Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security The Internet

Researchers Build a Browser-Based Darknet 163

ancientribe writes "At Black Hat USA next month, researchers will demonstrate a way to use modern browsers to more easily build darknets — underground private Internet communities where users can share content and ideas securely and anonymously. HP's Billy Hoffman and Matt Wood have created Veiled, a proof-of-concept darknet that only requires participants have an HTML 5-based browser to join. No special software or configuration is necessary, unlike with darknets such as Tor. Veiled is basically a 'zero footprint' network, in which groups can rapidly form and disappear without a trace. The researchers admit darknets are attractive to bad guys, too, but they say they think these more easily set-up and dismantled nets will be more popular for mainstream (and legit) users." In somewhat related news, reader cheesethegreat informs us that version 0.7.5 of FreeNet has hit the tubes.
This discussion has been archived. No new comments can be posted.

Researchers Build a Browser-Based Darknet

Comments Filter:
  • Worried, maybe. (Score:5, Interesting)

    by arizwebfoot ( 1228544 ) * on Tuesday June 16, 2009 @04:50PM (#28354217)

    The researchers admit darknets are attractive to bad guys, too.

    Yeah, I would be worried about all those sock hat wearing pedophiles out there.

    Of course maybe Craigslist could use it to advertise their wares.

    • Re:Worried, maybe. (Score:5, Insightful)

      by hansraj ( 458504 ) on Tuesday June 16, 2009 @05:02PM (#28354353)

      Yes, darknet is attractive to bad guys but so is expectation of privacy in general.

    • Re:Worried, maybe. (Score:5, Insightful)

      by Opportunist ( 166417 ) on Tuesday June 16, 2009 @05:54PM (#28354903)

      And that's exactly the reason why this will be outlawed immediately as soon as a sizable portion of the population (in the western world, folks, I'm not talking about Iran, China and Burma here) uses it to circumvent the governmental snooping that's running rampart.

      Can't outlaw it, you say? Because we're in a free world and thus they can't just simply outlaw encryption?

      Ok, they won't. What we'll get is a law that makes you liable if you "faciliate the spread of pedophilia". After all, if you help a pedo you're in the wrong as well, ain't you? Since you can't really determine what kind of data you roll around in a darknet (it would kinda defeat the purpose if you could), darknet proponents would get their IP sniffed and law enforcement would download any kind of kiddy porn they could find in the darknet. As soon as the IP of a proponent can be linked to the porn (say, a chunk came from him because it was stored at his part of the cloud), the trap closes, the law enforcement can "prove" that darknet proponents are "only" in for the kiddy porn and thus darknet is an evil tool of child exploitation.

      Gimme a single reason to believe this won't happen, I beg you.

      • Re:Worried, maybe. (Score:5, Insightful)

        by Gotenosente ( 1496667 ) on Tuesday June 16, 2009 @06:37PM (#28355375)
        I think you are probably right and this type of thing will be attempted. However, in that situation, I would think that one could argue they had no knowledge that that's what they were partaking in. After all, that's the design of the system, right? Hell, if I help out a guy with a flat tire who happens to proceed to rape a child, am I guilty of aiding a pedophile? No, because there are plenty of legit reasons why a guy would be driving around in a car. Just as there are plenty of legit reasons why someone would want to surf entirely anonymously.
        • Re:Worried, maybe. (Score:5, Insightful)

          by Opportunist ( 166417 ) on Tuesday June 16, 2009 @06:54PM (#28355549)

          That would make sense. But do you think a judge will be able to tell the difference, more so when he is told that he should better NOT tell the difference? It will be made a tool that faciliates child porn, and no "honest citizen" needs it... do you think this argumentation wouldn't be used? And all too readily believed by those that don't really care too much as long as they got YouTube and Twitter?

          The idea that something should be legal because it is usually used for legal means and only in exceptions for illegal ones is one of the past. The same analogy could be used for guns, cars, almost anything human made can be used for good and ill. The problem here is that darknets are by their very definition something governments cannot regulate or control, and thus they will bring all the firepower they have into the field to destroy them if they see wide public use. The only reason we haven't seen them cracking down hard on them is simply that the amount of people using (or even knowing about) them is minimal. If darknets become a tool usable (and used) by the average computer user, they will become a target of governments which are all too eager to control and monitor what their citizens do.

