Slash Boxes

SoylentNews is people

posted by cmn32480 on Thursday September 03 2015, @07:14AM   Printer-friendly
from the is-anonymity-even-possible-anymore dept.

A news post of IPv6 tunnel broker SixXS explains why they reject tunnel applications where the user intends to circumvent censorship or network surveillance. (Spoiler: It's not because SixXS hates free speech.)

"An adversary who would like to limit Free Speech is likely to monitor internect connections. Users therefor use tunneling/VPN techniques to circumvent the monitoring of these networks. A SixXS tunnel is a point to point link from the user to the PoP. The addresses, both IPv4 and IPv6, of the PoP are publically known. The protocols used for tunneling are publicly documented and known: proto-41 and AYIYA. Neither of these protocols encrypt the contents of the communication. Neither of these protocols cause any kind of hiding of data. On top of that Whois provides all the details about a user given a[n] IPv6 address.

Any adversary network that wants to monitor thus only has to fill in our PoP IPs in a special list and they know that anything talking to those addresses are using a tunnel, which is a red light that that user is doing something special. Their next step is to simply de-encapsulate the traffic inside the tunnel and the adversary has full access to what the user is sending. Noting[sic] that all major monitoring systems understand these protocols.

Thus when a user specifically puts in their request reason that they want to circumvent their local government, we reject the request and point that user to the Tor Project. Approving the request would put the user in a situation where they might think they are avoiding the monitoring system and thus give a false sense of security."

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by Anonymous Coward on Thursday September 03 2015, @10:40AM

    by Anonymous Coward on Thursday September 03 2015, @10:40AM (#231657)

    Actually that's pretty nice of them.

    The requesters obviously have no idea that an IPv6 tunnel is completely different from a VPN tunnel. They have a need ("no snooping") and they have totally not the slightest clue about the actual problem, they just blabber some words ("tunnel") they heard in the same context in the hope of their need being fulfilled somehow magically.

    SixXS not acting on what those people say ("Give me a tunnel!") but what they want ("Give me security!"), potentially even at a little loss of revenue to SixXS ("Sorry, not us, we're the wrong place to spend your money/effort"), is a fundamentally civilized reaction and I salute SixXS for having the common decency to act like that.

    It's a said world where the previous needs to be mentioned at all. But since we do live in such a world, IMNSHO praise is very much in order. Support SixXS!

    Starting Score:    0  points
    Moderation   +5  
       Insightful=4, Informative=1, Total=5
    Extra 'Insightful' Modifier   0  

    Total Score:   5  
  • (Score: 4, Informative) by ticho on Thursday September 03 2015, @01:04PM

    by ticho (89) on Thursday September 03 2015, @01:04PM (#231707) Homepage Journal

    I fully agree, that's basically why I decided to submit this story here - to give them some more visibility.

  • (Score: 2) by Hyperturtle on Friday September 04 2015, @12:14AM

    by Hyperturtle (2824) on Friday September 04 2015, @12:14AM (#232045)

    Absolutely, and they are in the right for recognizing this and hopefully preventing unnecessary hardship at the expense of a lack of the business opportunity.

    People do not understand that a VPN tunnel does not mean it is encrypted or secure. It means it is is virtually private. But not quite.