PDA

View Full Version : OT: Internet privacy querry (my yearly "serious thread")



BaldieJr
04-06-2006, 03:15 PM
I've been working on some top-secret internet engineering that may interest some of you. I'm not a marketing guy so I don't know what the potential is, or how to figure it out. So, I'm going to ask you guys:

What is an internet cloaking service worth to you? This would be a monthly subscription service. All internet surfing goes through a remote server through an encrypted tunnel. You can turn it on/off at will and use it for almost anything (web, email, chat, whatever).

Thanks in advance for your insight.

BaldieJr
04-06-2006, 03:15 PM
I've been working on some top-secret internet engineering that may interest some of you. I'm not a marketing guy so I don't know what the potential is, or how to figure it out. So, I'm going to ask you guys:

What is an internet cloaking service worth to you? This would be a monthly subscription service. All internet surfing goes through a remote server through an encrypted tunnel. You can turn it on/off at will and use it for almost anything (web, email, chat, whatever).

Thanks in advance for your insight.

BaldieJr
04-06-2006, 03:23 PM
PS: if this is of no value to you, please say so. I'm curious. Tanx.

LStarosta
04-06-2006, 03:25 PM
You mean... a proxy server?

arcadeace
04-06-2006, 03:26 PM
That's what i'm wondering? i'm sure you're already familiar with anonymous "ghost servers." I've used a few - my favorite is Hide ip pro. They range anywhere from making it impossible to track your ip, to eliminating all references to your browser, surfing history, display, operating system etc.

ps: if you can make it fast and consistantly reliable, you'd compete well

Von_Rat
04-06-2006, 03:31 PM
my totally uniformed opionon is.

i can see buisnesses wanting it.

for the average joe like myself,i have no need for it. im not overly paranoid and im not married, so don't have to hide anything from any detectives the wife might have hired. and my ex couldnt care less. lol

BaldieJr
04-06-2006, 03:39 PM
<BLOCKQUOTE class="ip-ubbcode-quote"><div class="ip-ubbcode-quote-title">quote:</div><div class="ip-ubbcode-quote-content">Originally posted by LStarosta:
You mean... a proxy server? </div></BLOCKQUOTE>

tunneling. its different. you can tunnel anything. email, icq, games, whatever. as far as the world is concerned, you are that remote server, and anyone between you and that server will see nothing but gobblety-**** if they sniff the network.

ploughman
04-06-2006, 03:43 PM
So...you basically are on the web but nobody, including the NSA, can trace you?

It's of no real value to me at this time, and the people it might be of value to are probably not people I'd want to have a beer with.

But maybe I'm just not seeing the potential.

WOLFMondo
04-06-2006, 03:48 PM
Maybe some people feel the NSA reading your e-mails and catching you looking at pr0n sites is invasion of privacy? http://forums.ubi.com/groupee_common/emoticons/icon_wink.gif

ploughman
04-06-2006, 03:53 PM
Well it is, especially the porn, those are private moments. But instead of subscribing so they can't, how about legislating so they can't? Or maybe it's time to start getting all 'long rifle' on their electron snooping, email reading, phone tapping, Echelon butts?

georgeo76
04-06-2006, 03:53 PM
So this service is for private home users?

Probably worth something to the perverts, paranoids, and criminals. As much as I like the idea of privacy I've got enough bills.

Megile_
04-06-2006, 03:59 PM
hmmm

nice Idea.

Think I'm gonna go sell it

russ.nl
04-06-2006, 04:01 PM
I think it is very good and inportante that people invest and put energy in this sort of thing.
I myself will not use it now because I have nothing to hide, everybody has been able to see what I've been doing the last couple of years and have had no problems with this (yet).
I do think that it is important that software or hardware like this exists or is being invested in. Now I do not have a problem with the possebillety that everybody can see what I do. But it is not to say what the future will hold for us. Goverment can become corrupt (or what ever) they are still being run by humans.