          I.e. pretty much all governments on this planet.

          • Re:Worried, maybe. (Score:5, Interesting)

            by Gotenosente ( 1496667 ) on Tuesday June 16, 2009 @07:11PM (#28355727)
            I share your fear. Here's what I think the key is: tie this type of tech up with something that almost all "good" citizens would be against from the start. Ie debut this as a vehicle for freedom of information in oppressive, countries. I think we have enough people in the US who believe that there is some sort of Axis of Evil out there that needs to be defeated by Freedom. Iran would be ideal, China would probably work. We need to give John Q Public a good first impression. Maybe an author writing a nice novel would be helpful too.
            • Re: (Score:2, Informative)

              "almost all "good" citizens would not be against"
            • Re:Worried, maybe. (Score:5, Insightful)

              by Opportunist ( 166417 ) on Wednesday June 17, 2009 @01:28AM (#28358233)

              Here's your counter argument: In repressive governments like the Chinese, those darknets serve a very sensible purpose because they allow them the right to free speech and discussion of politics. Here, there is no reason for those as you may already speak your mind, and thus the only reason to use them in the "free world" is to do something illegal.

              Bet nobody realizes that they're used for exactly the same thing in "repressive" states: To do something illegal. Like, say, enjoy freedom of speech.

              Isn't it strange that we're all for handing people the ability to circumvent their laws if we consider those laws "wrong", but we dread the same at home?

        • Re: (Score:3, Insightful)

          by Anonymous Coward

          I think you are probably right and this type of thing will be attempted.
          However, in that situation, I would think that one could argue they had no knowledge that that's what they were partaking in. After all, that's the design of the system, right?
          Hell, if I help out a guy with a flat tire who happens to proceed to rape a child, am I guilty of aiding a pedophile? No, because there are plenty of legit reasons why a guy would be driving around in a car. Just as there are plenty of legit reasons why someone would want to surf entirely anonymously.

          That might be enough to convince a jury, especially if the FBI doesn't find anything else incriminating on your systems.

          But it is more than enough to get a warrant, your front door kicked off the hinges, and all your equipment confiscated for literally years. And you'll be lucky to get any of it back, ever, guilty or not.

          As for your example above, they will approach it in the same fashion as P2P is treated. They will simply claim that it's "common knowledge" that most users of that service are involved in s

          • And with the ever increasing amount of laws it's almost certain that you actually are guilty of something. Even without knowing. If everything fails, your porn collection will be eyed for anything that could possibly be seen as "under 18" or posing as such. Or that beach pics of your kids.

            Today Cardinal Richelieu would probably say "If you give me a hard drive of the most honest man, I will find something in it to hang him."

        • Hell, if I help out a guy with a flat tire who happens to proceed to rape a child, am I guilty of aiding a pedophile?

          If you help a guy in a costume-shop janitor uniform change a flat tire on a white van over the road from a school, then there's a good chance you are. There are still legit reasons for the guy to be in this situation (maybe he's just been hired as the janitor?) but there's enough reasonable doubt to be suspicious.

          I'm not saying it's right that you could be punished for either of our scenarios, but you must admit that the primary purpose of darknets is sharing of material that is criminally punishable for

      • In this situation, I think you would be considered an ISP/content provider, because others are connecting through you. That means they would have to serve you a DMCA notice first. This is currently the protection leveraged by Tor exit node operators, it has worked for me so far. If you were actually liable for facilitating the spread of pedophilia, it would be a legal can of worms, since the ISP would be liable, etc. If such liability existed the internet would collapse under it's own weight because it wou
        • Laws can be and have been used quite selectively. You cooperate with the law enforcement, you let them sniff through your logs and behold, you won't be dragged to court. Because ... umm... well, we didn't notice what you did.

