2011-02-20

Har FRA NarusInsight installerat?

Det visade sig att Egyptiska myndigheter använde sig av NarusInsight för att spåra sina medborgares aktivitet på nätet under revolten. NarusInsight är ett ganska obehagligt program som presenterar i realtid vad olika personer gör på nätet. Skickade du just ett email? Ping säger det då i NarusInsight och en operatör kan läsa ditt email. Bloggade just? Ping igen, och operatören har ditt inlägg på skärmen. Kanske en tweet som innehåller ordet "tårgas". Ping igen. Skickat ett SMS med ordet "demo"? Ping.

Steve Bannerman (rätt osannolikt namn som man inte kan hitta på) marknadschef på Narus, skryter om programmets möjligheter såhär:
Anything that comes through [an Internet protocol network], we can record. We can reconstruct all of their e-mails along with attachments, see what web pages they clicked on, we can reconstruct their [voice-over Internet protocol] calls.
Kul. Så slog det mig, har FRA detta på sin superdator? Så jag började söka på nätet och hittade en person med namnet Mats Lindblom vars nuvarande LinkedIn profil säger:
Sales and marketing of Network Analyzer software and hardware in Sweden for a US based company. Further information restricted due to confidentiality reasons. Company was sold in 2010 to Boeing.
Narus är ett företag som sålts till Boeing, och mycket riktigt så hittade jag hans gamla profil, som jag sparat här. Där står en massa intressant information. Några axplock:
Sales and Marketing Representative Sweden at Narus.
SpinDoctor PR is focused on the IT arena and has done PR jobs for various businesses such as Acer Computer, Song Networks, TestTools, IXIA, Network Associates, Universal Telecom, Narus, Ericsson and the IMF.
Sales and marketing of Network Analyzer software and hardware made by Narus in Sweden. Reporting to Chris Fowler the Manager of Sales in the Nordics. Narus has recently been aquired by Boeing.
After 9/11 I sold and marketed surveillance equipment for the Internet. The initial promotion activity was held at the US Embassy, present were the press, ISP´s, Telco´s, Bank´s, Insurance industry, Government Agencies including the Secret Service and Military Intelligence who later became our customers. Sales and marketing of tools for analyzing traffic in networks. Main focus was sales and marketing of Niksun products such as NetDetector along with Sniffers from Network Associates and field test equipment from Fluke and Agilent.
Alla konspirationsteoretiker borde ha fått 13 rätt där!

Så, jag skickade ett enkelt email till FRA och frågade, rakt ut, om de använde sig av NarusInsight. Jag fick ett snabbt och vänligt svar som sade att de skulle ge mig svar så fort de visste om de kunde säga något. Två veckor senare (!) fick jag svar från Mattias Lindholm, pressekreterare på FRA:
Om vi har köpt produkter från det företag du nämner kan vi inte gå närmare in på, och det oavsett om vi har handlat av dem eller inte.

Generellt sett använder sig FRA av produkter som finns på den öppna marknaden, och av sådana som är svåra att få tag på eller som vi till och med måste ta fram själva.

Vi är mycket restriktiva när vi berättar om olika tekniker och materiel som används i vår verksamhet, i synnerhet när de kan vara kopplade till våra metoder och vår förmåga. Information om dessa skyddas av sekretess, vilket förhindrar oss att prata om dem i annat än generella termer.
Så, nu är frågan, hur ska man tolka detta? Om de nu har en sådan policy sedan länge (vilket jag fick besked om i ett senare email), varför har det tagit sådan tid att ge mig svar? Det borde ju bara vara att klippa och klistra in en standard text!

Jag tror frågan hamnade i ett möte där de diskuterade hur illa det skulle vara om detta faktum kom fram, och beslutade sig för att förneka det hela på detta typiska sätt. Vad tror ni?

Och SpinDoctor PR? Hittar inget om denna firma i Sverige. Vet någon annan något?

2010-11-04

Ska internetleverantörerna ta ansvar för sina kunders trafik?

Netopia, ofta kallas Nepotia, utlyste nyligen ett morgonseminarium med titeln "Mellanhandsansvar på Internet - En rapport kring internetleverantörers roll och ansvar". Många kommenterade förslaget, bland annat jag. Kommentarerna var mycket kritiska, och jag kände på mig att de skulle slå av kommentarsfunktionen, eftersom seminariet framstod i det löjes skimmer det förtjänade. Och mycket riktigt, nu är allt borttaget.

