you can keep your ideals when some bank employee surfing for his lunch break masturbation material hits a malicious site. You'll get your account balance back eventually, but not before a bunch of bounced checks and no cash from the ATM ruin your life for a while.

And before you say that drones' computers don't have that kind of access, remember: it's always the higher ups that think the rules don't apply to them. How about Mr Branch Manager or Ms VP/Accounting getting their workstation compromised?

Another Diamond Age prediction true?

[wickidpisa]

Doen't this system remind anyone of the media network in Neal Stephenson's The Diamond Age? Information gets passed from one place to another by different people, so that no one can tell where the person on the other end is. Looks like another one of Stephenson's ideas has become a reality.

Here is what will happen...

[RexRuther]

... some cracker will set up a node that, when asked for a web page, issues spam instead.

... or worse yet the web page requested with spam interspearsed.

That will be the end of that.

The End. (uggh) Nice idea though!

New trend in /. posting?

[Slothrop]

'Look! Neal Stephenson was right in !' He's not that great people, nor all that presicent. Most of the science in the Diamond Age was bad or ill-concieved, and even the media system is somewhat mangled and unworkable. It involves a really major paradigm shift that he never bothers to explain. That said, I like most of his books, except for the constant and irritating moralizing that he's doing more and more with each book. The Diamond age is stuffed to the ears with 'magic', not tech, so I wish that people would stop crowing that the man is right all the time. He's basically a conservative commentator that writes Sci-Fi. That doesn't make him bad, but it also doesn't make him a futurologist (which wouldn't make him nessecarily more correct anyway, looking at some of the lastest stories here.).

Employee surfing - hard learned lessons

[nomadicGeek]

I see a lot of posts which seem to imply that employee surfing should be ignored. Why is it a big deal if an employee does some personal surfing? Why not measure an employee's productivity and leave it at that?

I used to work at a company that had a very liberal internet use policy. We were pretty early adopters as far as the corporate world goes. We wanted people to use the Internet as a tool and didn't want to micromanage or scrutinize its usage.

Over the years we had to tighten our policy as abuses started to mount. The final straw was an idiot who was collecting kiddie porn and saving it on our network server! We immediately notified the police and he has arrested and prosecuted. The guy literally had hundreds of pictures carefully organized into directories to categorize them. It was obvious (1) that he had been doing it for a while, (2) he had invested a great deal of thought and time in these activities.

The company was dragged into the employee's defense trial. We spent a lot of time and money on attorneys, depositions, etc. It was a nightmare. We were forced to implement a system to control and monitor access to the Internet to insure that this type of thing did not happen again. It is one thing to get caught in that type of situation once but it can't happen again.

So we spent a lot of time and money watching and controlling Internet access. It sucks but it only takes one idiot to mess things up for everyone and there are a lot of idiots out there.

I still think that ideally Internet usage should be the employees' responsibility but in the real world things often get much more complicated.

Re:Good for some, nightmare for others

[Strog]

I was a network admin at a 1/2 billion dollar bank (not too big as banks go). I went to quite a few banking technology meetings and the push has been to Windows based for a while now but terminals are starting to come back into favor. At least a couple of the mainframe software vendors use a proprietary communication software that runs on Windows. They have been migrating to web based apps so you could use whatever you want. I was a little concerned when the new sorter was running off an NT box that was communicating to a dedicated NT server. There were some issues at first but it actually has run well otherwise.

I live in the Midwest and 90% of the banks that I have had interaction with have used MS based computers across the board with a mainframe running the critical stuff. I found out that a lot of banks were running online banking services with little or no firewall protection. At first I thought it was a fluke but I quickly found out it was fairly common in the smaller banks. These institutions would be fairly easy prey for someone with a little knowledge that wouldn't be hard to obtain. I admit I have limited experience in a specific locale so do what you want with my stats.

depending on source license && availabilit

[Herr_Nightingale]

I believe that Peek-a-Booty will be GPL'd, or at least open-sourced.. in that case, one would simply distrust the binaries and compile (or DL from trusted site) the program locally.
As far as it goes, however, Back Orifice is notable as one of the trickier trojays to ferret out .. it's a neat piece of code. Assuming the widely-heralded P-a-Booty is coded to the same high standards, I would very much like to get ahold of it.