Security

Pirate Bay's IPREDator not a place to hide

10 comments in this discussion

"I'll setup my own box in another country for me and a few mates :)"

By Johnny

Day 14: Film industry wants iiNet to block Pirate Bay access

Pirate Bay buyer complains of smear campaign

Pirate Bay updates peer-to-peer mechanism

Day 13: Pirate Bay demo choked by Federal Court filter

Breaking Stories

Optus to boost HFC network up to 100 Mbps

Microsoft launches Surface, unveils partners and customers

Opinion: Webjet brings 'cloud' claims back down to earth

Kirby crowned International Privacy Champion

Google cold on voluntary YouTube filtering

By Liz Tay

Aug 4, 2009 11:29 AM

Anonymity service far from bulletproof.

Last month's beta launch of the IPREDator anonymity service has raised questions about security of commercial Virtual Private Networks (VPN).

The service claims to allow subscribers to access the Internet anonymously via a VPN that is based in Sweden.

By accessing the Web through the VPN, subscribers are able to hide their traffic data from Internet Service Providers (ISP), and bypass ISP-level censorship.

But the network isn't exactly bulletproof.

It is run by Swedish VPN company Trygghetsbolaget, which also built the once-popular Relakks service in 2006.

Unlike Relakks, IPREDator does not log its users' traffic information.

However, the services are based on the same software, including the use of 128-bit encrypted point-to-point tunnelling protocol (PPTP).

PPTP is a user-friendly VPN protocol that was first implemented on Microsoft's operating systems in 1996. Reports by security experts such as Bruce Schneier have since revealed a number of flaws in the technology, including password hashing and encryption issues.

IPREDator co-founder Peter Sunde, who also founded popular file-sharing site The Pirate Bay, told iTnews: "128-bit encrypted PPTP can probably be broken by someone that can eavesdrop on the traffic."

"But in order to eavesdrop on the traffic, the government -- at least in Sweden -- must have a valid reason to do that."

"We're not here to protect criminals; we're here to protect private citizens against undemocratic laws," Sunde said.

However, according to Douglas Spink, who is the co-founder and Chief Technology Officer of Canadian networking company Baneki Privacy Computing, IPREDator's security systems may not be sufficient protection for persons such as an activist in Iran.

"If an Iranian activist is trying to visit a banned website, [and] the authorities can see that they are visiting that website ... [that] would be enough to cause tragedy for an activist seeking protection via a VPN service," he told iTnews.

Under the alias 'Fausty', Spink also operates VPN service TorrentFreedom, which runs on the open source VPN tool OpenVPN.

Compared to IPREDator's quarterly 149 Swedish kronor (AUD$24) fee, TorrentFreedom's service comes at a pricier US$17 (AUD$20) per month.

Spink explained that TorrentFreedom's VPN client has been years in the making. He said that an ideal commercial VPN service should be user-friendly, and legally as well as technically secure.

"Like much open source code, OpenVPN is powerful and reliable - but very complex to run and configure," he said.

"We took the longer, harder, more expensive route to provide 'real' VPN protection; using PPTP because it is easier and cheaper is something the privacy services market has to move past to be providing service that's more than just of a feel-good value to customers."

Meanwhile, IPREDator's Sunde noted that "IPREDator is very much a political statement more than anything else."

The service was announced in April in response to Sweden's decision to implement the European Union's IPRED legislation, which allows privately held companies to request information about individuals' Internet activity.

"We could not silently accept that we, in Sweden, all of a sudden gave companies police status," Sunde told iTnews.

"In the beginning we never wanted to hide people, since it can be perceived as people are doing 'dirty things' if they hide. But ... like in Iran, where people also hide from their governments, in Sweden, we need to hide from what the government does in the form of giving companies police powers."

"Anyone that feels like they want to be anonymous should have that freedom," he said. "It's the basis of democracy and that's why we want to defend that."

Comments: 10

Thoughts on this article? Add a comment below.

