Will cDc privacy app Peekabooty put users at risk?

Maybe, maybe not....

  • alert
  • submit to reddit

Designing a Defense for Mobile Applications

In spite of having long anticipated the Cult of the Dead Cow's Peekabooty demo at Defcon09 as one of the conference's major highlights, we actually managed to miss it. However, we got a pretty good description of it from a trustworthy journo who, unlike yours truly, found it possible to struggle over to the Hard Rock Hotel (you know who you are, bud) to observe it in action.

Based on that and several other conversations with networking specialists, we developed the impression that Peekabooty could be a fairly self-destructive tool in the hands of non-technical computer users in repressive countries, which might, ironically, give the very people it's designed to help a dangerously false sense of security.

We also spoke at length with cDc, and they made some well-reasoned replies to our characteristically skeptical inquiries.

What we know

First up, Peekabooty is a peer networking application which enables users in countries where Internet content is censored to host and retrieve forbidden content via encrypted communication with a trusted client, and so bypass national firewalls. We'll say flat out that the goal here is eminently good, and we support it wholeheartedly.

Depending on how involved one wishes to be, the scheme may or may not require a download. Some users will actually be hosting content. Others will merely relay it, and others will simply be accessing Web content through an ordinary browser with nothing installed on their machines, as with SafeWeb.

What's wrong with this picture?
With the exception of safe browsing without a download, we see some potential risks for users in repressive countries, and we worry that the less than tech-savvy may fail to appreciate them. Furthermore, some users will not merely be viewing banned content, they'll actually be hosting it, which could open them up to increased criminal liability. Additionally, it may be possible for Feds to scan for characteristic traffic which would indicate its use.

The most obvious concern is that the download itself may be incriminating in the more neurotic countries where it's to be used. Clearly, a person under surveillance is not a candidate for PB use, so we asked cDc how they intend to make that clear to potential users.

"The app can be obscured, but not hidden as you correctly point out. We are going to give advance briefings to grassroots organizations who will act as one distribution chain; risk assessment will be part of that. Obviously, if someone is already on 'state radar', they would not be a suitable candidate," cDc member Oxblood Ruffin told us.

"We will clearly spell out the risks and have people aware of them before we deploy, but also consider this: the level of risk in using Peekabooty is pretty much the same as if one made the more public statement of going to a political rally. People aren't stupid, and they know the consequences of having contrary opinions to the authorities. So at the end of the day, it will be the user's choice to install Peekabooty, or not."

Member Drunken Master added that there are plans "to integrate process hiding and other things, and have a way to quickly wipe the disk of the tool (securely) in case something bad happens to you."

Good, so long as your machine is running when the Feds kick the door, and you tend not to panic.

Another worry is that the user has to trust the node that will decrypt, and he therefore needs some way of determining whether or not he ought to. 'How on earth can the user know the difference between a safe node and a compromised one,' we asked.

DM replied, noting that "one of the more advanced pieces of the program allows you to specify who you trust in the network. You can choose to connect through those nodes of trust. You do not have to be directly connected to those you trust.... It would be easier for the bad guys to simply set up their own nodes."

Which is exactly what we're concerned about. Without some form of cryptographically-robust certification scheme, you might just find yourself communicating directly with the Feds.

"Make no mistake about it: the application is not made for everyone. If the user cannot accept a certain level of risk, they should not use it, and we will make that very clear. We will have different ways to run the program, each with a different level of risk associated with it," DM told us.

He also, and rightly, observed that our 'devil's advocate' line of questioning is relevant only to a limited number of real-world situations.

"The questions you are asking are all geared toward the extreme case and that is important to think about; but it is also important to remember that there are plenty of countries out there where the firewall may block you from seeing things, but nothing bad happens to you if you do see the banned content (same with corporations)."

The tool has been made open source, and wisely so. While Feds will find it easier to observe patterns in its behavior and so identify characteristic packet traffic, the open-source development community will also be tweaking and refining it continually to thwart them. Indeed, because the competition between those who'll be using it and those who'll be threatened by it is open-ended, it's better to develop a flexible and adaptable tool than some rigid, and therefore very temporary, solution.

"One of the interesting things about a distributed tool like this is that each government and corporation will have to find their own methods of dealing with it. Just because one government figures out a way to block it, doesn't mean they all do," DM observed.

Why Peekabooty?
We see some serious risks for those in the government-surveillance hot seat, and we'd hate to see any of those users turn to a full implementation of Peekabooty in quest of increased security, when in that case it would provide just the reverse. We trust that cDc understands this as well as we do, and that they'll do all they can to discourage its full use by those whose doors remain under constant threat of being kicked.

But, with the exception of open-sourcing, we haven't seen any clear advantage in PB over a product like Triangle Boy, which requires no download, prevents decryption by relay clients, and employs a certification scheme so that one can be confident he's communicating with a trustworthy server.

Better yet, it's up and running right now; and as for packet traffic, all the Feds would be able to learn from their remote surveillance efforts is that the subject is using crypto over https (unless, of course, his box has been compromised, in which case nothing will help him, or hurt him any worse than he already has been).

This may well change for the better as PB nears completion; and we look forward to evaluating it as soon as it's ready, and promptly reporting our experiences with it. ®

Boost IT visibility and business value

More from The Register

next story
Whoah! How many Google Play apps want to read your texts?
Google's app permissions far too lax – security firm survey
Chrome browser has been DRAINING PC batteries for YEARS
Google is only now fixing ancient, energy-sapping bug
Do YOU work at Microsoft? Um. Are you SURE about that?
Nokia and marketing types first to get the bullet, says report
Microsoft takes on Chromebook with low-cost Windows laptops
Redmond's chief salesman: We're taking 'hard' decisions
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
Big Blue Apple: IBM to sell iPads, iPhones to enterprises
iOS/2 gear loaded with apps for big biz ... uh oh BlackBerry
OpenWRT gets native IPv6 slurping in major refresh
Also faster init and a new packages system
prev story


Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.