Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

SSL Encryption Coming To The Pirate Bay

Posted by Soulskill on Sun Jun 22, 2008 11:20 AM
from the privacy-arms-race dept.
Privacy Encryption Security The Internet
An anonymous reader writes "The Pirate Bay, in response to Sweden's new wiretapping law, will start offering SSL encryption to its user base this week. Although copyright issues really have little to do with national security, The Pirate Bay knows its population is uneasy with the recent legal change. The encryption will mostly benefit Swedish users living under the current law. Since The Pirate Bay and its servers are not hosted in Sweden, the additional security offered to outside users could be comparatively minimal."
+ -
story

Related Stories

[+] Politics: Wiretapping Law Sparks Rage In Sweden 344 comments
castrox writes "This Wednesday at 9am the Swedish Parliament is voting on a new wiretapping law which would enable the civil agency (FRA — Defense Radio Agency) to snoop on all traffic crossing the Swedish border. E-mail, fax, telephone, web, SMS, etc. 24/7 without any requirement to obtain a court order. Furthermore, by law, the sitting Government will be able to instruct the wiretapping agency on what to look for. It also nullifies anonymity for press tipsters and whistleblowers. Many agencies within Sweden have weighed in on this, with very hefty criticism, e.g. SÄPO (akin to FBI in the US), the Justice Department, ex-employees of FRA, and more. Nonetheless, the ruling party block is supposedly pressuring its members to vote 'yes' to this new proposed law with threats to unseat any dissidents. After massive activity on blogs by ordinary citizens, and street protests, the story has finally been picked up by major Swedish news sources. The result will likely be huge street protests on Wednesday. People have been completely surprised since this law has not gotten any media uptake until very late in the game."
[+] Wiretapping Bill Passes Swedish Parliament, 143 to 138 326 comments
Assar Bruno Boveri writes "Swedish lawmakers came down in favour of a fiercely debated surveillance bill in a vote at the Riksdag on Wednesday evening. Despite some cosmetic changes, Sweden's proposed surveillance law is still a monster, writes Pär Ström from the independent New Welfare Foundation." The Swedish newspaper DN (in Swedish; translations welcome) compares the implications of the proposed law with activities carried out by East Germany's Ministerium für Staatssicherheit (STASI).
Firehose:SSL Encrpytion Coming to The Pirate Bay by Anonymous Coward
[+] Technology: The Pirate Bay's Plans To Encrypt the 'Net 297 comments
Keeper Of Keys writes "According to newteevee.com, The Pirate Bay, those fun- and freedom-loving Swedes, have embarked on a project to encrypt all internet traffic, probably by means of an OS-level wrapper around all network connections, which would fall back to an unencrypted connection when the other end is not similarly equipped. The move has been prompted by a recent change in Swedish law, allowing the authorities to snoop on network traffic. This will be a boon to filesharers and anyone else concerned about authorities and trade groups' recent moves towards 'policing' network traffic at the ISP level."
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

SSL Encryption Coming To The Pirate Bay 25 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • A broader lesson (Score:5, Insightful)

    by dfaulken (1312005) on Sunday June 22 2008, @11:31AM (#23894607)

    While this particular instance doesn't concern me, it seems that, more and more, we're seeing reasons to start encrypting most data that we send across the Internet--certainly we would encrypt IMAP/POP3 sessions, Jabber and whatnot--why not HTTP as well?

    Yes, there might be some performance drawbacks, but, on the whole, it seems to me like the less data we send in plaintext, the less we open ourselves up to identity theft, and being spied on by governments (not necessarily our own, mind you).

    So I tend to think that this is just a manifestation of this broader trend towards encryption in all Internet transactions. I think the real question is whether we'll see people using SSL/TLS for things like checking the weather or sports scores.

    • Re:A broader lesson (Score:5, Interesting)

      by GIL_Dude (850471) on Sunday June 22 2008, @11:35AM (#23894641) Homepage
      I agree with you here.
      I think it will be an escalation though between the people who want to know what everyone is doing and those of us who want privacy. For example, if we encrypt everything - how long will it take these same wiretapping morons to pass more laws requiring that sites make the decryption key available for all "official agencies" or some such?

    • Re:A broader lesson (Score:5, Insightful)

      by oodaloop (1229816) on Sunday June 22 2008, @11:44AM (#23894701) Homepage
      It's about time. If you look at the postal system, people have been using security envelopes or at least sealed envelopes since pretty much the beginning. The only mail postal employees are allowed to read are postcards, since it's pretty hard to stop them. Unencrypted email is basically like a postcard, and it pains me to hear people complain that governments are reading them. Do they complain that postal employees are reading their postcards? If it's important or private, use a security envelope or encryption. Otherwise, don't complain when someone reads it.