Von_Rat
04-06-2006, 04:10 PM
<BLOCKQUOTE class="ip-ubbcode-quote"><div class="ip-ubbcode-quote-title">quote:</div><div class="ip-ubbcode-quote-content">Goverment can become corrupt (or what ever) they are still being run by humans. </div></BLOCKQUOTE>

are you sure about that. (cues X FILES music)

russ.nl
04-06-2006, 04:24 PM
<BLOCKQUOTE class="ip-ubbcode-quote"><div class="ip-ubbcode-quote-title">quote:</div><div class="ip-ubbcode-quote-content">Originally posted by Von_Rat:
<BLOCKQUOTE class="ip-ubbcode-quote"><div class="ip-ubbcode-quote-title">quote:</div><div class="ip-ubbcode-quote-content">Goverment can become corrupt (or what ever) they are still being run by humans. </div></BLOCKQUOTE>

are you sure about that. (cues X FILES music) </div></BLOCKQUOTE>

Are you....http://www.systemfehler.de/comix/bush.jpg http://forums.ubi.com/groupee_common/emoticons/icon_biggrin.gif

arcadeace
04-06-2006, 04:32 PM
I'm concerned about the eventuall power of google, yahoo and ms - they've proven disregard for human rights already.

Baldie I don't think your's is different other than you want it for gaming but that would slow things down. Email, and i think even icq are available with some.

The problem with all proxy (remote) servers is all data has to rout through them first and that causes delay. Sometimes very significant. It depends how many using at a given moment and the detour your server makes with respect to requests. Some of these services have numerous servers like primedius, and you can ping for the fastest one, but still it can be a problem. Its almost useless with dial-ups tho I do it on occasion, sometimes i like knowing i can have private conversation. I must be paraniod.

Of course, trust still has to be placed in whomever runs the server.

ElAurens
04-06-2006, 04:39 PM
Fascinating.

http://www.timemachinetoys.com/toypics/spock8x10.JPG

I might try it if it didn't cost an arm and a leg.

ImpStarDuece
04-06-2006, 04:49 PM
My little bro studies network engineering at a very well respected university and some of the backdoors and security trickes that he gets taught, as well as the ones he and his classmates invent later, are a little scary sometimes.

He does everything online via an encrypted proxy server and gets up to some interesting mischeif back tracing spam and pop-up ads. He and his mates play games trying to work out route sourcing destinations and the like. Lots of them set up 'blind' servers as well, just to stop interested parties from having a peak at what they are up to.

WWSensei
04-06-2006, 05:34 PM
"Tunneling" or VPN services are useful. Trusting an anonymous or third party company for it less likely on a large scale.

You aiming for consumer or enterprise? What's your competitive advantage over a secure pcAnywhere or Cisco, Juniper secure transaction link?

Does it meet EDT transmission and encryption standards for financial transfers etc?

AFJ_rsm
04-06-2006, 05:39 PM
It's been done already

www.hamachi.cc (http://www.hamachi.cc)


I use it with friends when they want me to host games since I'm on a private IP connection and hamachi lets them see my computer as part of a common vlan

Viper2005_
04-06-2006, 06:09 PM
i) Whatever you do, somebody, somwhere can see what I'm looking at on the 'net. The data has to go somewhere...

ii) If I were associated with "the authorities" I would devote a substantial proportion of my efforts to defeating such obvious attempts at anonymity as your service would offer; afterall, the chances are that those using it would have "something to hide". I don't care what encryption you have, experience shows that given the $ it can be broken. The biggest problem is choosing what stuff to break. Your service solves that problem. I'm sure that "the authorities" are thankful...

iii) As a non-technical type, how are you going to persuade me that your service is really secure? If I'm the paranoid type, how are you going to persuade me that you aren't an NSA front company?

iv) Surely you realise that the vast majority of internet traffic is "hidden in plain sight"? Frankly that's pretty hard to beat - the internet is pretty big! As such, why should I attract attention to myself by using your service?

v) If your system really is secure, and the last anybody knows is when data hits your server, what are your legal obligations and liabilities? Afterall, you've got to accept that if your service works it'll be used by paedophiles etc.

BTW, what is your moral position as regards such use of the service which you intend to provide?

MOH_MADMAN
04-06-2006, 07:13 PM
not sure what this is, but if it can hide a spammer, hacker or other then id have no use for it.