Tack och lov sparade jag min kommentar. Jag skrev såhär:
För det första, vilket problem är det man försöker lösa? Svälter svenska musiker mer nu än för 10 år sedan? Sanningen är ju att det inte finns något problem, musikbranschen TROR att det finns enorma mängder med pengar att håva in, eftersom de likställer en delad film med ett förlorat köp. Det är ju hål i huvudet att resonera så.

Och för att förslaget ska fungera måste internetleverantörerna göra deep packet inspection (teknisk analys av den trafik som skickas runt), vilket känns väldigt obehagligt, och detta bara för att kolla om deras kunder gör något så harmlöst som delar musik. Det är ju faktiskt så att internet används till annat än att dela musik och film! Det kan vara djupt privata email, sökningar efter information om sjukdomar, meddelanden till jurister, präster, journalister, politiker. Hur blir vårt samhälle om man vet att allt man skriver på internet avlyssnas av inte bara FRA och för att uppfylla datalagringsdirektivet, utan även av ens internetleverantör? Överallt i dessa organisationer finns människor som gör fel och läcker information.


Och vad sker om alla börjar dela filer och kommunicera i krypterade P2P nätverk? Jo, eftersom krypteringen inte går att knäcka (i alla fall inte med teknik som går att köpa av vanliga internetleverantörer) så blir enda slutsatsen att de måste börja ta ansvar för trafik utan att veta något om den, dvs på bara indicier. Slutsaten är att de tvingas förbjuda kryptering och p2p-kommunikation, av ren princip.


Här är det dags att sätta sig ner och börja fundera. Är det rimligt? Har vi ett problem så stort att vi måste förbjuda 2 av de viktigaste teknologierna för framtidens internet?


2010-02-09

Three layers of encryption

Private sphere

The concept of a private sphere has been around for a while, at least since Heidegger, according to Wikipedia.
The private sphere is the complement or opposite to the public sphere. The private sphere is a certain sector of societal life in which an individual enjoys a degree of authority, unhampered by interventions from governmental or other institutions. Examples of the private sphere are family and home. Martin Heidegger argues that it is only in the private sphere that one can be one's authentic self.

In public-sphere theory, on the bourgeois model, the private sphere is that domain of one's life in which one works for himself. In that domain, people work, exchange goods, and maintain their families; it is therefore, in that sense, separate from the rest of society.
It seems like todays politicians are hellbent on removing any chance for citizens to have a private sphere on the net. This has bothered me quite a lot, and some time ago it struck me that I, as a software developer, better start creating stuff instead of just whining. It seems like such a system can be built today out of standard components, and in this blog entry I will describe what I've done so far. I will build my system step by step. Let me know where I have done wrong, and where things can be simpler.

Private or Pirate?

It doesn't matter how much we talk about privacy - our detractors will call it a system for piracy anyway. So, I registered the domain piratesphere.net so that I can define "pirate" to my liking, instead of being labeled by others. I haven't done anything with that domain just yet, but will one day. Any suggestions?

Hardware

I bought myself an Acer Aspire Revo 3610 computer. It has the new Intel Atom 330 processor (dual core) running at 1.6 GHz, 4 GB RAM and 500 GB disk. Most people use it to stream HD video to their TVs. I don't.

Ubuntu

I wanted it to have encryption from the start, so I downloaded the alternate Ubuntu 9.10 CD ISO image. Then I used the Ubuntu USB Startup Disk Creator program to burn it to a USB stick, since the Acer box has no CD or DVD drive, so instead I had to boot from USB. I stuck that USB drive into the Acer box, and hit F12 during the boot sequence, which let me boot from it, instead of from the HD.

It is probably possible to encrypt only some partitions of a disk, but I'm just not smart enough to do it. I selected encrypted LVM for the entire disk, which had the benefit of swiping the hated Windows 7 OS off my computer. This results in the installer asking you to type in a password for unlocking the encrypted disk. I picked a pretty complex password, and will never write it down anywhere. My head only.

Later in the installation process, I was asked if I also wanted to encrypt the home directory. Well, of course, as Sean Connery would have said. Ubuntu automatically unlocks the home directory when you log in.

This effectively puts two layers of encryption on the disk. First the disk itself is encrypted. If someone steals your computer, or if it is seized by the police, it will be as interesting to them as a stone. As long as you have a screen saver on, which can only be unlocked with a password, of course. Don't forget this step: System --> Preferences --> Screensaver. Check the "Lock screen when screensaver is active" checkbox! Oh, and pick a good password for your user, and it should be different from the password used to unlock the hard drive.

