Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Cult of the Dead Cow Going P2P? 105

An Anonymous reader writes "The BBC is reporting that cDc is releasing a new Peekabooty software in July which will defeat totalitarian governments and law enforcement from their current monitoring efforts. The article states: 'A group of hackers are developing a web browser that it claims will make it easier for people to circumvent censorship and avoid the attentions of law enforcers. The software, which is due to be unveiled in July, uses a combination of encryption and a Gnutella-like network...'" CDC of course is famous for tools like Back Orifice, which is mostly controversial because its a perfectly legit admin tool with a really scary sounding name, and the fact that countless crackers use it. This is just another P2P tool, but these guys have a history of making waves, so it'll be interesting to see what happens.
This discussion has been archived. No new comments can be posted.

Cult of the Dead Cow Going P2P?

Comments Filter:
  • by Anonymous Coward
    You said P2P. I love funny words, b2b, synergy, now p2p. hehe synergy...
  • by Anonymous Coward
    It'll be pretty great to see something like that. I've always liked the cDc for creating things so controversial. They always, however, manage to keep everyone in line, including microsoft, when they demanded they recall SMS(I believe that's its name) when MS said BO2k was classified as a virus. Don't think we heard from MS about that afterwards. Cheers
  • by Anonymous Coward
    Of course you can make norton ignore BO2K. Theres a tab called exceptions or something to that efect that allows you to specify files or directories that norton ignores. I imagine that most anti-virus software have similar features.
  • by Anonymous Coward
    ... and a Gnutella-like network correct me if I'm wrong...but isn't this pretty much Freenet? What are they doing that's supposed to be better? Not code in Java? :P At this point there's a bunch of different groups working on all these networks, and none of them are'd be better if they joined efforts with each other to build something that actually works well...gnutella has problems, freenet has problems and chances are this will also...these technologies still have a long way to go.
  • by Anonymous Coward
    mmm... old school text files.. here [] is one about the mentality of your average /. poster
  • by Anonymous Coward
    I always thought it'd be pretty cool to have a networking module that you could drop into Windows or Linux that'd be the rough equivalent of IP over Freenet. Learn the standard internet address of someone on it, plug it into your module, and have a new IP assigned to your system on the encrypted layer, and have the module treat all further internet traffic from applications on the system as intended for the encrypted network.

    In theory, you'd be able to use your web browser, P2P client, FTP client, Usenet client, IRC client -- everything -- in the encrypted space without modification. In practice, everything would be slow and unreliable, and possibly open to exploitation (Who gets what encrypted Internet address? How do you know what you're connecting to? Can someone break out of the encrypted network to the regular Internet through your connection and run attacks through your computer on it?) Still, is there anyone out there with more knowledge about whether or not a system like this is possible, feasible, or already in development?

    BTW: cDc rocks. I'm a good deal more warped for having read most of their material.

  • by Anonymous Coward

    This seems to be quite similar to crows.

    Crowds is an idea from Michael Reiter and Avi Rubin at AT&T. The basic idea is to become anonymous by joining a crowd, and to pass browsing requests to a random member of your crowd. In effect, every member of the crowd runs a proxy server for the benefit of the eveyone else. Read all about it at AT&T crowd central [].
    acz [mailto]

  • Just 3 months ago there was a whole article made by one of the napster makers of why gnutella can't scale( Article here []) I'm aware that it says "gnutella like" but i don't know how this could be better implemented. Also one reason why encryption isn't used all the time is because it's not as fast to get the info compared to non-encrypted websites and such. Judging by the Back Orfice encryption, i suspect that this encryption will either a)Be terribly slow that no one will want to use it. or B)It will get cracked in a week. The government can take active participation, it's not like they don't try to crack encryption scemes. I don't really see this web browser as being the ultimate privacy killer-app because you'll need users that are going to commit to slow downloading of webpages and a network protocol that has been mathmaticlly proven not to scale.
  • sounds to me like a government that blocks access to nazi memorabilia would find under the regimes that limit access to information.

    personal freedom for everyone but nazis?
    personal freedom for everyone but jews?

    anyone have any examples of countries that value their citizens' freedom as an example for french people to move to?
  • For what reasons, exactly, do you respect the French government?

    Peekabooty and tools like it, are the last defense for citizens against the thought police. Just because the French know how to make wine doesn't mean their government isn't as dangerous as the one in the USA, or the one in ROC, or the one in EEC, etc...

  • And by stint of association with the US, the French government is "A-OK with me"?

  • by torpor ( 458 ) <ibisum@gm a i l . com> on Saturday May 05, 2001 @09:07AM (#243838) Homepage Journal
    This is one particular case where platform agnosticism is crucial.

    Does Peekabooty run on Windows/MacOS/Linux/*BSD/BeOS/etc?

    Is the source available? Can we port it quickly?

    I'll be interested to see their launch of this tool at Defcon this year...
  • There's no mention of this on the official cDc website, so we're still short of technical information. How does this compare to alternatives like Freenet and Mojo Nation, which are designed to avoid the mistakes of Gnutella and Napster? And how much closer does it bring us to the first P2P service proposed, Ross Anderson's Eternity Service [], which basically describes all the ideal qualities a P2P could have? I'm looking forward to reading what the CDC themselves have to say about it - it's a shame we hear it from the BBC before we hear it from them...
  • I suppose you're being a smartass but there already is one: Internet2 []? Though, if you're not at a university of government research site connected to it you're SOL right now. I bet there's hardly any spam and porn flowing across those nice fat pipes. *sigh* :-)
  • It sounds like it doesn't provide publisher anonymity, just reader anonymity (although this based on an article that is pretty low on detail). It is also unusual that there is no comparision given with Freenet [] given that this is a very high-profile anti-censorship P2P system which has been in development for quite a while and is in relatively wide use (new node every 3 minutes, total of 700,000 downloads).

