CAT | Censorship
Wired reports on a move by the Japanese government to ask websites to block users who “abuse” TOR.
I assume that TOR is being used as an example, and it would apply to any secure privacy tool.
The interesting question is whether this is simply a foot in the door on the way to banning anonymity, or at least making its use evidence of evil intent.
Currently, public privacy services make little effort to hide themselves. Traffic from them is easily detected as being from an anonymity system. If blocking becomes common, many systems may start implementing more effective stealth systems, which would make filtering anonymity for security reasons even harder.
According to the Telegraph, the UK government is instituting a code of conduct for public WiFi which would require blocking of pornography to protect kids.
I see a couple of problems here.
1) Porn proliferates very quickly, so the blocking is likely to always be behind the curve, and kids are really good at getting around these kinds of blocks.
2) Some people will feel that things are allowed that should be blocked.
3) Inevitably legitimate websites will be blocked. A common example is breast feeding web sties, which frequently get caught in these kinds of nets.
4) Implementing this requires active monitoring of the activity on the WiFi which generally enables other kinds of surveillance.
Most home networks don’t have filtering on the whole network, so kids at home would be exposed to raw Internet. The standard is generally to filter at the end device. It seems to me that would be the best option here.
Parents could choose exactly the blocking technology and philosophy they want to have applied, and it does not impact anyone else.
It appears that China recently launched a poorly executed Man in the Middle (MITM) attack on GitHub.
GitHub.com is an https only website, so the only way to monitor it is to use a MITM attack to decrypt the contents of the communications. There is evidence that GitHub is widely used in China for code sharing, so the backlash from blocking it completely was too large, and it was unblocked a few days later.
The attack happened on January 26. It was poorly executed in that the faked certificate did not match the real one in any of the meta-data and it was not signed by a recognized certificate authority. This caused most browsers to report a security error. The MITM attack only lasted about an hour.
Based on reports it only impacted users in China, which strongly suggests that it was government backed at some level. My work in censorship circumvention over the years has shown that China is far from monolithic. This could have been the work of a local government or regional ISP. I have not seen an analysis showing if this was country wide or not. It seems very ham fisted for the central government.
The speculated reason for the attack is to monitor access to a list of people who have been involved in creating the Great Firewall of China, which is hosted on GitHub, and is connected to a petition on Whitehouse.gov proposing that those people be denied entry to the US.
It looks like Syria is back on the Internet again.
I have not seen any indications of unusual atrocities the, so why the short outage?
Fast Company has a good article laying out the state of events regarding the Internet in Syria.
Here is the short version. Syria has changed tactics from keeping the Internet available but highly monitored and surveilled, to turning off apparently absolutely all Internet connectivity within the country.
Syria was unique in its cyber response to their Arab Spring uprisings. Rather than lock down the Internet, they actually un-blocked some popular social media sites. They did this because of the incredible surveillance capabilities this makes possible. Business Week has a nice story on this aspect.
The change of face would seem to have a few possible reasons.
1) Dissident tactics like encryption are making the surveillance less effective.
2) The damage from dissident publishing is greater than the value of the intelligence.
3) The Syrian government is about to do something really nasty and they want to make it very hard to report about it.
We shall see. The fact that the Syrian government appears to have turned off even its own Internet access suggests that they are worried about any leaks through the wall, which makes reason 3 seem more probable.