Tuesday, 13 August 2013

PirateBrowser Beats Blockades, Doesn't Make You Invisible to NSA

PirateBrowser
Late last week the Pirate Bay, that jolly torrent tracker/political party, announced a new Web browser designed to circumvent Internet censorship. Dubbed the PirateBrowser, this handy Web crawler is filled with special tools to help you circumvent the frequent blockades of The Pirate Bay. Just don't expect it to keep Big Brother from watching.
According to the PirateBrowser website, the browser consists of Firefox Portable along with a Tor client called Vidalia and the foxyproxy addon. The PirateBrowser's creators write that there have been "no modifications to any of the packages used" so everything is (allegedly) on the up-and-up.
But with NSA surveillance as the security topic du jour, many people seem to have assumed that the PirateBrowser would keep Big Brother from peeking over your shoulder. This doesn't appear to be the case.
At the very top of the PirateBrowser page, an FAQ informs visitors that the browser won't provide total anonymity online. "While it uses Tor network, which is designed for anonymous surfing, this browser is intended just to circumvent censorship — to remove limits on accessing websites your government doesn't want you to know about," reads the website.
What It Doesn't It Do
Connecting to the Tor network bounces your browser requests through a string of random volunteer servers. Each server in the chain can only read one of the encrypted relay requests, making it harder to figure out exactly who did what online. While fascinating, and vital for journalists and human rights activists, it's not perfect.
In a 2009 blogpost, a Tor representative explained how a determined observer could probably discover who went to which website if they were able to monitor traffic going into and out of the Tor network.
"The way we generally explain it is that Tor tries to protect against traffic analysis, where an attacker tries to learn whom to investigate," reads the blog post. "But Tor can't protect against traffic confirmation (also known as end-to-end correlation), where an attacker tries to confirm a hypothesis by monitoring the right locations in the network and then doing the math."
Just last week we got another object lesson in the limits of Tor's security. Reportedly, a known Javascript exploit in older version of Firefox portable was used to gather evidence against Eric Eoin Marques—who law enforcement claims runs the largest child pornography ring on the planet. The FBI is presumed to have been involved.
In that attack, an iframe tag was loaded onto websites hosted within the Tor network by the (in)famous Freedom Hosting. The tag loaded Javascript which in turn recorded the MAC address and Windows computer name of the visiting computer, and then sent that information off to servers in Virginia allegedly belonging to the FBI.
So What Does It Do?
In short: PirateBrowser keeps people using Pirate Bay. In a quote attributed to Pirate Bay by The Register and others, the Torrent tracker says, "Do you know any people who can't access TPB or other torrent sites because they are blocked? Recommend PirateBrowser to them. It's a simple one-click browser that circumvents censorship and blockades and makes the site instantly available and accessible."
While there is almost certainly a healthy dash of "fight the man" and civil-liberties mixed in with the PirateBrowser, there's also a lot of self-interest. Torrents are a great way to download large files (legal or otherwise) but they work best when lots of people are sharing and downloading the file at the same time. The whole point of BitTorrent was that popular files are easier to download, not harder.
When The Pirate Bay is blocked by whole countries or ISPs, fewer people are contributing to the torrents, making the service less valuable. The PirateBrowser, in theory, keeps people engaged with the service and contributing to downloads.
And then there's they money. The Pirate Bay does include advertising on its website and notably the PirateBrowser did not come pre-loaded with AdBlock. Admittedly, hosting a popular website is not cheap, especially when you're frequently being taken to court, but the more people are on the site the better it is for Pirate Bay.
According to TorrentFreak, the PirateBrowser is just the first step as The Pirate Bay is reportedly "working on a special BitTorrent-powered browser, which lets users store and distribute The Pirate Bay and other websites on their own." Now that sounds interesting.
None of this is to say the PirateBrowser couldn't be a useful tool for a political blogger in Tehran, but there are other services already available for them and purpose-built with anonymity in mind. While it's good to see more browsers that take anonymization seriously, hopefully future browsers will be a little more robust.

No comments:

Post a Comment