MAD

LEBillfish
04-06-2006, 09:00 PM
Actually, these sorts of services are very useful to ANYBODY in that you never know what socially accepted thing you do today might be worth burning you at the stake tomorrow let alone from hackers and such........Now if that sounds rediculous then tell it to everyone that Stalin, Hitler, McCarthy, and a thousand others have done over the centuries. Ex., it's ok to be a tax paying methodist today yet tomorrow if not a Hindu and having paid taxes the Democrats now in power then you're a traitor.

More so, in the past things required vast paper trails, or actually witnessing words spoken or relationships......It simply taking not using your own phone, having bills or tracable income and name and viola....You're a ghost......Cell phones, OnStar, the internet, computers, dna and a thousand other things making "1984" seem mild and almost laughable. More so, governments now even pass laws that make such tracking of the population acceptable, and the citizenry foolishly allows it.


However, such a thing as is being discussed is only as secure as any PC can be (hacker wise)...More so, that one server becomes a central focal point or hub, it taking little to put 2+2 together to see who was linking to where. Lastly, it is only as secure as the owner of it is willing to sacrifice themselves, as push come to shove if the choice is my butt or theirs, guess who loses.

So it doesn't matter if you do anything socially wrong or not today, it might be tomorrow and what you did in the past might bite you if the right person gets a hard on over it.........Yet in the end except from petty criminals (like the guy who will steal from your car if unlocked, but not if it is)....It's no more secure IMLTHO then your own PC.

Sad but true....So drop your cell phone, walk away from your home and possessions, and put on your tin foil hat......OR.......Press for serious laws that stop internet crime and abuse AND do not allow your own governments to take your rights......OR......Deal with it.

Just my uneducated opinion.

raisen
04-06-2006, 09:42 PM
Can't see the point for 99.9999% of users. It's likely to be of use for miscreants - crims and govermental, paranoiacs, and possibly businesses who do have to transmit confidential information. You can bet your life that those folks working for goverments needing secure comms over the internet already have systems in place that would make such a product largely irrelevant. All of those groups have the option to encrypt traffic and there are already plenty of ways to obfuscate just about everything.

I'd be pretty sceptical that such a product would provide anything other than a ready database to sell to spammers of email addresses, geographical addresses etc....

There is also a likely trust issue - after all who is going to administer and run the servers users will log into, those users that have a serious legitimate need for such a product would quite likely require considerable reassurance that their traffic not be trivially open to such a providers sysadmins.

In any event, with advances in quantum computing on a daily basis, it's unlikely to be long before pretty much any such communication will be available in plaintext to any government or corporation that believes it needs to know.

Advice to ne'er do wells everywhere.... Forensic computing will almost always find you out. Don't do it. Whatever it is....

Seems like a limited market to me.

Raisen

Jatro13th
04-07-2006, 12:29 AM
For me, it's not a matter if you've got anything to hide or not. It's just a matter of being able to draw the curtains as you would in your own house.
So, I would give it thumbs up!

russ.nl
04-07-2006, 04:27 AM
Good post LEBillfish http://forums.ubi.com/images/smilies/25.gif

BaldieJr
04-07-2006, 05:33 AM
<BLOCKQUOTE class="ip-ubbcode-quote"><div class="ip-ubbcode-quote-title">quote:</div><div class="ip-ubbcode-quote-content">Originally posted by WWSensei:
"Tunneling" or VPN services are useful. Trusting an anonymous or third party company for it less likely on a large scale.

You aiming for consumer or enterprise? What's your competitive advantage over a secure pcAnywhere or Cisco, Juniper secure transaction link?

Does it meet EDT transmission and encryption standards for financial transfers etc? </div></BLOCKQUOTE>

consumers. i figure its usefull for firewall avoidance. i know that does not sound like much but i couldn't do my job without it (stupid corp it dept).

NPR ran a blurb about google/yahoo being forced to edit content bound for china. this would provide a workaround for those people needing one. Or for those folks who suffer at the hands of oppressive/ignorant IT departments.

My competitive advantage: no software to purchase, low monthly cost, pay for what you use.

I dont think edt applies here. I may be wrong.

