Yup totally agreed Collin. There is a real world consequence here in an increasingly impoverished region where marginalized groups are at real risk.
On Wed, Feb 24, 2021 at 11:01 PM Collin Anderson <[email protected]> wrote: > All this debate over whether Signal could use a better bridge protocol is > fine, but distracts from the core problem — Signal Proxy is of little > consequence and is a slight of hand trick to avoid taking on further > burdens to address 80 million vulnerable people (a community Signal was > long funded to support) being cut off. > > Signal could invest that time into providing another cloud service for > meek-style circumvention. It did not. Instead it told users, who generally > have no connection to Iran to run bridge and post solicitations on blocked > social media. How is that a serious idea to pitch to people? > > The aughts called and it wants its internet freedom agenda back. > > On Wed, Feb 24, 2021 at 11:41 PM Adam Fisk <[email protected]> wrote: > >> >> On Wed, Feb 24, 2021 at 8:19 PM Harry Halpin <[email protected]> wrote: >> >>> Again, if Sergey - who seems to be a perfectly nice Ph.D. student - >>> wants to fix TLS, that's fine. I would support fixes to TLS as would any >>> sensible person, including Moxie. >>> >> >> So just so we're on the same page, Sergey is a perfectly nice Ph.D. >> student whose code was deployed on more phones globally than Moxie's up >> until a few months ago. It's deployed almost exclusively in censored >> regions, in contrast to Signal which is deployed almost exclusively in >> uncensored regions. >> >> Making TLS more censorship resistant at the IETF level is great. I'm not >> sure what vulnerabilities you specifically have in mind, but to me the most >> promising is Encrypted Client Hellos ( >> https://tools.ietf.org/html/draft-ietf-tls-esni-09) that especially Nick >> Sullivan at Cloudflare has been pushing with great success. >> >> While I agree we should vigorously pursue approaches like that, it won't >> help people in the most censored regions today. Sergey's code is actually a >> core piece of bypassing real world censorship now. >> >> >>> But that's not Signal's problem - TLS bugs are a lower-level network >>> level protocol whose bugs Signal inherits when it tries to use TLS. Sergey >>> should approach the TLS 1.3 Working Group at the IETF, no try to garner >>> attention for himself via media releases over his github comments. This >>> reminds me of the Israeli "security" firm that claimed they had "hacked" >>> Signal by simply accessing the keys in the phone, which can be done to >>> *any* app on phone that has a rootkit that doesn't use >>> some-yet-not-really-working secure enclave. >>> >> >> Right. Signal's problem is that they were blocked in Iran. Their solution >> to that problem attempts to use TLS in a way that doesn't work. You're >> basically thinking of TLS in the way that Signal is thinking of TLS, which >> is limited and the heart of the problem. >> >> Sergey hardly tried to garner attention for himself -- heck his last name >> was never even mentioned anywhere I saw. I happened to realize it must be >> him just based on his first name and the nature of the analysis. >> >> >>> >>> There are literally *no* server that is not susceptible to active probes >>> and machine-learning based traffic analysis attacks. If Sergey had a kind >>> of solution that actually did what Adam claimed it did "anti-censorship >>> tools that actually work at scale in censored regions are not susceptible >>> to active probes" then all of China would be using it. As it doesn't exist, >>> people aren't using them. >>> >> >> I never mentioned anything about machine-learning based traffic analysis, >> which is a different problem, but the most disturbing reality is that there >> are "anti-censorship tools that actually work at scale in censored regions >> are not susceptible to active probes", but it turns out that a very small >> minority of Chinese actually have much interest in the censored internet. >> Could the tools that work in China capture more of them? Sure, but there >> are all sorts of other issues in China too, such as distribution. It's also >> very dangerous for people in China to work on those tools. >> >> One that's been growing recently is v2ray. There's a reason it has over >> 30K stars on GitHub: https://github.com/v2ray/v2ray-core >> >> >>> >>> Censorship is a very hard problem, which is why Shava is basically >>> right. Cutting-edge usable tech here is still I believe obfs4proxy, and >>> it's well-known defeatable by nation-state level adversaries. >>> >> >> This is actually the fundamental issue -- there is a huge asymmetry of >> information between the more conventional security community and the people >> who work on bypassing censorship, largely because the techniques that work >> are largely kept secret. The "cutting-edge" usable tech at one time was >> obfs4proxy, but it's been probably 7 years or so since that was the case. >> The people who know what the cutting edge usable tech is are those who >> deploy it at scale, but you're not likely to read about it anywhere. >> >> >>> I do support the usage of Tor, and Tor also is susceptible to the >>> precise same kinds of attacks Signal is and thus doesn't work in China, >>> Iran, and many other places. Furthermore, it's not resistant to NSA-style >>> traffic analysis. But it is by better than most shady VPNs and proxies, and >>> I hope people use it where their nation-state hasn't starting censoring it >>> yet. Same with Signal. Most VPNs that work in these countries work insofar >>> as they are easily susceptible to attacks (i.e. see Moxie's older work on >>> bugs in PPTP or the myriad of authentication issues facing OpenVPN, >>> fingerprinting of Wireguard...). Again, more work is needed but aim work in >>> productive way, not cheap media hit pieces on Signal or Tor. >>> >> >> Yeah so that's where the asymmetry of information kicks in. The VPNs that >> work in the most censoring countries that are easily susceptible to attacks >> stopped working long ago. China in particular has stepped up its game in >> crazy ways in the last couple of years. >> >> Tor is incredible, and I support Tor's work all day long, but as you say >> it is not used widely in the most censoring countries. Other tools are. >> >> -Adam >> >> -- >> -- >> President >> Brave New Software Project, Inc. >> https://lantern.io <https://www.getlantern.org> >> A998 2B6E EF1C 373E 723F A813 045D A255 901A FD89 >> -- >> Liberationtech is public & archives are searchable from any major >> commercial search engine. Violations of list guidelines will get you >> moderated: https://lists.ghserv.net/mailman/listinfo/lt. Unsubscribe, >> change to digest mode, or change password by emailing >> [email protected]. >> > -- > *Collin David Anderson* > averysmallbird.com | @cda | Washington, D.C. > -- -- President Brave New Software Project, Inc. https://lantern.io <https://www.getlantern.org> A998 2B6E EF1C 373E 723F A813 045D A255 901A FD89
-- Liberationtech is public & archives are searchable from any major commercial search engine. Violations of list guidelines will get you moderated: https://lists.ghserv.net/mailman/listinfo/lt. Unsubscribe, change to digest mode, or change password by emailing [email protected].
