Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Thursday September 03 2015, @07:14AM   Printer-friendly
from the is-anonymity-even-possible-anymore dept.

A news post of IPv6 tunnel broker SixXS explains why they reject tunnel applications where the user intends to circumvent censorship or network surveillance. (Spoiler: It's not because SixXS hates free speech.)

"An adversary who would like to limit Free Speech is likely to monitor internect connections. Users therefor use tunneling/VPN techniques to circumvent the monitoring of these networks. A SixXS tunnel is a point to point link from the user to the PoP. The addresses, both IPv4 and IPv6, of the PoP are publically known. The protocols used for tunneling are publicly documented and known: proto-41 and AYIYA. Neither of these protocols encrypt the contents of the communication. Neither of these protocols cause any kind of hiding of data. On top of that Whois provides all the details about a user given a[n] IPv6 address.

Any adversary network that wants to monitor thus only has to fill in our PoP IPs in a special list and they know that anything talking to those addresses are using a tunnel, which is a red light that that user is doing something special. Their next step is to simply de-encapsulate the traffic inside the tunnel and the adversary has full access to what the user is sending. Noting[sic] that all major monitoring systems understand these protocols.

Thus when a user specifically puts in their request reason that they want to circumvent their local government, we reject the request and point that user to the Tor Project. Approving the request would put the user in a situation where they might think they are avoiding the monitoring system and thus give a false sense of security."


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by davester666 on Thursday September 03 2015, @07:32AM

    by davester666 (155) on Thursday September 03 2015, @07:32AM (#231622)

    As a shareholder, I DEMAND they immediately stop doing this, and accept any and all offers of money in exchange for any service being rendered.

  • (Score: -1, Offtopic) by Anonymous Coward on Thursday September 03 2015, @07:37AM

    by Anonymous Coward on Thursday September 03 2015, @07:37AM (#231623)
    Oh, but they do. Except they are cutting a lot deeper and higher than the usual, dickhead.
  • (Score: 2, Interesting) by chrysosphinx on Thursday September 03 2015, @09:46AM

    by chrysosphinx (5262) on Thursday September 03 2015, @09:46AM (#231643)

    Sixxs tunnel broker is just an IPV6 tunnel broker, just like any else IPV6 tunnel broker. Once you got an IPV6 address from them, you can run whatever you want over it, including your own tunnels and encryption stuff. It's no different from having a public IPV4 address by your ISP. And more, I use Hurricane Electric tunnel for ages, and all the time even with a simple tunnel Google still thinks I live in Germany only because the tunnel exit is in Frankfurt, serves me google.de instead. It did confused many usual tracking traps, though. Including Ingress on Android when connected on wifi.

    But if you really need a secure entry point into internet, you need your own private server somewhere to connect to.

    Anything else should be considered untrusted.

  • (Score: 5, Insightful) by Anonymous Coward on Thursday September 03 2015, @10:40AM

    by Anonymous Coward on Thursday September 03 2015, @10:40AM (#231657)

    Actually that's pretty nice of them.

    The requesters obviously have no idea that an IPv6 tunnel is completely different from a VPN tunnel. They have a need ("no snooping") and they have totally not the slightest clue about the actual problem, they just blabber some words ("tunnel") they heard in the same context in the hope of their need being fulfilled somehow magically.

    SixXS not acting on what those people say ("Give me a tunnel!") but what they want ("Give me security!"), potentially even at a little loss of revenue to SixXS ("Sorry, not us, we're the wrong place to spend your money/effort"), is a fundamentally civilized reaction and I salute SixXS for having the common decency to act like that.

    It's a said world where the previous needs to be mentioned at all. But since we do live in such a world, IMNSHO praise is very much in order. Support SixXS!

    • (Score: 4, Informative) by ticho on Thursday September 03 2015, @01:04PM

      by ticho (89) on Thursday September 03 2015, @01:04PM (#231707) Homepage Journal

      I fully agree, that's basically why I decided to submit this story here - to give them some more visibility.

    • (Score: 2) by Hyperturtle on Friday September 04 2015, @12:14AM

      by Hyperturtle (2824) on Friday September 04 2015, @12:14AM (#232045)

      Absolutely, and they are in the right for recognizing this and hopefully preventing unnecessary hardship at the expense of a lack of the business opportunity.

      People do not understand that a VPN tunnel does not mean it is encrypted or secure. It means it is is virtually private. But not quite.