          You don't? Or, worse, you refuse to keep logs? Too bad for you, really...

      • The correct response to this attack (as several posters further down point out indirectly) is to respond that they want to criminalize this type of thing as the first step to converting to an oppressive government. Make the argument that the reason the government is prosecuting you is because they can't monitor your communication and they want to be able to monitor your communication in order to be able to prevent you from coordinating opposition to government programs.
  • Iran? China? (Score:2, Insightful)

    by davidwr ( 791652 )

    Is anyone in Iran reading this right now? OK, don't respond but do pass it on to your friends.

    Ditto China.

  • Good (Score:4, Insightful)

    by timpdx ( 1473923 ) on Tuesday June 16, 2009 @04:53PM (#28354247)
    Now get it out to the protesters in Iran and spread it in China for that matter.
    • Talking in secret (Score:3, Insightful)

      by CarpetShark ( 865376 )

      I'm not sure how much use it is for people to talk in secret. They probably do that now, with family etc. As we can see in Iran right now, it takes people to have the guts and will to take to the streets and make their feelings known before things change.

      • by pjt33 ( 739471 ) on Tuesday June 16, 2009 @05:41PM (#28354747)

        Talking in secret in advance helps them to take to the streets at the same time and in the same place.

        • Exactly.

          If you take to the streets in ones and twos, it is extremely easy for the powers that be to pick you off as you pop up. However, if you can get a group of a thousand together, it's a lot harder for the powers that be to make them all disappear without anyone else asking questions. For example, we still talk about Tienanmen Square today.
          • Tiananmen square is probably why we don't see massive protests in china today.

            The government there proved it wasn't afraid to use lethal force to get its way.

      • it takes people to have the guts and will to take to the streets and make their feelings known before things change

        Absolutely true, but it's a lot easier to get that courage when you've communicated ahead of time with thousands of others and you know they'll be there too.

        • I'm not so sure. I did consider this before posting, but it seems to me that the only thing that really matters is a strong sense of righteous anger against injustice, to the point where you can no longer stand by and do nothing. When you have that, it's likely that others have it too. But when people get together and say privately at night that they're going to do something, the reality in the light of day can often be very different. Take the "pledge" sites where you can promise to not cooperate with

  • You mean? (Score:4, Interesting)

    by bigattichouse ( 527527 ) on Tuesday June 16, 2009 @04:59PM (#28354313) Homepage
    So legitimate users in Iran or China might be able to hook into a darknet that has a portal to the real world outside? Kinda like good old packet HAM radio used to.
    • Re: (Score:3, Interesting)

      If I'm reading TFA correctly, wouldn't that require access from inside Iran/China to a HTML 5 based browser outside of Iran/China?

      I like the concept, but similar to Iran shutting down SMS service [trend.az] it seems possible at least this could be disrupted.

      • Re: (Score:3, Insightful)

        by jefu ( 53450 )

        Short of shutting down the network a nicely distributed service could be very tough to disrupt. And while communications to the rest of the world are undoubtedly important, for the Iranians right now, internal communications are likely to be much more important.

  • Bad Guys (Score:5, Insightful)

    by aaandre ( 526056 ) on Tuesday June 16, 2009 @05:02PM (#28354351)

    Of course secrecy is attractive to bad guys. Problem is according to current legislation we are all bad guys, always crossing some obscure irrelevant law we don't know about.

    So one man's secrecy is another man's privacy and protection from overreaching criminalization.

    Oh, and anything you write or view on the internet, say over the phone, purchase, sms about, dial on your phone, etc. is saved and archived forever, by default, unless you make a special effort to enforce your right of privacy. Even that special effort does not guarantee protection and furthermore, that effort is not difficult to notice, and boom, you are someone with something to hide, i.e. one of the bad guys.

    War is peace. Doublegood peace.

