Will cDc privacy app Peekabooty put users at risk?

Maybe, maybe not....

  • alert
  • submit to reddit

The Power of One Brief: Top reasons to choose HP BladeSystem

In spite of having long anticipated the Cult of the Dead Cow's Peekabooty demo at Defcon09 as one of the conference's major highlights, we actually managed to miss it. However, we got a pretty good description of it from a trustworthy journo who, unlike yours truly, found it possible to struggle over to the Hard Rock Hotel (you know who you are, bud) to observe it in action.

Based on that and several other conversations with networking specialists, we developed the impression that Peekabooty could be a fairly self-destructive tool in the hands of non-technical computer users in repressive countries, which might, ironically, give the very people it's designed to help a dangerously false sense of security.

We also spoke at length with cDc, and they made some well-reasoned replies to our characteristically skeptical inquiries.

What we know

First up, Peekabooty is a peer networking application which enables users in countries where Internet content is censored to host and retrieve forbidden content via encrypted communication with a trusted client, and so bypass national firewalls. We'll say flat out that the goal here is eminently good, and we support it wholeheartedly.

Depending on how involved one wishes to be, the scheme may or may not require a download. Some users will actually be hosting content. Others will merely relay it, and others will simply be accessing Web content through an ordinary browser with nothing installed on their machines, as with SafeWeb.

What's wrong with this picture?
With the exception of safe browsing without a download, we see some potential risks for users in repressive countries, and we worry that the less than tech-savvy may fail to appreciate them. Furthermore, some users will not merely be viewing banned content, they'll actually be hosting it, which could open them up to increased criminal liability. Additionally, it may be possible for Feds to scan for characteristic traffic which would indicate its use.

The most obvious concern is that the download itself may be incriminating in the more neurotic countries where it's to be used. Clearly, a person under surveillance is not a candidate for PB use, so we asked cDc how they intend to make that clear to potential users.

"The app can be obscured, but not hidden as you correctly point out. We are going to give advance briefings to grassroots organizations who will act as one distribution chain; risk assessment will be part of that. Obviously, if someone is already on 'state radar', they would not be a suitable candidate," cDc member Oxblood Ruffin told us.

"We will clearly spell out the risks and have people aware of them before we deploy, but also consider this: the level of risk in using Peekabooty is pretty much the same as if one made the more public statement of going to a political rally. People aren't stupid, and they know the consequences of having contrary opinions to the authorities. So at the end of the day, it will be the user's choice to install Peekabooty, or not."

Member Drunken Master added that there are plans "to integrate process hiding and other things, and have a way to quickly wipe the disk of the tool (securely) in case something bad happens to you."

Good, so long as your machine is running when the Feds kick the door, and you tend not to panic.

Another worry is that the user has to trust the node that will decrypt, and he therefore needs some way of determining whether or not he ought to. 'How on earth can the user know the difference between a safe node and a compromised one,' we asked.

DM replied, noting that "one of the more advanced pieces of the program allows you to specify who you trust in the network. You can choose to connect through those nodes of trust. You do not have to be directly connected to those you trust.... It would be easier for the bad guys to simply set up their own nodes."

Which is exactly what we're concerned about. Without some form of cryptographically-robust certification scheme, you might just find yourself communicating directly with the Feds.

"Make no mistake about it: the application is not made for everyone. If the user cannot accept a certain level of risk, they should not use it, and we will make that very clear. We will have different ways to run the program, each with a different level of risk associated with it," DM told us.

He also, and rightly, observed that our 'devil's advocate' line of questioning is relevant only to a limited number of real-world situations.

"The questions you are asking are all geared toward the extreme case and that is important to think about; but it is also important to remember that there are plenty of countries out there where the firewall may block you from seeing things, but nothing bad happens to you if you do see the banned content (same with corporations)."

The tool has been made open source, and wisely so. While Feds will find it easier to observe patterns in its behavior and so identify characteristic packet traffic, the open-source development community will also be tweaking and refining it continually to thwart them. Indeed, because the competition between those who'll be using it and those who'll be threatened by it is open-ended, it's better to develop a flexible and adaptable tool than some rigid, and therefore very temporary, solution.

"One of the interesting things about a distributed tool like this is that each government and corporation will have to find their own methods of dealing with it. Just because one government figures out a way to block it, doesn't mean they all do," DM observed.

Why Peekabooty?
We see some serious risks for those in the government-surveillance hot seat, and we'd hate to see any of those users turn to a full implementation of Peekabooty in quest of increased security, when in that case it would provide just the reverse. We trust that cDc understands this as well as we do, and that they'll do all they can to discourage its full use by those whose doors remain under constant threat of being kicked.

But, with the exception of open-sourcing, we haven't seen any clear advantage in PB over a product like Triangle Boy, which requires no download, prevents decryption by relay clients, and employs a certification scheme so that one can be confident he's communicating with a trustworthy server.

Better yet, it's up and running right now; and as for packet traffic, all the Feds would be able to learn from their remote surveillance efforts is that the subject is using crypto over https (unless, of course, his box has been compromised, in which case nothing will help him, or hurt him any worse than he already has been).

This may well change for the better as PB nears completion; and we look forward to evaluating it as soon as it's ready, and promptly reporting our experiences with it. ®

The Essential Guide to IT Transformation

More from The Register

next story
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
KDE releases ice-cream coloured Plasma 5 just in time for summer
Melty but refreshing - popular rival to Mint's Cinnamon's still a work in progress
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Put down that Oracle database patch: It could cost $23,000 per CPU
On-by-default INMEMORY tech a boon for developers ... as long as they can afford it
Another day, another Firefox: Version 31 is upon us ALREADY
Web devs, Mozilla really wants you to like this one
Google shows off new Chrome OS look
Athena springs full-grown from Chromium project's head
prev story


Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.