Theoretically this is true, but in practice it's not. Most p2p services rely on the global internet in some way. The BitTorrent DHT, for example, is unlikely so self-heal in the event of a completely inaccessible global internet.
Things like HolePunch have a lot of potential here, but you'd need an Iran-only DHT, and it's just not deployed at scale.
@reisse is 100% right. Most people outside of heavily censored regions have no clue what technology is actually used in those countries. The well-known, well-established providers don't actually work in censored regions because:
1) The problem is very difficult and requires a lot of engineering resources
2) It's very hard to make money in these countries for many reasons, including sanctions or the government restricting payments (Alipay, WeChatPay, etc)
The immediate response would be: "If the problem is so difficult, how can it be solved if not be well-known, well-established providers?"
The answer is simple: the crowdsourcing power of open source combined with billions of people with a huge incentive to get around government blocking.
> It's very hard to make money in these countries for many reasons
Tor and I2P, for example, don't actually make money anywhere. Which is not to say that they work for any of the users in all of these places, or for all of the users in any of these places.
> The answer is simple: the crowdsourcing power of open source combined with billions of people with a huge incentive to get around government blocking.
The actual answer is that (a) they're using so many different weird approaches that the censors and/or secret police can't easily keep up with the whack-a-mole, and (b) they're relying on folklore and survivorship bias to tell them what "works", without really knowing when or how it might fail, or even whether it's already failing.
Oh, and most of them are playing for the limited stakes of being blocked, rather than for the larger stakes of being arrested. Or at least they think they are.
You're dramatically underestimating the sophistication of these groups. Think about it: these people are risking their freedom by working on this technology in any capacity. They are not naive to the risks of the work nor are they naive to the technical threats facing the software. In fact, the opposite is true. Western VPN companies are very much naive because the risks their users face are much less severe, and at a technical level they don't require anywhere near the same level of sophistication. They're primarily just WireGuard and OpenVPN, which are trivial for censors to block.
Tor is great, and they do great research on censorship circumvention, but it isn't used at any significant scale in these countries.
Oh it's also worth noting that Cloudflare is actually more aggressive in blocking domain fronting than almost anyone else. Lots of folks match the SNI to the Host header, but Cloudflare takes it a step further and also makes sure that TLS connections without SNI have a Host header that's scoped to the IP/server they're actually visiting. That means you can't, for example (not that we would ever, ever do this hehehe), scan the whole Cloudflare IP space for IPs to front through without SNI.
Fascinating, Filippo. We stayed silent on it at the time primarily because we were keeping a low profile particularly as more and more Chinese were using Lantern, but there was also back channel pressure through various contacts, to be honest related to the pending Cloudflare expansion in China.
There was also a prelude to all of this that I think made things stickier and bizarrely personal. Prince and I share a mutual friend who introduced us just a few weeks prior. Prince said he supported what we were doing, but asked that I not talk about it publicly, presumably because of the pending China deal. The problem was that literally moments after our friend had introduced us via email, and before he made that request, I had a call with the WSJ where I talked about precisely this. I did everything I could to walk back the article, but Prince didn't buy it and seemed to go ballistic over it. After the WSJ piece, we pulled back from talking more publicly in general.
Oh, I forgot! We also partly stayed silent because they didn't actually shut down what we were doing at all =). They matched the SNI to the Host header, sure, but they missed a little detail: we weren't using SNI. Hehe. Lantern worked for another six months or so, and then, through a similarly bizarre sequence of events, we essentially tipped them/you off to what was happening. We remained a customer throughout, and we're a customer to this day.
Either way, though, Cloudflare does great work, and everyone has their faults, so I'm generally sympathetic over the whole thing with the one caveat that I am truly unclear how much ultimately did relate to China, most clearly in terms of any public support for these internet freedom techniques.
Oh, and I've wanted you to work on Lantern forever btw. Oooh actually if you're not aware of it, the uTLS Go TLS fork is a hugely impactful project that's in widespread use (I would guess maybe 50 million monthly active users rely on it in censored regions via various projects) but needs updating - https://github.com/refraction-networking/utls
Oh, and if you think we were effective in China then, you should see what we're doing in Russia and especially Iran now!