The second encryption level will make your files unaccessible, even if someone somehow manage to crack the hard disk encyption.

Snags

During the creation of the encrypted home directory, the installer hangs. According to some people on the net, this is because the installer is writing zeroes to the swap partition, which takes a long time. It appears this is only part of the reason, since the real problem appears to be that this copying of zeroes never ends. The solution is to kill that part of the installation.

Another problem is that both Firefox and the system itself may suffer from very slow net connections under ipv6. The solution to that problem was also simple. I chose solution number 3.

Wuala

Next step is to install Wuala. What it does is to let you store your files encrypted in the cloud - only you can get to these files! You need to install Java, portmap and nfs-common for this, so on this machine I did:
sudo apt-get install sun-java6-jre portmap nfs-common
Next step is to download Wuala, which is just a tar.gz file you unzip in your home directory. Then set the execute flag on the wuala and wualacmd scripts:
chmod 744 wuala wualacmd
Next, start that script right away:
cd ~/wuala
./wuala
It will now go on for a long time spitting out "%1", "%2"... for quite a few minutes. Don't despair! What it does is to also download updates. After a little while, finally, Wuala comes alive.

You will first be asked to login with an existing account or create a new one. Don't use your own name in the user name, since that name can then be used to identify you when sharing files over the Wuala network. And you can't change your user name once your account is created.

Then a window appears, which is the main Wuala client where you can drag-and-drop the files you wish to save to the cloud. Initially you only have 1 GB of storage, but the second cool feature of Wuala is that you can trade with Wuala: Give away local storage on your hard drive, and get cloud storage back! So I opened the Wuala profile settings with User --> Edit My Profile... and shared 100 GB disk.

I'm sharing as much as I can, which means files from other Wuala users are saved encrypted to my disk, and as a reward I will get almost as much disk on the cloud where I can save my files. The amount of disk I get to use depends on how much of the day my computer is online. If it is online only 50% of the time, then only 50% of your traded local storage is given back as cloud storage. Read more about it on Wuala's website.

While you are poking around with Wuala settings, make sure you check the "Restart automatically after update" checkbox. Also, remember to NOT let Wuala remember your password.

Three layers of encryption

So, since all my files saved to the Wuala cloud are encrypted, with a key that never leaves my computer, I have three levels of encryption on my computer:
  1. Hard disk encryption
  2. Home directory encryption
  3. Wuala encryption
For all of these, I use unique passwords (yes, you get to type passwords a lot). This means that even if someone cracks the password to the disk, and even if that same person cracks the password to my user, that person doesn't get to see any of my files, because they're encrypted on the cloud!

Next steps

Next step, which I haven't fixed yet, is to install and setup OneSwarm. But for it to be useful, I need to make sure my Wuala directories are seamlessly mounted as normal directories, and I haven't fixed that just yet.

I'll let you know when that works.

Over and out.

2010-01-18

Dags att lämna tillbaka det vi stulit

Jag var i Egypten på semester under jul och nyår. Besökte bland annat Karnak-templet i Luxor, världens största tempel. Vår guide där berättade att de allra flesta gamla egyptiska obelisker numera står utomlands, de allra flesta stulna eller sålda på ett sätt som idag aldrig skulle accepteras.

Väl hemma sökte jag lite på nätet, och på Wikipedia räknas 29 ännu existerande egyptiska obelisker upp, men bara 9 står kvar i Egypten. Vi svenskar är inte oskyldiga på detta område! Silverbibeln, stulen från Prag 1648, är bara ett exempel.

Detta gör att jag föreslår att piratpartiet aktivt driver frågan att lämna tillbaka alla föremål i statlig eller kommunal ägo som under århundradens lopp stulits eller sålts under tveksamma omständigheter.

Detaljer:
  • Låt oss göra kopior på originalen innan vi skickar tillbaka dem.
  • Det blir en sorts IP transfer från rika länder tillbaka till ursprungslandet, idag ofta ett U-land. Vi vill ju ge utvecklingsländer en ny chans i framtidens informationssamhälle. Här har vi chansen att visa vår goda vilja.
  • Om ett land inte anser sig ha resurser att ta emot ett ömtåligt föremål så tar vi på sig att förvara det tills landet tycker det är redo.
  • Partiet får chansen att exemplifiera att det är skillnad mellan atomer och elektroniska ettor och nollor. Genom att vi har föremålet stående hos oss så kan de inte njuta av det. Det är ren stöld.
  • Det skulle kunna kicka igång piratpartier i fler länder.
Detta borde vara en no-brainer.

