Wikileaks Lessons for Privacy-Enhancing Technologies

I had been studiously avoiding writing about Wikileaks. I’ve been interviewed a couple of times in the last few days on various aspects of the ongoing saga, though, and it has highlighted some points that I think are worth mentioning. (Slightly misquoted in BBC News online here, and brief comments about digital activism on BBC Radio 4’s World at One, about 25 minutes in, here.)

One of the most interesting aspects of the Wikileaks saga, from the point of view of research into privacy-enhancing technologies, is how totally uninteresting it is. Given that we have spent years researching means for sender- and recipient-anonymous communications and censorship resistant access to content, a hugely subversive and risky site like Wikileaks is nothing more than a website with an encrypted submission form. Use of Tor is advised, but for the highest levels of security postal submission is still considered the gold standard.

In a similar vein, both the attempts to block Wikileaks and Wikileaks’ response to those attempts have been brutally practical and theoretically unexciting. Rather than firewalls and DNS or IP blacklists, we see political and economic pressure on hosting companies and DNS registrars. Rather than untraceable distribution of content and proxying of blocked connections we see Wikileaks’ hosting hopping between countries and companies, and appeals to the community to mirror content widely.… Read full post

Media reports on Chinese Internet ‘hijacking’

Another media story on China and the Internet has been widely reported today, although with a somewhat depressing lack of detail and excess of hysteria. I was interviewed today on the BBC about the story (my comments start around 01:34) and so spent a while digging into the particulars. I’ll attempt here to present a slightly more balanced and fact-based version of the story as I understand it. A good technical analysis of this incident can be found at BGPmon here, and probably the best I’ve seen so far is at Renesys here.

A recent report to the US government by the US-China Economic and Security Review Commission contains, amongst other reports of potential national security threats to the US from China, mention of an incident in April 2010 in which a significant minority of Internet traffic was briefly and erroneously routed through China. The incident lasted approximately 18 minutes, and affected 15% of Internet destinations.

The headlines report that “China hijack 15% of the Internet”, whilst somewhat breathlessly informing us that US military and government traffic was affected. The original report[1] points out that there is no evidence that this occurred intentionally, but the term “hijack” leaves the interpretation of malicious intent which, of course, makes for a more exciting story.… Read full post

Amazon’s Kindle and Anti-Censorship in China

There’s been quite a media buzz in the last few days regarding the ability of Amazon’s new 3G Kindle to bypass China’s Great Firewall[1]. I was recently interviewed on BBC World News about how the Kindle does this, and what some of the implications are. As I had about two minutes to put that across in the interview, I’ll expand slightly on the story here.

In brief, the latest generation of Amazon’s Kindle has a web browser along with its free integrated 3G connection. The Kindle isn’t officially available in China, but is easy to find on the grey market and is apparently quite popular. One user recently noticed that browsing to blocked websites, such as Twitter and Facebook, appears to bypass the firewall.

Why does this work? When I heard the story I had an immediate suspicion, and a quick play with my own Kindle confirmed the answer. Amazon have, apparently unintentionally, implemented a common anti-censorship technology in the way that the Kindle handles web requests: it bounces its connection through a proxy server located outside of the censorship zone.

The Kindle is mainly designed to download books from Amazon via their Whispernet service. It appears that when you browse the web, the same connection is used; rather than connecting directly to website, you connect to Amazon’s servers first, which then forward the request to the website.… Read full post