      • Re:A broader lesson (Score:5, Insightful)

        by dfaulken (1312005) on Sunday June 22 2008, @11:50AM (#23894741)

        If you look at the postal system, people have been using security envelopes or at least sealed envelopes since pretty much the beginning.
        This is exactly the problem, though--people are accustomed to using envelopes, whereas getting people to use e-mail encryption requires some serious additional effort, which most people aren't willing to put in.

    • Re:A broader lesson (Score:5, Insightful)

      by nine-times (778537) <nine.times@gmail.com> on Sunday June 22 2008, @11:58AM (#23894793) Homepage

      Yeah, it seems to me that it was an oversight that networking wasn't encrypted in the first place. When lots of these protocols were being developed, security didn't seem to be much of a consideration.

      It's about time that these things got rectified, but I'm not sure what the best course is. For example, using SSL concerns me in that we've accepted the convention that certificates should be issued by certain set organizations that require exorbitant fees. I mean, hundreds or thousands of dollars per year for an SSL cert? Seems a bit much to me. Yeah, I know you can generate your own, which will cause you to get complaints from your websites' users when they see what looks to them like an error message.

      I'm not a security expert, but I get the sense someone needs to go back to square one and figure out how to build a coherent, open, and secure model for networking that doesn't rely on giving such control to a small number of companies.

      • Re:A broader lesson (Score:5, Insightful)

        by Free the Cowards (1280296) on Sunday June 22 2008, @12:27PM (#23894981)

        If TCP/IP had been encrypted from the beginning, we'd be worse off, not better.

        Why? Because any crypto available from that time is trivially crackable today. So instead of an obviously insecure communications medium, you'd have an insecure communications medium that everyone thinks is secure because, hey, it's encrypted! It wouldn't change anything except make people more complacent.

      • Re:A broader lesson (Score:5, Insightful)

        by David Jao (2759) <djao@dominia.org> on Sunday June 22 2008, @12:30PM (#23895023) Homepage

        Yeah, it seems to me that it was an oversight that networking wasn't encrypted in the first place. When lots of these protocols were being developed, security didn't seem to be much of a consideration.

        You may be too young to remember this, but until 1997, it was for all practical purposes illegal to transmit cryptography software over the internet because of ITAR regulations [wikipedia.org].

        As a result, during the formative years of the internet when networking protocols were being designed, there was no practical way to include security as a requirement. A cynic would interpret this state of affairs as being exactly the goal that the US government had in mind when they made cryptography illegal.

        • Re:A broader lesson (Score:5, Interesting)

          by jc42 (318812) on Sunday June 22 2008, @01:15PM (#23895407) Homepage Journal

          ... as I understand it security was outside of the scope of networking technology when it was first created. ARPANET was created in order to facilitate information sharing, and it started out quite small. Encryption at that point would've been counterproductive. ...

          Well, yes and no. Note that the ARPAnet project was funded by the US Dept of Defense. There were security experts around from the beginning. But it was well understood back in the 1960s that building the security into the low-level networking code was a bad engineering design. Everyone involved pretty much understood that you got (data) security by end-to-end encryption, and doing encryption at any level below the user app was simply a waste of cpu cycles. So the network-level design goal was reliable transport on unreliable ("battlefield") hardware. The design meant that the people working on the network layer could concentrate without distraction on the job of getting the bits reproduced accurately at the other end.

          The primary argument against low-level encryption has always been the same: The two endpoints have no reliable knowledge of or control over most of the data path. The history of encryption is full of stories about someone cracking someone else's encryption and reading their messages for a long time before they were found out. We must assume this can happen with any encryption scheme. This means that if a low-level link in the middle of a data path is decrypted (or even intercepted), the endpoints generally have no way of knowing it has happened, and also have no way of changing that link's encryption scheme. Low-level encnryption is thus only usable if you control every piece of hardware in the data path. This requirement would totally eliminate the wide-area networking that ARPA was trying to achieve. So if the ARPAnet was to meet its design goals, encryption of low-level data links was a pointless waste of cpu time.

          End-to-end encryption at the application layer, however, is totally under the control of the endpoints. It can be changed at any time, for any reason. It eliminates dependence on the security of the low-level links that aren't controlled by the entpoints.

          And there's a reasonable argument that end-to-end encryption increases security: It means that the data packets can be scattered across many different data paths, making it difficult for anyone to intercept all of the packets for a given conversation. Previous secure communication required tight control of the data path, and usually meant that there was a single data path for a given conversation. This is easy to intercept and either block or subvert, giving a copy of the conversation to an enemy. But if your packets are sprayed across all the available paths, interception and packet collection become nearly impossible.

          This is, of course, a very loose, off-the-cuff summary. But it's easy enough to find the early ARPAnet docs in various Internet archives, where you can easily spent far too much time learning about the subject.

  • About time (Score:5, Insightful)

    by nurb432 (527695) on Sunday June 22 2008, @11:42AM (#23894681) Homepage Journal

    Lets hope this is just the beginning.