2009-12-07

It is time to reclaim the cloud: Tunnel computing

Cloud computing. What is it? Wikipedia describes it with this image:




So, us clients sit at the edges and consume (and pay for) services provided in the center by Google, Microsoft, Amazon and others.

Does it have to be this way? No! But scalability, redundancy, performance, etc? Sure, some cloud services will remain on the net, but we can take control of many of them, for free. It is easy to be impressed by the sheer massiveness of the server farms Google and others are building. For example, the number of servers maintained by Google is estimated to be about 450,000. But we need to put this in perspective, as 487,180 computers were sold in the third quarter in Sweden alone! Sure, a Google server is probably more powerful than an average computer sold in Sweden, but Google's servers are hard at work, while our machines are mostly idling!

As an example, lets look at cloud based backups. I currently use the 2 GB free Dropbox service. Very useful, I just drop my files into a special folder and they get backed up on remote servers. I only have two problems with it:
  1. The backup servers are in the US. I'm sure the US government knocks on their doors every now and then, asking Dropbox staff to hand over client files. Sorry, I will not tolerate that in the future. My files are my files!
  2. 2 GB is just too little. I can buy a 1 TB disk these days for 850 SEK (120 USD, 80 EUR). We're talking less than pocket change for 2 GB!
Both of these problems go away if we create our own cloud. What are the benefits?
  1. We'd encrypt our own files before they hit the net, with our own keys, so our files remain for our eyes only.
  2. We get to have hundreds of GB of disk each backed up on our shared cloud.
If I look at the files I back up on a regular basis, they can be divided into a few groups:
  1. Music, about 30 GB
  2. Private photos, about 10 GB
  3. Private family videos, about 10 GB
  4. Email, about 5 GB
  5. Various documents and files, about 3 GB
It is no big deal if the music gets lost, because I have the original disks at home. So, actually, I'd prefer to just send them out to the cloud for everyone to share. What remains is less than 30 GB of files that I really don't want to lose. I think my case is quite typical, unless you're into ripping DVDs. I'm not.

For backup I buy a new external USB drive every year or so. It just isn't cost effective to spend time cleaning old drives of backup files. Just buy a new one and start over. Setting up a NAS is compelling, but still doesn't save your files in case your NAS, or heaven forbid your whole house, burns down. For such cases cloud based backup is the only way to go.

I am a programmer and keep a free service on the net as a hobby project, the Universal Packing List. I've been thinking of converting it to the Google App Engine, but I'd prefer to host it myself. I could install my own server and use DynDNS, but I'd like to see a future when I can drop my application into our shared cloud and have it served by whatever computer is closest to the end user, without me having to care at all.

As I've described before on this blog, this shared cloud would actually be a shared private darknet, so perhaps the best word for this would be mole tunnel (or wormhole) computing. We'd connect with trusted peers and use our shared computers to deliver the computing and storage muscles needed. To the outside world it wouldn't be visible, since all is hidden in our shared tunnels.

We need to develop lots of machinery for this to work, and I only have the skills to do some myself. Who's interested?

2009-11-30

Imorgon börjar en ny era på nätet

Imorgon börjar FRA avlyssna svenska folket. Bara den trafik som går över landets gränser, men alla som vet något om internet vet att det kan vara vad som helst. Denna blog, till exempel, ligger på en server utanför Sverige, så du bör räkna med att FRA registrerat att du läser denna blog.

Bara regeringen, Regeringskansliet och Försvarsmakten får säga till FRA vad den ska avlyssna. Men vem som helst kan be någon av dessa tre att något ska avlyssnas, så den begräsningen betyder ingenting. Bara några borgeliga politiker var så naiva att de trodde den betydde något i verkligheten.

Polisen och SÄPO skulle inte få tillgång till spaning, blev vi försäkrade, men det var ju bara nys. Och vi vet av Carl Bildts blunder i en intervju att spaningsdata kan bytas med främmande makt, till och med diktaturer.

Vad vi gör på nätet registreras också på många andra sätt, men där sker inget nytt den första december.

