SoylentNews

ticho [soylentnews.org] writes:

A news post [sixxs.net] of IPv6 tunnel broker SixXS explains why they reject tunnel applications where the user intends to circumvent censorship or network surveillance. (Spoiler: It's not because SixXS hates free speech.)

"An adversary who would like to limit Free Speech is likely to monitor internect connections. Users therefor use tunneling/VPN techniques to circumvent the monitoring of these networks. A SixXS tunnel is a point to point link from the user to the PoP. The addresses, both IPv4 and IPv6, of the PoP are publically known. The protocols used for tunneling are publically documented and known: proto-41 and AYIYA. Neither of these protocols encrypt the contents of the communication. Neither of these protocols cause any kind of hiding of data. On top of that Whois provides all the details about a user given a IPv6 address.

Any adversary network that wants to monitor thus only has to fill in our PoP IPs in a special list and they know that anything talking to those addresses are using a tunnel, which is a red light that that user is doing something special. Their next step is to simply de-encapsulate the traffic inside the tunnel and the adversary has full access to what the user is sending. Noting that all major monitoring systems understand these protocols.

Thus when a user specifically puts in their request reason that they want to circumvent their local government, we reject the request and point that user to the Tor Project. Approving the request would put the user in a situation where they might think they are avoiding the monitoring system and thus give a false sense of security."

Original Submission