Will cDc privacy app Peekabooty put users at risk?

Maybe, maybe not....

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

In spite of having long anticipated the Cult of the Dead Cow's Peekabooty demo at Defcon09 as one of the conference's major highlights, we actually managed to miss it. However, we got a pretty good description of it from a trustworthy journo who, unlike yours truly, found it possible to struggle over to the Hard Rock Hotel (you know who you are, bud) to observe it in action.

Based on that and several other conversations with networking specialists, we developed the impression that Peekabooty could be a fairly self-destructive tool in the hands of non-technical computer users in repressive countries, which might, ironically, give the very people it's designed to help a dangerously false sense of security.

We also spoke at length with cDc, and they made some well-reasoned replies to our characteristically skeptical inquiries.

What we know

First up, Peekabooty is a peer networking application which enables users in countries where Internet content is censored to host and retrieve forbidden content via encrypted communication with a trusted client, and so bypass national firewalls. We'll say flat out that the goal here is eminently good, and we support it wholeheartedly.

Depending on how involved one wishes to be, the scheme may or may not require a download. Some users will actually be hosting content. Others will merely relay it, and others will simply be accessing Web content through an ordinary browser with nothing installed on their machines, as with SafeWeb.

What's wrong with this picture?
With the exception of safe browsing without a download, we see some potential risks for users in repressive countries, and we worry that the less than tech-savvy may fail to appreciate them. Furthermore, some users will not merely be viewing banned content, they'll actually be hosting it, which could open them up to increased criminal liability. Additionally, it may be possible for Feds to scan for characteristic traffic which would indicate its use.

The most obvious concern is that the download itself may be incriminating in the more neurotic countries where it's to be used. Clearly, a person under surveillance is not a candidate for PB use, so we asked cDc how they intend to make that clear to potential users.

"The app can be obscured, but not hidden as you correctly point out. We are going to give advance briefings to grassroots organizations who will act as one distribution chain; risk assessment will be part of that. Obviously, if someone is already on 'state radar', they would not be a suitable candidate," cDc member Oxblood Ruffin told us.

"We will clearly spell out the risks and have people aware of them before we deploy, but also consider this: the level of risk in using Peekabooty is pretty much the same as if one made the more public statement of going to a political rally. People aren't stupid, and they know the consequences of having contrary opinions to the authorities. So at the end of the day, it will be the user's choice to install Peekabooty, or not."

Member Drunken Master added that there are plans "to integrate process hiding and other things, and have a way to quickly wipe the disk of the tool (securely) in case something bad happens to you."

Good, so long as your machine is running when the Feds kick the door, and you tend not to panic.

Another worry is that the user has to trust the node that will decrypt, and he therefore needs some way of determining whether or not he ought to. 'How on earth can the user know the difference between a safe node and a compromised one,' we asked.

DM replied, noting that "one of the more advanced pieces of the program allows you to specify who you trust in the network. You can choose to connect through those nodes of trust. You do not have to be directly connected to those you trust.... It would be easier for the bad guys to simply set up their own nodes."

Which is exactly what we're concerned about. Without some form of cryptographically-robust certification scheme, you might just find yourself communicating directly with the Feds.

"Make no mistake about it: the application is not made for everyone. If the user cannot accept a certain level of risk, they should not use it, and we will make that very clear. We will have different ways to run the program, each with a different level of risk associated with it," DM told us.

He also, and rightly, observed that our 'devil's advocate' line of questioning is relevant only to a limited number of real-world situations.

"The questions you are asking are all geared toward the extreme case and that is important to think about; but it is also important to remember that there are plenty of countries out there where the firewall may block you from seeing things, but nothing bad happens to you if you do see the banned content (same with corporations)."

The tool has been made open source, and wisely so. While Feds will find it easier to observe patterns in its behavior and so identify characteristic packet traffic, the open-source development community will also be tweaking and refining it continually to thwart them. Indeed, because the competition between those who'll be using it and those who'll be threatened by it is open-ended, it's better to develop a flexible and adaptable tool than some rigid, and therefore very temporary, solution.

"One of the interesting things about a distributed tool like this is that each government and corporation will have to find their own methods of dealing with it. Just because one government figures out a way to block it, doesn't mean they all do," DM observed.

Why Peekabooty?
We see some serious risks for those in the government-surveillance hot seat, and we'd hate to see any of those users turn to a full implementation of Peekabooty in quest of increased security, when in that case it would provide just the reverse. We trust that cDc understands this as well as we do, and that they'll do all they can to discourage its full use by those whose doors remain under constant threat of being kicked.

But, with the exception of open-sourcing, we haven't seen any clear advantage in PB over a product like Triangle Boy, which requires no download, prevents decryption by relay clients, and employs a certification scheme so that one can be confident he's communicating with a trustworthy server.

Better yet, it's up and running right now; and as for packet traffic, all the Feds would be able to learn from their remote surveillance efforts is that the subject is using crypto over https (unless, of course, his box has been compromised, in which case nothing will help him, or hurt him any worse than he already has been).

This may well change for the better as PB nears completion; and we look forward to evaluating it as soon as it's ready, and promptly reporting our experiences with it. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
UNIX greybeards threaten Debian fork over systemd plan
'Veteran Unix Admins' fear desktop emphasis is betraying open source
Netscape Navigator - the browser that started it all - turns 20
It was 20 years ago today, Marc Andreeesen taught the band to play
Redmond top man Satya Nadella: 'Microsoft LOVES Linux'
Open-source 'love' fairly runneth over at cloud event
Return of the Jedi – Apache reclaims web server crown
.london, .hamburg and .公司 - that's .com in Chinese - storm the web server charts
Chrome 38's new HTML tag support makes fatties FIT and SKINNIER
First browser to protect networks' bandwith using official spec
Admins! Never mind POODLE, there're NEW OpenSSL bugs to splat
Four new patches for open-source crypto libraries
prev story


Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.