Så, vad ska vi göra? Här är mina förslag:
  • Om vår justitieminister insisterar på att skicka våra banktransaktioner till USA, så får vi insistera på att sluta använda kreditkort och istället gå över till kontanter igen.
  • Börja kryptera våra email. Det finns bra pluginer till de flesta emailprogram, bland annat Enigmail till Thunderbird. Jag kommer inom kort att skicka ut min publika krypteringsnyckel.
  • Kryptera kommunikationen mellan ditt emailprogram och din emailserver. I Thunderbird är det med TLS eller SSL. Det innebör lite strul vid första emailet som skickas, men annars är det lätt att sätta upp och smärtfritt.
  • Installera OneSwarm och koppla upp dig mot de vänner du litar på. Det är faktiskt rätt enkelt. Lite kasst interface, men det kommer med säkerhet att bli bättre med tiden.
  • Byt bredbandsleverantör till en som inte verkar vilja lämna ut information om hur du surfar. Bahnhof verkar ha integritet. Det finns säkert fler.
  • Börja kryptera dina chat-sessioner. Lita inte på Skype, deras system är integrerat med andra telecom-system där det finns krav på avlyssningsbarhet. Pidgin har en plugin som heter OTR med vars hjälp man kan kryptera och autenticera kommunikation med dem man chattar. Verkar fungera rätt bra.
  • Driver du en website, försök gå över till https för all kommunikation. Tyvärr kostar det en del pengar, drygt en tusenlapp per år för den site jag driver, så jag har själv inte tagit steget.
  • Stödj FSF, Apache, Linux, BSD och Open Source. Utan dem hade vi varit toast idag.
  • Gå med i Piratpartiet! Det är gratis och hemligt. En no-brainer om man tycker framtidens demokrati är viktigt.
  • Börja använda Tor eller i2p för anonym surfning av nätet. Visst, det kan vara knivigt att sätta upp, men det borde vara självklart att man ska få vara anonym på nätet.
  • Lägg viktiga filer på en krypterad USB-pinne, ifall de behöver kunna flyttas mellan datorer. I Ubuntu 9.10 är det nu riktigt enkelt.
  • Kryptera hela eller delar av din hårddisk. I Ubuntu kan man nu ha ett speciellt directory krypterat per default, men man kan också ha hela filsystemet krypterat.
Ju mer krypterad trafik som finns på nätet, ju svårare blir det för FRA och andra att skaffa sig information om sådant de inte har med att göra.

Lägg gärna till andra förslag i kommentarerna!

2009-11-26

Technology stack for future freedom

Todays freedom on internet is under heavy attack. To protect us from terrorism, and children from predators, a lot of crazy legislation is forced upon us. Some say the internet summer of love has passed, and from now it will just get colder. It is easy to just get depressed and get on with life, slowly rolling downhill. But, to quote Benjamin Franklin, "He who sacrifices freedom for security deserves neither".

What I propose below is some of the infrastructure I think we need to build for the future. It is a lot, and it will take time, but it will be fun, and there are lots of people already hard at work creating the necessary building blocks.

Please tell me where I misunderstood technology or trends, and where I should spend more time reading! I need it, you need it, we all need it.

Hardware

It all starts with hardware. In size and shape all we need 10 years from now will be sized like a smartphone.

It will most likely not be an iPhone, since Apple has shown no interest in opening up their hardware or operating system. Besides, we can't depend on one single vendor. A much more promising platform is Google Android, with many vendors and a healthy ecosystem.

Processors will be wickedly fast 10 years from now. We will have persistent storage in our hands large enough to hold all music ever created in the history of mankind.

But all that power is to no avail if there's something similar to the chinese green dam software or something along the line of Microsoft's trusted computing forced into our hardware. Any step away from total hardware openness is dangerous, because it could be a way of preventing us from loading our own software on our own computers.

There is open source hardware, such as the Sparc chipset. I would prefer if it all was open source, and constantly reviewed by an army of people willing to scrutinize it from weaknesses and security vulnerabilities.

Software base

On our open and trusted hardware we'd put an open and trusted operating system, most likely BSD or Linux. It MUST be open source, or we would never trust it. Forget Microsoft and Apple. They have never shown any commitment to openness or freedom in this respect.

This base must be supported by trusted organizations, such as Apache Software Foundation, the Free Software Foundation, Debian and Canonical. We have to donate money so they can maintain a large machinery of trusted computers we can download untampered operating systems and code libraries from. This will cost us real money, but I see no other way to do this.