    • Re:Bad Guys (Score:5, Informative)

      by plover ( 150551 ) * on Tuesday June 16, 2009 @05:15PM (#28354509) Homepage Journal

      And don't forget that just because you think it's safe doesn't mean that it actually IS safe. Check out the BlueCoat proxy [bluecoat.com], which is a corporate web proxy/filter that also works on SSL connections (via man-in-the-middle attack.) All your company has to do is drop their own root certificate on your machine, and unless you're in the habit of checking the sites providing your signature, you may never spot it. (Fortunately Firefox displays the certificate's site name next to the padlock icon.) There's also nothing stopping a corporation from installing a key sniffer or remote observation software on their equipment, which includes your desktop.

      Just in case you were thinking that you were "safe" blowing whistles on a darknet at work.

      I guess the "Post Anonymously" box isn't going to help me now anyway.

      • Fortunately Firefox displays the certificate's site name next to the padlock icon.

        Out of the box yes. I don't know about the one which the IT department ships. Posting from an ubuntu system I installed myself using an ISO I downloaded at home.

      • Re: (Score:3, Informative)

        by OpenGLFan ( 56206 )

        I guess the "Post Anonymously" box isn't going to help me now anyway.

        I know it's an offhand comment, but it already doesn't help you. /. still stores who you are; you can't moderate and post in the same story, even if you checked "post anonymously."

        • by smoker2 ( 750216 )
          Yes you can. Try it sometime. You can't post as yourself and mod, because that would allow you to mod yourself up. Anon coward doesn't accrue mod points so it doesn't matter.
        • Ok, people are continuing to mod you "Informative" so I'll drop my "Overrated" mod I gave you in favour of a response people will read.

          You are wrong.

          As per the two Anon Coward posts below (myself), "I just posted as Anon Coward before and after modding you, and it worked fine."
        • I'm sure I've moderated and posted anonymously on the same story before.
          I don't think I had to log out to do it.

    • Re:Bad Guys (Score:5, Informative)

      by Opportunist ( 166417 ) on Tuesday June 16, 2009 @05:58PM (#28354941)

      I have something to hide. It's called my private life and it's nobody's business. Not yours, not some company's and most certainly not my government's.

      I think it was Franklin who said, if the people fear the government, it's a tyranny, if the government fears its people, it's liberty. I think the US (and a good portion of the rest of the planet) would need a few leaders like the founding fathers of the US. If they could see what came to their dream, what they fought for, died for and had others die for, I think they'd get fed up enough to start over.

      • In case you didn't notice, the latest trend is that there are Corporations and Consumers. You are probably part of the Consumer segment and so a product of Society and can be sold to the Corporations.

        That's where we're headed people!

    • Doubleplusgood, or doubleminusgood?

      Whatever... it almost tastes like meat. :P

  • HTML5 (Score:4, Interesting)

    by Amazing Quantum Man ( 458715 ) on Tuesday June 16, 2009 @05:02PM (#28354365) Homepage

    Which browsers (please include note if it's beta) support HTML 5?

    • Re:HTML5 (Score:4, Informative)

      by Jugalator ( 259273 ) on Tuesday June 16, 2009 @05:23PM (#28354579) Journal

      None that I know of, but Firefox, Safari, Chrome, (and Opera?) should have rudimentary support for parts of it, like the video tag, and the canvas tag.

      Not that I know if that's what they're referring to though.

      All major browers today have very poor HTML 5 support though. It's still not even a finalized standard.

    • Which browsers (please include note if it's beta) support HTML 5?

      Opera has supported it the longest; the newer (or newest) versions of Firefox and Chrome are also supporting most (if not all) of it.

      IE is falling far behind, but that may change with the release of their next version.

    • Re:HTML5 (Score:5, Informative)

      by tholomyes ( 610627 ) on Tuesday June 16, 2009 @05:51PM (#28354861) Homepage

      Here's the details on which browsers support what parts of the new features of HTML5 thus far: http://www.quirksmode.org/dom/html5.html [quirksmode.org].

      According to quirksmode, it appears that Safari 4.0 has the most complete support, followed by FF 3.5b and IE8. Chrome and Opera do not appear to, at least as far as supporting the new features is concerned.

  • I'd (almost) rather use a darknet built over SMTP than use Freenet, which is horribly, horribly, painfuly, agonizingly sloooooow!

