[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Eternity server considerations and musings
I spent some considerable time today thinking about the eternity server
idea proposed, and implemented in alpha stage, by Adam Back.
The main method used by governments around the world so far to attempt to
censor information has been the use, or proposal of, proxy servers for
whole countries or jurisdictions.
This method has only thus far been used to censor www connections, and
has been used to censor specific sites, hence the use of mirroring to
circumvent government censorship.
To give an overview of the eternity server idea for those who didn`t see
the original post the idea was that a non existant virtual TLD .eternity
would be used to access HTML posted to usenet. So to access a site that
was at say bombmaking.terrorist.com/assasination/killing.html
you would send your browser to:
http://bombmaking.terrorist.com.eternity/assasination/killing.html
The assumption being that the distributed nature of usenet would not
allow censorship.
The proxies idea however can be extended to censor usenet, usenet
traffic, although pretty huge, is not yet too large to be grep`d for
keywords (currently around 600mb of traffic a day passes through the
newsgroups) before being proxied, so a government can run a server which
first checks to ensure the usenet article is not encrypted (this can be
done crudely by checking for occurances of common words or by checking
the redundancy of the text by attempting to compress it) and if it is
encrypted junks it, if it is plaintext, greps it for keywords like
"assasination", "anarchy", "porn" etc... then kills the articles that
have these words in them, the other articles the government does not want
to censor are put on a main server like news.fourth-reich.de and access
blocked to all the other news servers.
I know this might seem an unlikely scenario but it is not really when we
consider the wacky ideas we have seen from governments in recent years, a
dictatorship like France or Germany might begin implementing this within
a few years, although the German government has had it`s fingers burnt
recently with the Radikal fiasco.
What I was considering was the possibility of circumventing proxies
altogether, this is not an easy question and I could not think of one
single way to get access, of course one could use and ISP outside of the
jurisdiction but this incurs internation call charges for dial up users,
and the gubmint of fascist-regime-N can block telephone access to
internet POPs outside of their country.
The problem with attempting to prevent censorship of usenet is that we
cannot mirror it like we can web sites, the web is too huge for a
government to mirror the whole of the "acceptable" part of it, so
mirroring sites faster than they can block them is effective, usenet is
too small to protect in this way, it could be effectively mirrored and
all other access killed. Of course while we can mirror sites to prevent
censorship this is almost an academic question, rather than a practical
one, however, it would be nice to see a more robust system which thwarted
all attempts to censor without the need for human intervention by
mirroring sites etc.
I can see no way that a government can censor internal traffic within a
country, because this need not pass through the proxy, so if we can get a
copy of a document onto one server within a country all others can access
it through a virtual URL. However, this is likely to incur the
displeasure of the authorities in that country and have them knocking at
the door of the owner of the server holding the document, so we would
have to have a system for server anonymity. This is all getting very
complicated ;-)
Anyway, as I have said, I can give no insight here into what is a
possible solution, I hope that this post might cause someone who does
have the beginnings of an idea to think about it some more and maybe give
us a really robust solution to preventing censorship of this kind.
Datacomms Technologies data security
Paul Bradley, [email protected]
[email protected], [email protected]
Http://www.cryptography.home.ml.org/
Email for PGP public key, ID: FC76DA85
"Don`t forget to mount a scratch monkey"