Hm, how practical is it when threads are closed merely because some people come to read two weeks later? Continuing the discussion from Review of Yasha Levine's Surveillance Valley, with a strong criticism of Google as well as the Tor project:
Interesting that the idea of doing a decentralized network was immediately connected to the idea of doing bulk surveillance and control… but it doesn’t really add up. The early Internet didn’t have central websites… DNS and IP4 assignment coordination didn’t empower anyone to really control what happens with net technology, as opposed to the way IBM’s BITNET operated for example. Also, in the 60’s it wasn’t exactly predictable that the US would remain leading provider of router technology and operating systems, and that forty years later it would become feasible to break into routers, set up deep packet inspection and ex-filtrate traffic this way. So the only thing that I know can be said about the early Internet not always being on the side of its users was the way IP spoofing was not impeded.
Time warp to the creation of Google, I presume that part is based on “How the CIA made Google” which is indeed an impressive read. Next, Tor. Tor was designed to achieve a lot, but not to be resistant against a global passive attacker. Until Snowden, there was no knowledge that a global passive attacker exists. It is a tool designed to – most of all – access websites, so its low latency is its greatest weakness — but this weakness is intrinsic to the kind of protocols it is forced to work with, the web. Still, not everyone immediately conceived of the kind of de-anonymization attacks you can run if your target is running a long-term hidden service website or if your target is consistently accessing web sites you are in control of. In other words, yes, the US is certainly in a position to de-anonymize a lot of Tor activity, both by being a global active attacker (FOXACID and HACIENDA are clearly beyond being passive) and having PRISM access to G-Mail and Facebook. But neither is viable for regional governments… so it is, to my knowledge, technically inaccurate to say that it is irresponsible for dissidents to use Tor. The only thing dissidents need to figure out is how to not get caught using Tor. Massive amounts of Chinese activity in the “darknet” seem to indicate that they know how to do that. And for the rest of us, it is still better to make it annoyingly difficult for the US to mass de-anonymize us than to use the Internet naked. The massive amounts of undetected crime going on within Tor also indicates that it isn’t as broken as some claim it to be, that’s why I suggest we should regulate Bitcoin harder…
The “stick it to the Man” philosophy in the hacker community probably goes back to those 90’s crypto punks who won the first crypto war for liberation of PGP. A spirit carried on into the “Declaration of Independence of Cyberspace.” That text reads wonderfully but makes dramatic ideological wrong assumptions which have backfired ever since. I’ve been trying to promote regulation pro-actively weeks after the Snowden scandals but found it quite hard to get any hackers involved as their indoctrination of refusing the State is so profound, they effectively enable the Man in the first place by spending all their lives producing wooden toy guns, as you put it, rather than having a say in politics. Plus working for the Man to make a living, probably. The whole tragedy of Silicon Valley counter-culture follows. By the way, here’s a copy of that Richard Stallman article without all the surveillance on it.
I still have to understand how it is ethically worse of Google to enable military drones when it is actually enabling the disposal of worldwide democracy and therefore a building block for worldwide dystopian conditions. I find the revolt by Google employees superficial, heavily in denial of the implications of Google’s business model.
Regarding Appelbaum, USgov is a multi-headed hydra… just because some parts of it may have a strategic interest in Tor not getting used by large chunks of the population, others want it to be used by dissidents in ideologically opposed countries. So they dared to finance a guy that would heavily promote the use of Tor also among those people that produce cover traffic and make it harder for NSA to weed out relevant Tor traffic. Also, it makes it harder to do mass surveillance. If we want to be accurate rather than making wild guesses, the questions to ask in regards to the credibility of Tor are, who is running the directory servers? Are exit nodes being tolerated that try man-in-the-middle attacks on Tor users?
Jens in the comments has a point in that regard:
It would be very surprising to me if anyone could pinpoint any single person or entity in the US that drives policy decisions based on a consistent set of goals. Even more so over decades.
In the comments you say…
given the nature of ARPA’s activities, I don’t think it’s wrong to speak about it as a “surveillance and control mechanism”.
That’s inaccurate. Just because ARPA needed a system that would work if parts of it are nuked doesn’t mean that it is suitably designed for surveillance and control, which it clearly isn’t. The fact that it is digital is what made it suitable for surveillance and control in the long run, any any centralized architecture would’ve been there much earlier.
I find it delicate to post such opinionated and fact-lacking theories in the name of FSFE.