    TOR, to me, seems to be about the right sort of level of speed and security. I know of no obvious problems with it (other than you can't use applets that call home). This is not to say it's perfect, or that people shouldn't do research, but if there is a benchmark that systems should reach or exceed, I'd consider TOR to be the one to beat, not Freenet.

    There are other overnets and

    • v-- people below will point out that Tor provides no security but group anonymity.

  • Easier is better (Score:4, Insightful)

    by tnk1 ( 899206 ) on Tuesday June 16, 2009 @05:10PM (#28354449)

    If its easier to use, you will definitely see more people using it who are legitimate. Tor and other darknets are a pain in the ass to use, and they clearly have a larger proportion of people using it for more nefarious purposes. The reason is simple: they *need* to use it because they are bad guys. Good guys, unless they fully comprehend the threats against them, are less likely to go to the effort. Hopefully this works out and is secure. It would be a big plus for people who don't want to deal with the hassle, not to mention, they don't want instantly incriminating software on their machine. My guess is that the Chinese and Iranian government minders don't like you if they see you getting your hands on anything like a Tor/Freenet software package.

    • Re: (Score:3, Insightful)

      by Opportunist ( 166417 )

      Defining "good" and "bad" in this day and age ain't so simple anymore. A lot of "good" guys break the law.

      Someone blogging about human rights in China? A bad guy, according to the Chinese government. Someone writing instructions how to use your hardware in the way you want it and not in the way its manufacturer wants? A bad guy, according to pretty much any western government. Someone telling people how to circumvent internet filters? A bad guy, in pretty much any government's eyes.

      Any of those guys "bad" b

    • "Good" guys need to use it too, they just don't know why yet.

  • by castrox ( 630511 ) <stefan AT verzel DOT se> on Tuesday June 16, 2009 @05:24PM (#28354589)

    Is this a late April Fools' joke? How does this supposed system work? It seems there must be a hosted PHP file somewhere - that server needs to have logs, at least if it's inside the EU and however you slice that you're toast.

    Basically it seems to work sort of like a BitTorrent tracker that directs your client to other clients. So by what mechanism do you choose who to include in the "net"? If I understand correctly you sort of create channels for different purposes or groups. By using a introductory key? And how do you communicate that key? By encrypted e-mail? So any agencies that listen in on you very easily can see who you communicated with prior to your request for so and so domain holding the darknet PHP file? And how tough is that encryption? Ordinary SSL?

    It connects the user's HTML 5-based browser to a single PHP file, which downloads some JavaScript code into the browser. Pieces of the file are spread among the members of the Veiled darknet. It's not peer-to-peer, but rather a chain of "repeaters" of the PHP file, the researchers say.

    Spreads the file onto multiple peers? Is it possible for this file to run out of entropy in any way??

  • just ctrl alt backspace and type in lynx :D

  • by The Archon V2.0 ( 782634 ) on Tuesday June 16, 2009 @05:34PM (#28354685)

    The researchers admit darknets are attractive to bad guys, too

    So is encryption. So is privacy. So are knives. So is food. So is living another day. It's not wrong just because it can be used to ill ends.

    Or, to be all profound and Latin and stuff: abusus non tollit usum.

    • Re: (Score:3, Funny)

      by hansraj ( 458504 )

      I was going to fiercely argue against all that you wrote, but your punchline was in Latin so now I have to agree to every word you say!

    • Pants. My favorite example is pants. Many crimes are very hard to commit without pants.

    • by Rick Bentley ( 988595 ) on Tuesday June 16, 2009 @07:14PM (#28355775) Homepage
      Ninety-two point four per cent of juvenile delinquents have eaten tomatoes.

      Eighty-seven point one per cent of the adult criminals in penitentiaries throughout the United States have eaten tomatoes.

      Informers reliably inform that of all known American Communists ninety-two point three percent have eaten tomatoes.

      Eighty-four per cent of all people killed in automobile accidents during the year 2004 had eaten tomatoes.