Megile_
04-07-2006, 05:42 AM
Hey Baldie, who's going to run the server(s), and where will they be stored?

You are gonna have to use some sh1t hot protection because hackers are gonna own it faster than you can say, omfg wtf?

Also, if people use it for illegal activities, will you be liable?

BaldieJr
04-07-2006, 07:09 AM
i run the server. it would probably be in one of the tx datacenters. security is pretty easy in this scenario using freebsd. a jail with no perms and no binaries and no right to do anything but forward http requests. although i can proxy anything i'll prolly set some restrictions. the more i think about it, the less appealing an anything-goes connection becomes.

if its done right the liability would fall on the user the same as an isp. i'm somewhere between layer 3 and layer 4 (network and transport) so I don't see how I could be liable.

LEBillfish
04-07-2006, 10:31 AM
Though I do not know the laws and how they would make you liable Baldie I can present a couple of scenario's for you to consider and think on what you might do. I will also try and make these deliberately vague and questionable.

Bob begins using your service to cruise chat rooms. Now he may or may not be a predator, or pervert you don't know, the chatrooms innocent enough yet suddenly you find yourself confronted by the local police, them stating point blank you need to hand over the server so they can look it over and look over logs of Bob's activities..........They might say he's a child predator......On the other hand they might say he is simply gay that a crime many places, or maybe even just soliciting sex between consenting adults.........You don't know, and in fact they don't know but want to see.

Your option?.......Give them the server betraying the trust of your clients....note the pluaral as then everyone is at risk.......Or, be charged with pandering and "possibly" aiding in a crime requiring you sit in jail until they're done obtaining the server and reviewing all of its information.


Second scenario.....

Tom begins using your service to cruise chat rooms or even just specific websites. Now he may or may not be a threat you don't know, the chatrooms innocent enough yet suddenly you find yourself confronted by the local police backed by the NSA, them stating point blank you need to hand over the server so they can look it over and look over logs of Tom's activities..........They might say he's terrorist......On the other hand they might say he is simply looking up weapons of mass destruction, or maybe even just a Libertarian or Democrat the Republicans in power.........You don't know, and in fact they don't know but want to see.

Your option?.......Give them the server betraying the trust of your clients....note the pluaral as then everyone is at risk.......Or, NOT be charged with a crime yet the "patriot act" cited.......At which time you'll face imprisonment for a term undisclosed, just-a-cuz you didn't hop toad when told, be interrogated daily and basically end up on their lists as a terrorist or anti-american sypathizer because you did not anxiously want to give up the server.

In both cases you risk losing not only the server, yet your home, business, livelyhood, reputation, freedom, being unjustly imprisoned and can look forward to long soapy showers till late in the night with no soap on a rope to be had with some seriously dangerous people.


In either case, if you destroy the server you will be considered as "obstructing justice"....

What do you do?.......

Your honest answer to yourself showing how secure the server is for your clients.....That not even getting into the minor aspects of you having to deal with hackers trying to mess up your system simply because they are pathetic p*ss ants and realize they can cause more problems hitting you then individuals.

raisen
04-07-2006, 11:13 AM
Good posts LeBillFish...

I might add to your last post....

What about possible court cases from those damaged by users of the system, or from those whose usage tracks have to be surrendered for whatever reason. I guess you're going to need major legal cover.

Raisen

ploughman
04-07-2006, 11:58 AM
Not sure how this applies Baldie, but the recent 'governmunt' vs google ruling might have implications. I'm sure Google'll be running that ruling all the way up to the Supreme Court but I dare say arguements about bank records etc hold the precedence. I understand that Google might be offerring a remote file backup service in the near future and it makes total sense for them to be fighting for some kind off comphrehensive privacy coverall for the information they hold otherwise users'll be just making their private files openly available to the feds and so on, but I dare say they're on a hiding to nothing. I don't know if the system you propose records activity that might be sequestered later, or even if it is required to, but better that it doth not hold any information beyond what it is absolutely required to.

arcadeace
04-07-2006, 12:20 PM
Any privacy concerns are directly related to data retention. Currently, no US law mandates such logs be kept as a matter of practice.

