Pirate Bay's IPREDator not a place to hide

By on
Pirate Bay's IPREDator not a place to hide

Anonymity service far from bulletproof.

Last month's beta launch of the IPREDator anonymity service has raised questions about security of commercial Virtual Private Networks (VPN).

The service claims to allow subscribers to access the Internet anonymously via a VPN that is based in Sweden.

By accessing the Web through the VPN, subscribers are able to hide their traffic data from Internet Service Providers (ISP), and bypass ISP-level censorship.

But the network isn't exactly bulletproof.

It is run by Swedish VPN company Trygghetsbolaget, which also built the once-popular Relakks service in 2006.

Unlike Relakks, IPREDator does not log its users' traffic information.

However, the services are based on the same software, including the use of 128-bit encrypted point-to-point tunnelling protocol (PPTP).

PPTP is a user-friendly VPN protocol that was first implemented on Microsoft's operating systems in 1996. Reports by security experts such as Bruce Schneier have since revealed a number of flaws in the technology, including password hashing and encryption issues.

IPREDator co-founder Peter Sunde, who also founded popular file-sharing site The Pirate Bay, told iTnews: "128-bit encrypted PPTP can probably be broken by someone that can eavesdrop on the traffic."

"But in order to eavesdrop on the traffic, the government -- at least in Sweden -- must have a valid reason to do that."

"We're not here to protect criminals; we're here to protect private citizens against undemocratic laws," Sunde said.

However, according to Douglas Spink, who is the co-founder and Chief Technology Officer of Canadian networking company Baneki Privacy Computing, IPREDator's security systems may not be sufficient protection for persons such as an activist in Iran.

"If an Iranian activist is trying to visit a banned website, [and] the authorities can see that they are visiting that website ... [that] would be enough to cause tragedy for an activist seeking protection via a VPN service," he told iTnews.

Under the alias 'Fausty', Spink also operates VPN service TorrentFreedom, which runs on the open source VPN tool OpenVPN.

Compared to IPREDator's quarterly 149 Swedish kronor (AUD$24) fee, TorrentFreedom's service comes at a pricier US$17 (AUD$20) per month.

Spink explained that TorrentFreedom's VPN client has been years in the making. He said that an ideal commercial VPN service should be user-friendly, and legally as well as technically secure.

"Like much open source code, OpenVPN is powerful and reliable - but very complex to run and configure," he said.

"We took the longer, harder, more expensive route to provide 'real' VPN protection; using PPTP because it is easier and cheaper is something the privacy services market has to move past to be providing service that's more than just of a feel-good value to customers."

Meanwhile, IPREDator's Sunde noted that "IPREDator is very much a political statement more than anything else."

The service was announced in April in response to Sweden's decision to implement the European Union's IPRED legislation, which allows privately held companies to request information about individuals' Internet activity.

"We could not silently accept that we, in Sweden, all of a sudden gave companies police status," Sunde told iTnews.

"In the beginning we never wanted to hide people, since it can be perceived as people are doing 'dirty things' if they hide. But ... like in Iran, where people also hide from their governments, in Sweden, we need to hide from what the government does in the form of giving companies police powers."

"Anyone that feels like they want to be anonymous should have that freedom," he said. "It's the basis of democracy and that's why we want to defend that."

Got a news tip for our journalists? Share it with us anonymously here.

Most Read Articles

Log In

  |  Forgot your password?