Encryption

On top of our operating system, or even deep inside it, we need hard core encryption. This is so important that some countries, such as USA, China and France, have tried to ban it less than 10 years ago. Some countries have managed to outlaw hard drive encryption: Afghanistan, Russia, Cuba, Haiti, Iran, Iraq, Libya, North Korea, Syria, Ukraine and Former Yugoslavia. We don't want to join them, do we? If you hear anyone proposing to ban encryption, then you know it might be a fight for our lives, because encryption is at the heart of the future of computing.

Fortunately, encryption is out of the box, thanks to GPG, OpenSSH and others, but expect governments and corporations to try to ban encryption with all sorts of phony arguments. Unfortunately, it is not too difficult to spot encrypted traffic on the internet, so if an anti-encryption law was passed, our internet service providers (ISP's) might be forced to block anything that looks like encrypted messages.

Virtual machine

Next step is a virtual machine. To my knowledge, there really are only two industrial strength alternatives. One is from Microsoft, so it has to be the other one, the Java Virtual Machine (JVM). You'd be crazy to trust Microsoft. The JVM has open source implementations and has a very good security track record. It can be trusted, and many people are willing to support it.

But 10 years from now we will probably not do most of our programming in Java anymore. The reason is because the processors will probably contain hundreds of processing cores, which will be a pain to keep busy with Java.

My bet for the future of multicore programming is Scala, a pretty new exciting language that is both object oriented and functional, runs on the JVM, is open source, and lets you reuse your Java libraries straight off. It also has a cool actor framework for multi-core computing.

But my thinking goes a little bit longer, in that we should throw the Akka, Swarm or Scalar frameworks on top of Scala.

Akka lets you create software transactional memory over your actors, so that you can do real work with several distributed actors within an in-memory transaction.

Swarm, created by Ian Clarke who created Freenet, introduces transparently distributed computation in the cloud. This means you can write your Scala programs without having to bother with scalability - your code will move around to where data is located, instead of todays paradigm where data is moved from a database to an application server for processing.

Scalar is a DSL (Domain Specific Language) written in Scala to facilitate grid computing on to of the GridGain framework.

Distributed computing sandbox

This is where internet freedom comes in again (sorry for going off on a tangent like that). On top of the hardware, operating system, encryption, JVM and Scala language (all open source) we would load a Akka/Swarm/Scalar module, much in the same way Popular Power worked. It would be a secured sandbox on your computer, open to the world. Files and data from other people could reside on a part of your hard disk owned by this sandbox. Actors in an Akka application could execute here, code in a Swarm application could migrate here, since the data it needs might be there, and computationally very expensive jobs could with Scalar be sent off to the distributed grid.

It would all be encrypted - files, data and code. Your computer would be safe from whatever happens inside that sandbox, and to you it would be mostly a black box you can't do much with, except for two things:
  • Drop your files into it for safe storage. Perhaps the Riak web database might be part of the solution?
  • Drop your jobs into it for execution, and then later collect the result.
You can turn off the sandbox if you so wish. It wouldn't matter much, because all files in the cloud of which your sandbox would be part, is replicated all over the planet, in slices and pieces much like the BitTorrent protocol works. Not much goes wrong if one sandbox disappears - the distributed file system just needs to spread some files just a little bit more. The sandbox file system would always make sure there are enough copies of your files across the cloud so that you can get your files even if whole continents slide into the ocean, or all cables across the Atlantic are chewed off by killer whales.

But if you turn off your sandbox, then you can't send your own applications and data into it, since it is the portal to the distributed computing darknet.

You wouldn't want to save your files or applications on your own machine, instead you'd sign yourself to be the owner of your files, encrypt them and send them off to the darknet where the files would be safely replicated and accessible only by you. You assign most of your hard disk to the cloud, and others do the same. Nobody cares where files resides, as long as you trust they don't ever go away.

File sharing? Well, all files that you don't encrypt are shared with all. You can claim ownership if you wish, which might make it possible to restrain how they can be used, but except for that it is just common files.

Whenever you'd want to send new versions of your applications to the darknet (agents acting on your behalf), the old ones would be replaced. Perhaps we need a new and faster machinery similar to DNS for this. We might need a replacement for DNS anyway, so perhaps it could serve several purposes.

Trusted peers

So, would you let your sandbox open to just anyone on the net? Not necessarily. I believe we'll start using network of trusted peers. You would connect with your closest friends and share encryption keys with them, so that you can communicate safely with each other through strong encryption, much like OneSwarm.