“The Navy built it” is a bit of an exaggeration. Paul Syverson did early work on it at the Naval Research Lab, and Roger Dingledine and Nick Mathewson added to the collaboration at approximately the same time, with neither having anything to do with the Navy. That’s the extent of the military connection - some relationship in the first year or so of an 18 year or so project.
Yasha Levine is a conspiracy theorist hack. There’s really no other way to say it. His narrative is attractive to a left leaning audience with shallow knowledge in this area, but the reality is that without publicly funded software like Tor, Signal, OTF, and my own Lantern, our world would be more fully saturated with corporate control of the internet. We need more public funding for open source software (with public security audits, mind you), not less. Without them, we’d basically be left with Wikipedia as the only popular entity on the internet outside of corporate control.
All of these projects are more properly grouped with government funding in other spheres, such as the BBC or PBS in media, than they are with the surveillance state or the NSA. Levine overlooks basic details, such as reproducible builds, that quickly collapse the house of cards that is his narrative. He tries to paint them all with the NSA brush, when, in fact, they’re simply projects that have historically received some of their funding from the government while fulfilling missions with extraordinary humanitarian benefits. Levine’s own knowledge and experience in this area is shallow. Look elsewhere.
I don't disagree with what you're saying. I'm not sure your statement is in disagreement with mine either? I don't think he's saying less OSS is better or anything dogmatic? All he's saying is that using Tor/Signal shouldn't be the end all be all of your surveillance concerns.
> would be more fully saturated with corporate control of the internet
You might disagree. His point was that the "corporate controllers of the internet" support projects like Tor because A) it gives a (somewhat ineffective) channel for people to focus on rather than political recourses and B) there's no real threat to the corporate model. What would you do in this e2e encrypted internet without corporate services?
> such as reproducible builds
Seems like a tangential point. You can have an untampered copy of a client with a vulnerability.
> funding from the government while fulfilling missions with extraordinary humanitarian benefits
I don't think this is in disagreement with anything either
> from the government while fulfilling missions with extraordinary humanitarian benefits
Ahh yes, the famed operation Condor, operation Gladio, operation iceberg and so many other famed "humanitarian" projects
At the end of the day all that you mentioned goes back to a post-facto "it is good because *we* do it", I would go to say that most people here in HN are well aware of the start of Google when it was funded by us Intel as a way to parse Vietnam era datasets, or how US Intel uses Radio Free Asia to destabilize enemy countries abroad, but again, it is only good/not bad when "*we"* do it
Apologies for a rather low quality comment, but these types of persons handwaving the actual structure behind all of this really get on my nerves, specially when I have had family members be tortured as a consequence of these US activities
I’m certainly not defending all US government actions. That’s exactly the point. Levine tries to lump all of this in with surveillance. The US government funds the NSA, that is true. It also funds food stamps. And torture. The trick is to untangle it.
USAID is specifically designed and called that so as to tangle it, tell me, how would your average joe understand that USAID is a intelligence agency spinoff designed to sound "good" while doing evil all over the world rather than what its name suggests? You know... Aid?
The NSA, CIA, Extraordinary Rendition and so many other things dont exist there by accident, if said """government""" wishes to spend such amounts of money and resources to enact such evil under the veil of security, then i dont know about you, but then that to me and several other people just reads as "US Gov being flat out evil"
Do remember that there was *wide* support and acceptance back on the Kennedy days to just dissolve the CIA
> Levine tries to lump all of this in with surveillance.
I am not particularly kind to the guy, but he's just merely looking at it on a holistic system design level, any programmer minded person would do the exact same thing when presented with a black box problem
But as far as the foodstamps go, wouldn't it be great if the system where set up in such a way as that foodstamps where not needed to begin with? And on the flipside, why would "the government" allow for such a societal structure where the maintenance of "foodstamps" is necessary for the organization of the nation? I see that last bit in particular if anything as a national security problem...