      Those who object to singling out specific groups for statistical proofs require measurements within in the total. Of those people born before the year 1850, regardless of race, color, creed or caste, and known to have eaten tomatoes, there has been one hundred per cent mortality!

      In spite of their dread addiction, a few tomato eaters born between 1850 and 1900 still manage to survive, but the clinical picture is poor-their bones are brittle, their movements feeble, their skin seamed and wrinkled, their eyesight failing, hair falling, and frequently they have lost all their teeth.

      Those born between 1900 and 1950 number somewhat more survivors, but the overt signs of the addiction's dread effects differ not in kind but only in degree of deterioration. Prognostication is not hopeful.

      Exhaustive experiment shows that when tomatoes are withheld from an addict, invariably his cravings will cause him to turn to substitutes-such as oranges, or steak and potatoes. If both tomatoes and all substitutes are persistently withheld-death invariably results within a short time!

      The skeptic of apocryphal statistics, or the stubborn nonconformist who will not accept the clearly proved conclusions of others may conduct his own experiment.

      Obtain two dozen tomatoes-they may actually be purchased within a block of some high schools, or discovered growing in a respected neighbor's back yard! - crush them to a pulp in exactly the state they would have if introduced into the stomach, pour the vile juice into a bowl, and place a goldfish therein. Within minutes the goldfish will be dead!

      Those who argue that what affects a goldfish might not apply to a human being may, at their own choice, wish to conduct a direct experiment by fully immersing a live human head* into the mixture for a full five minutes.

      * It is suggested that best results will be obtained by using an experimental subject who is thoroughly familiar with and frequently uses the logical methods demonstrated herein, such as:

      (a) The average politician. Extremely unavailable to the average citizen except during the short open season before election.

      (b) The advertising copywriter. Extremely wary and hard to catch due to his experience with many lawsuits for fraudulent claims.

      (c) The dedicated moralist. Extremely plentiful in supply, and the experimenter might even obtain a bounty on each from a grateful community.





      THE DREAD TOMATO ADDICTION Mark Clifton This essay originally appeared in the February 1958 edition of Astounding. The dates in this version have been modified (all dates plus 50 years).
  • Very Useful (Score:4, Interesting)

    by jefu ( 53450 ) on Tuesday June 16, 2009 @06:14PM (#28355125) Homepage Journal

    Currently to do shared chat/video chat/audio/documents... most systems are dependent on servers of one sort or another. Making something that could work on a more peer-to-peer level would be very useful indeed as it would help alleviate (though probably not entirely eliminate) the reliance on servers that are often under someone else's control. If you doubt the usefulness of this, just look at what is happening in Iran right now.

    • You do understand that a darknet is just a smaller internet, don't you?

      Several computers linked up over a common communication medium, routing requests for data on foreign systems between themselves. The only added advantage is essentially a form of distributed file system-style of information redundancy; You connect to the foreign node, you download the data, you host it for others in the darknet to make data more readily available and faster to access.

      The biggest issue with darknets is that they do not
  • When it works with lynx.
  • HOW? (Score:2, Informative)

    by rosvall ( 672559 )

    Since there are zero details in TFA, i'm just going to speculate that one of three things is going on, in order of increasing probability:
    1. HTML 5 creates all sorts of fantastic new ways to communicate anonymously through a central server. In that case, please fill me in. In genuinely interested.
    2. The researchers have implemented something like the dining cryptographers protocol in js and php.
    3. TFA is utter bullshit

  • A seriously important requirement for any darknet is the ability to conceal your IP address from the other participants. I don't yet see how that happens here.
    • Re: (Score:3, Informative)

      by L4t3r4lu5 ( 1216702 )
      Much like Tor.
      • The client software pseudo-randomly assigns you an identifier which is used for connections on that network.
      • Your first connection to the next node in the chain may be identifiable as you, but your destination is not known. It goes "Well, I'm connected to these three guys, and I'll send this packet that way. I'll remember that response packets need to go back to the same identifier on the return."
      • The next node does not know your originating IP address, only the identifier the software assig

I've noticed several design suggestions in your code.

Working...