Your sandbox would communicate with their sandboxes. Your friends may have other close friends they trust, so what is stored on your disk and executes on your computer may come from a friend of a friend who you may not necessarily trust. There will perhaps be a way of fine tuning trust, so that you trust some people more than others. This is certainly not my speciality, so it would be interesting to hear more about such systems.

Potentially there might be some pixels of encrypted child porn on your disk, but you would never be able to tell, so you wouldn't really care, in the same way a mailman delivers mail without looking inside envelopes. Besides, your disk may legally be owned by you, but technically it is just part of the darknet cloud. Who cares, in 10 years it will cost barely nothing!

Key rings

The public encryption keys you get from your trusted peers, as well as your own private keys, must be saved in a safe way. Backed up on USB sticks, your watch, or otherwise. I hope we get really good software and hardware for this in the future. Perhaps it already exists?

Onions and P2P

Traffic originating from you may not go directly to an external website such as http://www.bbc.co.uk, but instead routed first to one of your trusted peers, whose sandbox may automatically at random relay it further on to its trusted peers, in a way similar to Tor. The traffic may surface unencrypted far away from you and be totally anonymous, so that censorship can be avoided altogether.

Security

This will of course need some major thinking, but it should not be too hard to make your machine safe from potential evil goings-on inside the sandbox. The Java Virtual Machine should handle this, if configured correctly.

What if someone floods the darknet with junk files, just to fill it up? Well, I envision a quota system enforced by the sandboxes, so that if you set off say 500 GB of your hard drive to your sandbox, then it will stop you from dropping more than say 100 GB of data into it (remember, all files are replicated across the net).

What if someone floods the shared computing cloud with actors consuming huge amounts of CPU? Well, the same quota system could be setup so that the longer you have had your computer open for others to use for computing, the more cycles you have saved up for your own use on other machines. The sandbox would stop you, in some way, from gobbling up too much CPU out there. But I don't see this as too much of a problem, really, since most computers are mostly just idling anyway.

What if someone is using the CPU of our machine in an attempt to crack the encryption of someones files? Well, we can use the CPU of other peoples machines to encrypt our files, so I don't think it will work. It is much much much easier to encrypt a file than trying to crack the same encryption. At least that is what current cryptology science tells us, but various government agencies may know much cheaper ways to do it that currently isn't common knowledge. Only time will tell.

So, where do we start?

Perhaps there is already an effort to do something similar. If so, let me know. It is a big task to get working, and I want to help. If there are no such efforts, why not start one now?

2009-11-06

Jag tror ACTA kommer att förbjuda OneSwarm

Jag har med intresse följt förhandlingarna i Bryssel om Telekom-paketet. Det var med viss förvåning jag läste att ministerrådet hade gått med på väldigt mycket av det parlamentet ville ha med, en HADOPI-säker lag, så att människor inte skulle kunna bli kastade ut från nätet bara för att ett skivbolag påstod att man fildelade.

Nu finns ett förslag till text som ger vid handen bland annat att man måste bevisas vara skyldig innan man kan bli utkastad. Just detta har jag dock känt mig lite oroad över, för framtidens fildelning kommer med säkerhet att vara krypterad och anonymiserad, så hur ska någon kunna bevisa att där sker illegal fildelning?

Nu vet jag varför! Det är ingen slump att de senaste ACTA förhandlingarna i Seoul pågick ungefär samtidigt med att ministerrådet plötsligt gick med på europaparlamentets krav, för i slutändan kommer det inte att spela någon roll vad det står i våra europeiska lagar, fildelning kommer att bekämpas med kontrakt!

