Stories
Slash Boxes
Comments

SoylentNews is people

posted by requerdanos on Sunday September 05 2021, @06:22PM   Printer-friendly
from the stifle-opposition-quash-free-speech-and-muzzle-expression dept.

Internet shutdowns by governments have 'proliferated at a truly alarming pace':

The number of government-led internet shutdowns has exploded over the last decade as states seek to stifle dissent and protest by limiting citizens' access to the web.

Nearly 850 intentional shutdowns have been recorded over the past 10 years by nonprofit Access Now's Shutdown Tracker Optimization Project (STOP), and although the group acknowledges that data on incidents before 2016 is "patchy," some 768 of these shutdowns took place in the last five years. There were 213 shutdowns in 2019 alone, with this figure ticking down to 155 in 2020 as the world adapted to the COVID-19 pandemic (which delayed elections and led to lockdowns that kept populations at home more often). And already in the first five months of 2021 there have been 50 shutdowns across 21 countries.

"Since we began tracking government-initiated internet shutdowns, their use has proliferated at a truly alarming pace," Access Now's Felicia Anthonio, campaigner and #KeepItOn lead, said in a new report on the issue in The Current, a publication of Google's internet thinktank Jigsaw. "As governments across the globe learn this authoritarian tactic from each other, it has moved from the fringes to become a common method many authorities use to stifle opposition, quash free speech and muzzle expression."


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Monday September 06 2021, @04:08PM (1 child)

    by Anonymous Coward on Monday September 06 2021, @04:08PM (#1175010)

    OK, a couple of questions packed together.

    "How do we prevent source/destination filtering between endpoints with a malicious network operator?"

    Answer number 1: You don't. You can't. If the government of Shariastan is palpitating with horror at the idea that you might be seeing decadent western beach pictures, and they look for destination addresses of beachpics.XXX to drop those packets on the floor, you can't prevent them from doing so. However, if Shariastan does so, but the wicked Russian Freedom of Speech collective sets up alternative networking through a satellite, or powerlines, or whatever, then that alternative route will be discovered because requests for beachpics.XXX suddenly do start returning through it. The government of Shariastan can't even know that such traffic exists without trying it itself, and reverse-engineering the route step by step. They can't cut off addresses, because they don't control them. They can't withhold naming because they don't control that. They can't revoke keys, because they don't control that, and as long as some dissidents are willing to put up links, those will keep popping up like bittorrent sites in the wake of a takedown wave.

    Answer 2: The equivalent of VPN servers would be trivial to create, because the ability to pop up a virtual server, assign it a name and number and just have it act as a router, unwrapping and forwarding, inside encrypted connections, is basically baked into the founding assumptions of any such network protocol. "Someone sent me a packet. Unwrap - it's another packet for someone else. Toss it in _that_ direction." The VPN doesn't even have to know with any clarity what the source was, or be able to decipher the contents.

    Bear in mind that a given packet only needs, in principle, a destination and a payload. You could add some network management data elements if you like but a source is not a requirement for a pass-through node to perform routing. This means that performing naive source/destination targeting isn't possible, and even tracking things like sequence numbers doesn't work if they're in the encrypted payload. Pulling stupid webcache tricks to inject advertisements is right out because you don't even know that the traffic is web traffic, let alone what the content is.

    "When it comes to discovery, is there a way to avoid TCP/IP's naive approach of relying on "politeness" and dumb routing when hints are not enough to generate a clean route ahead of time?"

    Yes and no. The direct analogy of TCP/IP's default or fallback routing processes doesn't quite apply in most cases because, aside from "outbound, not local" there kind of isn't a default route.

    But here's a bit more of a breakdown on that. You and all the kids from school got soup cans and string, and set up primitive modems to wire up your suburb. It works, cool, with only a 58% packet loss rate, at 300 baud! Amazing. You want to send a message to Suzie.hot.library.grrrlz, and ask her what she's doing on Friday. You are pretty sure she's online, and your little computer is hooked up to Bobby's, kitty-corner to your place. In the first instance, it's easy. Your computer checks its cache, and determines that you never had the balls to talk to Suzie before, so it's not locally cached at all. Your computer sends a request to Bobby's.

    Bobby is a real social animal, so his computer has four outbound links (not to mention his parents have a large plot of land bordering several others). Two of those are leaf nodes, including yours, but two connect to other people with more connections of their own. How does Bobby's computer know this? Because when the computers establish a physical and logical connection, they communicate an identity and also the complexity of their own network context. Ergo, your computer told Bobby's: "I'm JoesRPi, level 1" while his told yours "I'm BobsAmiga, level 4". Extend this principle, and Bobby's computer can tell that when and if it doesn't have a route, it has two non-leaf connections through which it can request remote data.

    However, there's a wrinkle. You're not just asking to talk to Suzie, because there's more than one Suzie in school, and you are kind of scared of Suzie.cheer.queen.bitch, not to mention her attitude turns you off like a switch. So your request isn't just Suzie, as a computer name, but Suzie's computer in a naming context. So the first request that REALLY goes out is of the order of a DNS query. Cutting a bit of this already long story short, the DNS query returns with:

    suzie.hot.library.grrrlz - computer ID 12345 - public key 54321 - routing hint 67890

    Bobby's computer doesn't need to know, necessarily, how to reach 12345. In fact, it probably doesn't because as luck would have it Suzie the library grrrl has a leaf node computer as well. Just not that much traffic for her flows through Bobby's node. However, 67890 is a node belonging to Steve the Supernerd, which has five leaf connections and three trunk connections, and to which Suzie's is directly connected. Bobby's machine knows, or can _very_ rapidly find out from the cached data of neighbours (in a network with any stability, this sort of data propagates very rapidly, depending on assumptions) where to find Steve's, and Steve's knows where to find Suzie's.

    Putting it in more prosaic terms, you ask Bobby if he knows Suzie, and he says naww, but if Suzie knows Steve he knows Steve, so yeah, they can get you together. Success!

  • (Score: 0) by Anonymous Coward on Tuesday September 07 2021, @04:19PM

    by Anonymous Coward on Tuesday September 07 2021, @04:19PM (#1175347)

    Next question:

    Does anybody give enough of a damn about any of this to actually work on an implementation?

    So far, judging by the response, the answer is a firm "no".