Last year the Justice Dept. had a private meeting with ISPs and th National Center for Missing and Exploited Children. It raised the possibility, emphatically, of the idea logs be kept for at least a couple months. The main consern is child porn. They have a new department called the Child Exploitation and Obscenity Section and they even appear at odds with the Bush Administration's original stated policy having no mandatory data retention regimes for ISPs.

If police are performing a focused ongoing investigation they can require an ISP through court order to retain a record for 90 days but even this has large hurdles. Child protection advocates say the process can lead police to dead ends if they don't move quickly enough as log files may have been discarded automatically. Also, many Internet service providers are simply not set up to record information about instant-messaging conversations or even Web sites visited. They retain or destroy records based upon individual assessments of resources, security and other business needs.

This discussion has to be kept in perspective and I think with emphasis, to a point, on ideology. Throughout the 90s the Clinton Administration focused counter terrorism on domestic "survivalists" and religious (Christian) fundamentalists. This current administration is against child porn and the terrorist threat from Islamic fundamentalists. There's always reason to be concerned over who's in power and what lawmakers and big corps are capable of. There's also a lot of unfounded fear mongering. Its a balancing act of personal predujice and fear, and realistic concern over those in power and the ease of corruption and abuse.

BaldieJr
04-07-2006, 12:26 PM
id hand over logs to the authorities in a heartbeat, just as any other isp does.

im not out to protect anyone from themselves.

ploughman
04-07-2006, 12:45 PM
Out of interest, althougth much of this thread seems to have dealt with the extremes like child predation, terrorism and civil liberties, what's the centre-ground market for this cloaking system? As with alot of folk, I don't think have anything to hide but...now I wonder if maybe I should! Would such a system offer any protection against data/identity theives and so on?

TheGozr
04-07-2006, 01:10 PM
"I've been working on some top-secret internet engineering that may interest some of you."

Snitch!! http://forums.ubi.com/groupee_common/emoticons/icon_wink.gif

arcadeace
04-07-2006, 01:20 PM
<BLOCKQUOTE class="ip-ubbcode-quote"><div class="ip-ubbcode-quote-title">quote:</div><div class="ip-ubbcode-quote-content">Originally posted by Ploughman:
Out of interest, althougth much of this thread seems to have dealt with the extremes like child predation, terrorism and civil liberties, what's the centre-ground market for this cloaking system? As with alot of folk, I don't think have anything to hide but...now I wonder if maybe I should! Would such a system offer any protection against data/identity theives and so on? </div></BLOCKQUOTE>

Here's a few examples of possible limitations using a proxy. I use my checking and savings through my Bank of America web account and 3 forms of id are neccessary. The site will not allow any request from a proxy. Nada. My yahoo account will not accept 'most' proxies. Something as simple as signing in here is the same way http://forums.ubi.com/groupee_common/emoticons/icon_smile.gif So, you're gonna be limited with id related sites period.

As Baldie said, he can filter completely all the nasties from entering your pc. And you will have total anonymity from everyone. Unlike what some have implied you don't have to be the bad guy, but have protection from bad guys wanting something from you.

ploughman
04-07-2006, 01:50 PM
Right, so my interest in something like this is that, while surfing nothing bad will happen to me using Baldie's system. It makes me teflon coated and predator proof. If I want to access my on-line bank account I turn off Baldie's system an rely on my bank's security systems using my totally visible ISP provider, if I go on Yahoo or MSN I rely on them and my ISP provider and not Baldie's system, because that's the deal.

If I want to forge some kind of relationship with a site, be it e-bay or whatever, being cloaked may not allow this and I will have to allow my ISP to become visible but otherwise I can tred the web invulnerable.

Not bad. For this, I might subscribe for a little piece of mind.

arcadeace
04-07-2006, 02:03 PM
It seems its where we've arrived. Peace of mind means, non existance so to speak http://forums.ubi.com/groupee_common/emoticons/icon_smile.gif

ploughman
04-07-2006, 02:18 PM
Er. Yeah, peace of mind as opposed to piece of mind, which I seem to have been temporarily lacking. http://forums.ubi.com/images/smilies/sadeyes.gif

Blood_Splat
04-07-2006, 02:53 PM
Well pedophiles would love it.