As Clintonites would say: "It is the economy stupid"
It seems obvious that USAID is an intelligence front (I've encountered a few instances where it was mentioned that someone worked for USAID at the time, while it was simultaneously obvious that it would make way more sense if they were Intelligence), but is there any concrete evidence for that?
*Specially* that we are talking of USAID, on the case of NED for example, things get slightly murkier because then it is a matter of private rather than public record, but it still works as a tool for management of semi-clandestine operations and operations which need plausible deniability from CIA's end, or at least as much deniability as it can muster, tho these days they prefer to work with shell groups and other associated partners such as for example Atlas Network, Radio Free Asia also falls on that category, same with Voice Of America
If you are interested in books both, Killing Hope by William Blum and Legacy Of Ashes by Weiner are very, very, very good authoritative sources on the matter
If you prefer podcasts, Warnerd Radio has a couple very good episodes on the National Endowment For Democracy, tho they both quote excerpts of the books above
Yes, there is concrete evidence--specifically, the Office of Public Safety mentioned by Cyanbird, was an official cover given to CIA personnel to train local and national police forces in puppet countries how to fight a 'countersingurgency'. This included setting up national ID cards to track everyone, NSA style signals intelligence, and extensive use of torture. One of their favorite methods was to use portable US army telephones, as they had a hand crank generator capable of producing enough current/voltage to torture but were unlikely to cause cardiac arrest, they had an obvious non-torture use case so ordering them was not suspicious, and they had very fine wires that could be inserted up the urethra or stuck between teeth to deliver very painful electric shocks to sensitive areas. Dan Mitrione was a USAID OPS guy who was killed in South America in the 70s (Uruguay, i believe) in retaliation for his role in abuse and torture, who was known for adbucting homeless people upon whom his trainees could practice their torture techniques. The 1980 documentary "Inside the Company" about the CIA lays this out very well. It's long but is worth a watch, and I have seen no comparable films exposing this level of CIA activity since. Vietnam and the Phoenix Program is another classic example. John Manopoli was officially working for OPS in USAID, but was in fact CIA, and he first implemented the national ID card program they used to generate the lists of thousands of names of folks to abduct, torture, and either imprison or kill, and he was also instrumental in that part of the plan as well. Almost the only references to John Manopoli are in books about torture in the Phoenix program, or listings in USAID OPS phone books, or a handful of official OPS papers showing he did the same type of work in a handful of other countries.
While those programs certainly existed this is blatant a false equivocation, you can still have humanitarian programs while being a military hegemony. It's not one or the other.
This is in fact a distinct reason CIA/NSA (and vice versa) won't accept recruits who have served in the peace corp previously, amongst other reasons.
This comment is an incredibly naive attempt at a smear.
> Without them, we’d basically be left with Wikipedia as the only popular entity on the internet outside of corporate control.
Wikipedia is absolutely not "outside of corporate control". It is trivially astroturfed to advance special interests.
> All of these projects are more properly grouped with government funding in other spheres, such as the BBC or PBS in media
Both BBC and PBS routinely publish outright disinformation to advance the special interests of their corporate/government clients, including the intelligence community. For example, look at PBS Frontline's ridiculous puff piece for the violent extremist group HTS last year.
> Levine overlooks basic details, such as reproducible builds
Reproducible builds are also easily circumvented by selectively deploying backdoors and other malware, based on IP or other fingerprints.
If there are good reasons to dispute Levine's investigative journalism, they're not here.
Um, ok. All of the above projects use not only reproducible builds for many platforms, but they’re all open source, and they all have public security audits. Those three pillars are about as good as it gets. Is there something you would add?
I’m not claiming PBS and the BBC are perfect entities, but they do offer an alternative source of information that runs against the grain of corporate media. You would prefer…what exactly?
First, there’s a vast difference between the state department and the pentagon. Lumping those two together just reflects an unsophisticated understanding of the federal government. Signal has never received any state department or pentagon money. Tor had a significant early contribution from a researcher at Naval Research. That’s the extent of any pentagon funding. They have received significant state department funding, but to call the state department “warmongers” is just not accurate.