Maxxi Aug 6, 2009 8:39 AM	Hey wasn't this the service that was going to save Australia from Conroy's filter?
anonymous Aug 6, 2009 3:43 PM	No, Maxxi, the answer to your secret government censorship lies with effective VPN options like TorrentFreedom above. So your joyful comment is just wishful thinking by you and Corporal Conroy (and will probably add a bit more egg to your face).
Maxxi Aug 7, 2009 2:26 AM	LOL anonymous Aug 6, 2009 3:43 PM... The egg is on my plate mate, nicely done with some prime bacon and some fried tomato, and a few slices of premium multigrain toast... I am enjoying the meal just as much as I am enjoying reading about "secret" gov censorship, as I am looking at your login name: anonymous... And what you seem so smug about: VPN connections, so that your comms can remain "secret"... LOL. That is a classic case of the pot calling the kettle black... Let's wait 6-12 months after Conroy crashes in on us with the filter, if he ever does it, and then let's see just how many Australians REALLY need to use a VPN connectioon over to some other country, in order to access their internet sites...? That would only be people wanting to access sites that they figure are on the ACMA list? So what are you wanting to access in secret? lol. Will many people really pay more fees, and slow down their internet, to access the stuff they always access anyway? Go use the VPN services, I am more than happy for you. iPredator was being recently touted as a big VPN candidate to nullify the fearsome ACMA filter, and it turnsd out to be a dud. Live with it and move on. I am moving onto my bacon and eggs... And man they taste great today.
Sams Aug 7, 2009 11:33 AM	"That would only be people wanting to access sites that they figure are on the ACMA list? So what are you wanting to access in secret? lol." The dentist perhaps that was accidentally on the list? That abortion information website that my friend needs for their PhD research that some superstitious MP decides was anti-Christian. And so on ... "let's see just how many Australians REALLY need to use a VPN" I already use one. "and it turnsd out to be a dud" [sic] No, that's not what the article says. Security experts work under the assumption that all security measures can be breached. The idea is to use appropriate measures such that the effort/cost of breaching them is more than the value of the data obtained. Even if they could get authorisation, the Aust government is not going to be expending the effort to try to crack 128-bit keys to catch music sharing activities for example. In any case, te commonest avenue of prosecution is private music/video companies - they won't be able to use the logs as they have in the past, and they vertainly wont get the access they need to crack keys. "I am moving onto my bacon and eggs... And man they taste great today." That's nice. I had Weetbix with cashew nuts, washed down with a banana and honey smoothie, followed by half-and-half grape juice and soda water. After that I had a freshly brewed coffee from the espresso machine that I drank as I read the morning news before work.
anonymous Aug 7, 2009 1:30 PM	@Sams, you'd better be careful about what you say in response to the Maxxi & Stevie Show, or they will soon shut you down and lock you up. Corporal Conroy and his sidekicks are on record that they are going to ban all "inappropriate" content, which means a hell of a lot more than the pedophile filth they are using to justify their actions (and which is rightly illegal, right now). @Maxxi, if you're going to be critical because we are all using screen names, perhaps you should identify yourself and who you work for. I'm sure it's only an oversight that you haven't got around to that. . .
Maxxi Aug 7, 2009 5:32 PM	@anonymous.... LOL, you were the one carrying on abour secrecy, the ball is in your court on that one... No oversight, I happen to agree that it is good to have some secrecy at times. Stops radicals and their sometimes nasty personal campaigns... (not you naturally) Look what happened to that woman from Childwise when her personal email was outed: Loads of hate mails and dirt, then abusive calls... The courage of the Australian male at times. None of them named themselves. But don't bluster on about someone else's secrecy when you want to enjoy it yourself... And you should enjoy it, as long as you let others enjoy it too when they figure they need or want to... @Sams: You make some good and valid points, agreed. The Torrent feed site looks useful, I might just try that one out for a month, thanks. My point on that question is yes, some will use VPN, Torrent, Proxy sites. No laws against that if we are not abusing it. I have used them at times and will do that again as well. I just simply doubt that a large percentage will ever need or be motivated to use them for their normal browsing, as the pissant size of the ACMA list and what's on it will rarely if ever inhibit 99.9% of Australians getting to their stuff... The article did not state it was a dud, that was my opinion, in relation to it being a viable mainsteam filter work-around for Aussies, as it was touted... Agreed on the security aspects, and the encryption. That will be a dilemna for anyone wanting to crack privacy transmissions etc. OK, your breakfast was good. I just had to get that egg off my face and onto a plate...
Maxxi Aug 7, 2009 5:33 PM	My apologies, @anonymous gave me the torrent name, thanks.
anonymous Aug 7, 2009 6:17 PM	"@Maxxi, if you're going to be critical because we are all using screen names, perhaps you should identify yourself and who you work for. I'm sure it's only an oversight that you haven't got around to that. . ." You didn't get it the first or second time, so it's unlikely you'll get it now, but: YOU were the one who raised the issue of identity, twice, so since you are the concerned party it is up to you to disclose who you are working for. Fat chance.
Maxxi Aug 7, 2009 10:51 PM	@anonymous: I quote from your first post here: "No, Maxxi, the answer to your secret government censorship lies with effective VPN options like TorrentFreedom above." You seem to have a far greater personal problem than the issue in discussion, that being whether iPredator was going to be a viable solution? If you can address that? Otherwise have a nice weekend and enjoy YOUR secrecy...
Johnny Aug 12, 2009 11:28 AM	I'll setup my own box in another country for me and a few mates :)