Vissa dokument har läckt ut från ACTA-förhandlingarna, lämpligt samlade på wikileaks. Där finns en länk till ett tre sidors dokument som beskriver vad någon muntligen fått sig berättat i Seoul.
Section 4: Will focus on technical protection measures (TPMs). Language inspired by US-Jordan Free-Trade Agreement (article 4.13)4, as well as by the WIPO Internet Treaties (articles 11 WCT and 18 WPPT):
  • Parties to provide adequate civil and criminal remedies that are specific to TPM infringements, i.e. treat these as separate offenses form "general" copyright infringements.
  • TPM infringements would be: (i) prohibition of circumvention of access controls and; (ii) prohibition of manufacture and trafficking of circumventing DRM devices.
Så, vad i helsike betyder detta? Och vad står i frihandelavtalet mellan USA och Jordanien? Jo, artikel 4.13 i detta dokument lyder såhär:
In applying the prohibition under Article 11 of the WCT and Article 18 of the WPPT on circumvention of effective technological measures that are used by authors, performers and producers of phonograms in connection with the exercise of their rights and that restrict unauthorized acts in respect of their works, performances and phonograms, each Party shall prohibit civilly and criminally the manufacture, importation or circulation of any technology, device, service or part thereof, that is designed, produced, performed or marketed for engaging in such prohibited conduct, or that has only a limited commercially significant purpose or use other than enabling or facilitating such conduct.
Jag tolkar detta som att man inte får ta bort vattenmärkning eller DRM-skydd från MP3-filer och liknande. Men jag tror inte ACTA kommer att sluta där. I artikel 19 i WPPT (WIPO Performances and Phonograms Treaty) finns en oroande vaghet (markerad av mig):
Contracting Parties shall provide adequate and effective legal remedies against any person knowingly performing any of the following acts knowing, or with respect to civil remedies having reasonable grounds to know, that it will induce, enable, facilitate or conceal an infringement of any right covered by this Treaty
Detta tror jag öppnar upp för ett svepande reglemente som i praktiken kommer att betyda:
Om du sysslar med krypterad P2P kommunikation, så kommer det att anses vara rimligt bevis på att du piratkopierar filer.
På det viset kommer våra ISP:er att av ACTA-avtalet tvingas skriva in i sina kontrakt med oss användare att vi inte får använda oss av krypterad P2P. Gör vi det så blir vi avstängda från nätet! Det Christian Engström förhandlat fram mot ministerrådet kan få stå kvar, i evärdlig tid, för allt detta avstängande kommer att skötas via kontrakt med våra ISP:er, inte via lag.

Men varför skulle exempelvis Bahnhof gå med på att ha med detta i sina kontrakt? Jo, för det är deras enda möjlighet att slippa att bli stämda av musik- och skivindustrin. Går de inte med på detta tillägg i sina kontrakt så kommer de att bli stämda. Det står rätt klart i det läckta dokumentet:
On the limitations from 3rd party liability: to benefit from safe-harbours, ISPs need to put in place policies to deter unauthorised storage and transmission of IP infringing content (ex: clauses in customers' contracts allowing, inter alia, a graduated response). From what we understood, the US will not propose that authorities need to create such systems. Instead they require some self-regulation by ISPs.
Så, vad tror ni?

2009-06-08

Är Piratpartiet höger eller vänster?

För att besvara den frågan, låt oss kontemplera en annan fråga: Är allmän rösträtt en höger- eller vänsterfråga? Svaret är, naturligtvis, att det är något som är självklart för nästan alla svenska partier. Allmän rösträtt är en del av fundamentet för en demokrati, och ligger därför bortom höger-vänster skalan.

På samma sätt är det med Piratpartiets huvudfrågor:
  • Öppenhet
  • Transparens
  • Rättssäkerhet
  • Integritet
Dessa frågor är fundamentet för en fungerande demokrati, och Piratpartiet har som första parti satt ner foten och sagt att alla andra frågor är underordnade dessa frågor. Piratpartiet kan internet bättre än alla andra partier, och inser att internet i framtiden kommer att ersätta nästan alla andra medier. Därför är det livsviktigt att fundamentet är stabilt när framtidens demokrati byggs upp.

Därför är Piratpartiet varken höger eller vänster, vi är mycket mer än så.

2009-04-18

"Konstnärer skall ha betalt för sitt arbete"

Suck. Jag bloggar. Jag har till och med tre bloggar. Med argumentet att "konstnären skall ha betalt för sitt arbete" så vill jag också ha del av kakan! Men så fungerar det ju inte. Inte ens för konstnärer fungerar det på det viset. Man måste producera alster som någon är redo att betala för, för att få betalt.

Så tillvida man inte får stipendier, eller tidningsstöd, förståss. Men det är kanske dit vi ska gå? Låt oss beskatta alla internetabonnemang med en extra hundralapp per månad, sedan kan alla som producerar något registrera sig för garanterat bidrag. Alla som bloggar, alla som gör musik, alla som gör film, alla som programmerar, alla som skriver noveller, essäer, poesi, romaner och, framför allt, ironiska texter. Det låter ju fantastiskt bra. Sedan ökar vi bredbandsskatten med säg 2% varje år. Jag behöver inte ens skriva något bra eller genomtänkt eller kunnigt eller insiktsfullt på min blog, utan bara skit varje dag, ungefär som vissa ledarskribenter!