Please stop spreading misinformation. From the Tor Project's public IRS documents:
> WHILE FUNDING FOR TOR ORIGINALLY FOCUSED ON BASIC RESEARCH TO BETTER UNDERSTAND ANONYMITY, PRIVACY, AND CENSORSHIP-RESISTANCE, THE MAJORITY OF FUNDING NOW FALLS INTO THREE CATERGORIES: DEVELOPMENT FUNDING FROM GROUPS LIKE RADIO FREE ASIA AND DARPA TO DESIGN AND BUILD PR OTOTYPES BASED ON RESEARCH DONE BOTH INSIDE TOR AND ALSO AT OTHER INSTITUTIONS; DEPLOYMENT FUNDING FROM ORGANIZATIONS LIKE THE US STATE DEPARTMENT AND SWEDEN'S FOREIGN MINISTRY; AND UNRESTRICTED CONTRIBUTIONS FROM PRIVATE FOUNDATIONS, CORPORATIONS, AND INDIVIDUAL DONORS FOLLOWING IS A BREAKDOWN OF THE TOR PROJECT'S FUNDING SOURCES FOR THE PERIOD ENDED JUNE 30, 2020: FUNDING FROM US GOVERNMENT SOURCES US STATE DEPT - BUREAU OF DEMOCRACY, HUMAN RI GHTS AND LABOR 752,154 GEORGETOWN UNIVERSITY - NATIONAL SCIENCE FOUNDATION 98,727 RADIO FR EE ASIA/OPEN TECHNOLOGY FUND 908,744 NEW YORK UNIVERSITY - INSTITUTE OF MUSEUM AND LIBRARY SERVICES 101,549 GEORGETOWN UNIVERSITY - DEFENSE ADVANCED RESEARCH PROJECTS AGENCY 392,00 8 FUNDING FROM NON-US GOVERNMENT SOURCES DIGITAL IMPACT ALLIANCE - UNITED NATIONS 25,000 S WEDISH INTERNATIONAL DEVELOPMENT COOPERATION AGENCY (SIDA) 284,697 FUNDING FROM CORPORATE SOURCES MOZILLA 157,500 AVAST 50,000 MULLVAD 50,000 FUNDING FROM PRIVATE FOUNDATIONS OPEN SOURCE COLLECTIVE 23,100 MEDIA DEMOCRACY FUND 270,000 ZCASH FOUNDATION 51,122 MOZILLA OPEN SOURCE SUPPORT MOSS 75,000 RIPE 53,114 CRAIG NEWMARK PHILANTHROPIC FUND 50,000 STEFAN THO MAS CHARITABLE FOUNDATION 50,000 KAO FOUNDATION 10,000 MARIN COMMUNITY FOUNDATION 1,000 IN DIVIDUAL DONATIONS 890,353
Yes they’ve received funding from DARPA. I realized I forgot that after I posted. Good catch. To my knowledge, that funding is for new anti-censorship transports to sneak traffic in and out of censored countries.
And the State Department are definitely warmongers.
SecState Kissinger orchestrated the incineration of Laos, Cambodia and Vietnam.
SecState Powell orchestrated the flattening of Iraq.
SecState Clinton orchestrated the butchering of Libya.
SecState Pompeo tried and failed to orchestrate the annihilation of Iran by assassinating top officials and drawing them into war.
And so on and so forth. These aren't even theories. The State Department is closely involved in destabilizing sovereign governments through the full spectrum of means, including war, to advance Washington's interests.
But typically coffee shops aren't really putting much effort into blocking vpns, they're doing some silly block everything not 80 or 443. Its not like they're trying to bypass the great firewall of china.
Having two NATs is really the only case worth mentioning. Considering almost all internet traffic involves at least one NAT, if you can’t handle a single NAT case, you’ve got issues!
I have ZeroTier running behind a variety of different NATs and haven't had any issues at all. It also seems to do a good job of having hosts on the same network talk directly over their private IPs.
Other tools are much, much more popular, such as Psiphon, Lantern, MahsaNG, etc.