    *everything* should be encrypted by default, and no unencrypted connections should be offered.

    I don't care that i'm doing nothing wrong, its no ones business.

    ya, there is a performance hit, but thats just part of the deal to have your communications remain private.

    • Re:About time (Score:5, Funny)

      by You ain't seen me! (1237346) on Sunday June 22 2008, @12:43PM (#23895133)

      *everything* should be encrypted by default, and no unencrypted connections should be offered.

      If you were to start using unlimited encrypted connections here within the UK, I guess the thought-police will immediately assume you to be a terrorist and bang you up for 42 days.

  • Copyright issues != terrorism (Score:5, Insightful)

    by frdmfghtr (603968) on Sunday June 22 2008, @12:09PM (#23894853)

    " Although copyright issues really have little to do with national security... "

    Try telling that to the US Gov't.

    • Re:Copyright issues != terrorism (Score:5, Funny)

      by Eudial (590661) on Sunday June 22 2008, @12:16PM (#23894897)

      " Although copyright issues really have little to do with national security... "

      Try telling that to the US Gov't.

      You're getting the lawmaker newspeak confused. Smoking pot is terrorism, piracy is the same as child pornography and paedophilia.

    • Re:speed (Score:5, Informative)

      by ozamosi (615254) on Sunday June 22 2008, @11:34AM (#23894633) Homepage

      The actual file transfers are peer-to-peer, so they won't be effected (also, they're usually encrypted already, to avoid bandwidth throttling). This is for accessing the website and/or for contacting the tracker.

      Web pages have been using SSL for years without being especially slow.

      Contacting a tracker is a lightweight request that is being performed once every 30 minutes or so - if it was a few seconds slower, nobody'd notice anyway.

    • Re:speed (Score:5, Informative)

      by Bandman (86149) on Sunday June 22 2008, @11:49AM (#23894737) Homepage

      There are really a lot of hardware solutions to speeding up SSL.

      The real issue is that, typically speaking, the server which is responsible for the server-side processing is also responsible for encrypting the stream.

      By putting a hardware or software solution in front of the client-access machine, you offload encryption to that host, leaving the application server free to concentrate on serving applications.

      This can also be useful for debugging sessions, as you (the provider) have an unencrypted stream to examine.

      Securing that stream between the application and the encryption device becomes of paramount importance, in that case.

      • Re:speed (Score:5, Funny)

        by Anonymous Coward on Sunday June 22 2008, @11:33AM (#23894625)

        Hmm... A Swedish jail boyfriend.

        A List? Lets.

        Pros:
        Funny Accent? Check
        Athletic? Check
        Likes Wooden Shoes? Check
        Digs Meatballs? Check

        Cons:
        Makes you scream in a funny accent? Check
        Athletic (in all the wrong places)? Check
        Likes pain and Abuse? Check
        Digs _your_ Meatballs? Check

        It's a hard call.

      • Re:speed (Score:5, Informative)

        by just_a_monkey (1004343) on Sunday June 22 2008, @12:16PM (#23894899)
        There are pros and cons to living in Sweden. This law is a big con. So are the taxes, and the regulations. A penal system which is not based on homosexual rape is a pro, though.

      • Re:speed (Score:5, Informative)

        by orzetto (545509) on Sunday June 22 2008, @01:01PM (#23895291)
        In Scandinavia, there are no "federal pound-in-the-ass" prisons. The prisons are top-notch, just google around: here is a couple [ynetnews.com] of articles [aftenposten.no].

        • Re:speed (Score:5, Insightful)

          by Maxo-Texas (864189) on Sunday June 22 2008, @01:18PM (#23895443)

          I agree with your general point and agree that recent material that is still in print should be either paid for or ignored.

          That being said, I torrent.

          I use it for
          1) Movies that I can't buy if I want to.
          2) Comics that I grew up with and can't buy if I want to.
          3) Anime that isn't for sale in the U.S. (This has lead to be buying anime when it does become available- like Stand Alone Complex)

          And I do draw the line 28 years (the original terms before our governments sold out to disney and other companies and sold away the public domain to them). And I could get fined or go to jail for that activity. I keep that in mind, so I use peer guardian and other techniques to keep a low profile. But mainly, I stay away from new hot shit. Mostly, new hot movies you can buy for $5-$7.50 within 18 months of them coming out. Why risk prison/ fines to see a movie 18 months early? And more importantly, creators do deserve *some* compensation for creating.

        • Re:speed (Score:5, Insightful)

          by WeblionX (675030) on Sunday June 22 2008, @01:22PM (#23895481) Homepage Journal

          Wait, so I can now buy HD movies online and download them as fast as my connection allows legally? I thought I had to drop a wad of cash on a new disc drive then had to either go out and buy or wait for it to ship to get the movie, then I had no option to put it on my computer (legally). This is all news to me.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.