I had the privilege to address the annual Chaos Communication Congress (36C3) in Leipzig last week about the state and remaining issues in private communications.
The recording of the video has been made available by the CCC, and I have also posted the slides.
The TL;DR for me is that many of the trade-offs are balancing the stability of user experience with privacy mechanisms – and finding more ergonomic user experience interactions will be as important as new systems schemes are to improving the ecosystem.
I am particularly excited by the number of ongoing effort reducing trust in central servers. Many of the mechanistic trade-offs we face are due to the topology of our systems. With systems designed for fully anonymous interaction, like mixnets, PIR, and oblivious messaging, we can model and mitigate threats from much more realistic adversaries than we do with popular channels today. (For instance, consider an office which has received a whistle blowing message. If the receiving investigation wants to identify the source, they likely control both the local network, and have the ability to send messages to the account that initiated the conversation. Our current designs will find it quite difficult to protect a user from this scenario)
I gave a talk this past summer at DEFCON on the ethical quandary that continues to play a role in the academic discussion of network censorship measurement. Over the course of my phd studies, there was a significant arc of time where the community yielded to caution as the issues around ethics were better understood.
These issues have not gone away, and in the intervening six months since this talk, we’ve seen new groups re-develop techniques deemed problematic by the prevailing winds of the academic community.
Watch on Youtube
One of the most interesting lines of inquiry within the Censored Planet project at the University of Michigan is trying to pull apart the different actors involved in Internet censorship. One of the interesting quirks is that a significant factor in why content might not be available to users is that the web publisher themselves have limited who they’ll respond to.
This relates to existing phenomenons like increased balkanization of the web, where regions and nations promote domestic services and networks, but is as much a function of where lucrative markets are and a reaction to the background of fraud and malicious online traffic.
One outcome of this research is a set of measurements looking at how and where CDNs limit access, that will be presented tomorrow at IMC.
Like many parts of the Internet, a take-away here is that attribution is hard.
I’m excited to see a bunch of friends next week at HOPE, an annual New York conference in the same vein as CCC. I’ll be participating in a panel on Internet Censorship on Friday morning, with a fantastic group of co-panelists. The talk recording is available here.
Quite exciting to see another step in remote measurement systems at USENIX Security in August. This particular piece is on how to recover DPI policies at scale.
The following is a response to an invitation to participate in the recently formed Cuba Internet Task Force.
Task Force Representatives:
I will not be joining the Cuba Internet Task Force, or Subcommittees, because I believe the harm done by the existence of these committees outweighs any potential benefit of the recommendations that can come from them.
In recent years, Cuba has increasingly normalized Internet usage, through expansion and cost reduction of WiFi, through the advent of AirBNB as a major source of tourism revenue, and through growing traffic capacity.
In the scope of my work, I have documented the flourishing community wireless networks operating in tandem with official Internet service from ETECSA. These community efforts already address the “last mile” problem, and it is not hard to imagine the future where they are consolidated or integrated to provide Internet-to-the-home for many more Cubans.
These efforts are hindered by the perception by the Cuban government that the Internet and its associated ‘freedom’ are being forced upon them by the United States. In the wake of the creation of this task force, Cuban media has focused on the implied pressure, and private individuals in the Cuban technology sector have come under increased scrutiny.
Instead of attempting to influence the policies of another sovereign nation, I encourage us to reflect more on our internal policies. US government sanctions currently require a wide range of US-based education and reference sites from blocking Cuban traffic. Likewise, limitations preventing Cubans from connecting to US-invested undersea cables are partially responsible for the scarcity and cost of Cuban Internet connections. Reducing these sanctions can allow Cubans to become a market for US companies, and will provide additional incentives for widespread connectivity across the country.
The video from the talk I gave on how to get more public visibility into DPRK consumer technology is now online.
Slides for the talk are available here.
I’m very excited to have two talks at CCC at the end of the month. The bulk of accepted talks can be seen and voted on at the CCC “halfnarp”.
The first talk is on the Internet in Cuba. It expands upon the recent talk I presented at IMC last month, to provide additional color on what Internet access is really like in Cuba, and what the community there is doing to create LANs and other alternatives to the official but expensive ETECSA service.
The second talk looks again at technology in Pyongyang. Since 2014, there have been a number of talks about the totally closed off tech ecosystem there, but as it ramps up we continue to only get a few glimpses into what’s going on, and it’s getting only harder as the broader tensions ramp up. My goal is to propose a path for getting more rather than less transparency into the picture, because it is a really fascinating place.
The talks should both be recorded, and might even be streamed. If you’re one of the (I hear it could be up 16,000) participants, I hope to see you in Leipzig!
It’s great to see that Research into Human Rights Protocol Considerations has been published as an RFC. An interesting document exploring how the technical protocols of the Internet interact with our real-world values.
I had the chance to visit China last week and tag along with the tail-end of a longer trip organized around various Makerspaces around the region. This is the first time in several years that I’ve spent a prolonged amount of time in the dense population areas of Beijing and Shanghai, and it was fascinating to watch the evolution that continues in this majority of Chinese life.
The most noticeable change from my perspective is that Beijing and Shanghai are effectively almost cashless. The use of Alipay and wechat pay are ubiquitous, to the point that you feel that you are creating an imposition to shop keepers by paying with cash. While funding your account on either of these services requires a chinese bank account (which itself requires a mainland cellphone number), the process can be short-circuited by making an unofficial exchange with someone willing to send you a personal transfer within the systems. It remains easy enough to find people at hostels, (as well as localbitcoins, I hear) who are willing to trade.
The systems themselves are fascinating to use. Payment to a merchant will automatically cause you to follow the merchants account, typically leading to messages about member cards and discounts. These messages seemed to only be pushed directly in response to a purchase, and weren’t overly intrusive. It seems to be the realization of the business-to-consumer engagement systems facebook and google have been struggling and so far failing to build in the US. Smaller vendors often operate directly as individuals – you type in how much money the bill is, and send it as a direct transfer to an account specified by the waiter or merchant.
This payment structure has resulted in a secondary industry of android-based devices dedicated to sales and scanning QR codes for these systems, as well as receipt printers that turn app orders into printed requests for food or similar.
Apart from the payment evolution, it is really interesting to watch China modernize. Life there now is much more comfortable from a western perspective than it has been in the past, with both a larger presence of foreigners visible and more english available to help navigate. Some distinctive characteristics remain, including a self-interested approach to queuing and different expectations of personal space. Prices in Shanghai have reached parity with those in the west, although cheaper options remain if you look for them.
In terms of Internet connectivity, I was surprised to find that connectivity remained quite similar to what I had experienced in the past. An SSH tunnel to a foreign server was sufficient to maintain email access while I was there, and disruptions I experienced seemed to be much more a function of over-loaded local networks than of more restrictions for international traffic. I talked with a couple different people who mentioned that Astrill continues to not be blocked, and seemed surprised that something so well known continues to operate without disruption.