    Some comparison with prior work please.....


  • So now, almost a year after the P2P bandwagon got started, and only a few weeks after Sun removed any doubts that it was, in fact, a bandwagon by jumping on and promptly falling off (see here []), those trend-setters at the Cult of the Dead Cow announce that they too plan to join the happy caravan, with something that sounds rather similar to one of the first pieces of software in the P2P space, and almost definitely the most sophisticated (namely Freenet).

    Good luck!


  • There is also a C++ version called Whiterose.


  • ...i am reading the node list at octayne.


  • Freenet got on the front page of the new york times in March 2000, and is on the BBC more than Terry Wogan. If anything, Freenet has too much publicity.


  • I mean, hello? The BBC used to be the tower of clear English. I couldn't believe the number of silly typos and mistakes in that story -- it looks like it was simply not edited (somewhat like a Slashdot story...).

    • A group of hackers are developing [...]
    • [...] to be unveiled at this years DefCon [...]
    • ... and so on.
  • by PureFiction ( 10256 ) on Saturday May 05, 2001 @11:41AM (#243847)
    While I hope that Peekabooty becomes a useable tamper/monitor resistant network, I wish the cDc had focused on some of the more challenging problems facing peer based networks.

    There are already a number of secure information sharing networks, like Freenet, Publius, Anonymizer, etc, etc...

    The problem with these networks, and probably a majority of the net is locating the content you want in the first place.

    They do not mention any details on the discovery mechanism Peekabooty uses, so perhaps they have covered this base as well, but I doubt it.

    Napster, which is great for locating content, is quickly dying a painfull death. Gnutella and Freenet, which are more legally resistant are no where near as effective at locating content.

    Gnutella is especially inefficient at this task, so I hope Peekabooty is not modeled after the Gnutella style discovery method.

    At any rate, I wish a lot of the focus of peer based projects would shift from simply being Peer to Peer!!! into specific implementations of peer based functionality, like resource discovery, content transfer, etc.
  • by grub ( 11606 ) <> on Saturday May 05, 2001 @09:25AM (#243848) Homepage Journal
    ... I'll adopt a wait and see position.

    There was a paper written recently ( that details why Gnutella cannot scale well.

    Many users (such as myself) with nice fast connections have bandwidth limits per month after which we start to pay. The moment the cable|dsl bill comes in the mail, little Billy's parents will be cutting off the broadband.

    It's a great idea, but in practice it's popularity may be it's downfall.

  • by RAruler ( 11862 )
    That seems like a great idea, a P2P web browser. The only problem is, sure you can find out a lot of things that maybe 'they' don't want you to. But that requires the information be on a server somewhere, and servers require bandwidth, so if 'they' really doesn't want you to see it, they can just take that server out. Like the French and Ebay there. We need more 'Freenet' alternatives too!

  • by mr_burns ( 13129 ) on Saturday May 05, 2001 @11:10AM (#243850)
    I don't necessarily think that cDc's implementation of the whoopass-crypto laden needle-in-haystack p2p app is any better or worse than the others could be. Back Orifice isn't the best of it's kind.

    Currently, freenet's the 500lb gorilla of these. Crowds is cool. Hell, bolt some new host discovery tools on gnutella and use stunnel, that should be fun.

    Currently the landscape has 3 variables. Encryption to hide what's being said, neat discovery protocols to hide who's serving, and transport protocols to hide who's requesting/recieving. Combined, the protocols can serve to counter traffic analysis attacks.

    These things have already been thought out. It's some pretty nifty math. But all the implementations of this scheme have some fundamental weaknesses (theory/practice all over again).

    The first is assuming that people will actually use them. I seriuosly doubt many people outside the geek, IP and gov community even know about freenet, crowds or such nifty things. If only a few people are using it, then they are automatically suspect, and can be attacked in other ways (tempest, wiretaps, room bugs), thus defeating the scheme.

    The second is the number of apps/protocols doing this. Name 4 version 1.0, ready for prime time implementations that have been deployed widespread for consumer use...thought so. For a repressive gov or corp, it's like playing whack-a-mole with only 1 hole for the mole to pop out of.

    This is where cDc comes in. The fact that the people who keep the closest eye on this kind of thing (us) heard about it from BBC says a lot. This is going to be all over the tv news. Everybody's going to know about this. Where freenet and crowds work on integrity and discovery of information, the mere idea that cDc is working on this increases the availability of the information to the defensive player. This is done through manipulation of open information sources. Brilliant.

    As a result, the others who've been working on this for a while are going to become more motivated to work on their apps so that cDc doesn't steal their fire. How would you feel if you did all the basic research for this, spent years developing it, and then a bunch of drugged out, ascii art typin' wierdo's pulled the rug out from under you? I think cDc's app is going to make it so the whack-a-mole game is a whole lot more difficult. There will be more than one app/protocol simply because all the current projects will get more attention. For example: look at the current p2p landscape post napster smack-down. The other protocols are doing quite well. I would say to the effect that even though judge Patel ruled in favor of RIAA, p2p won. Thank you, RIAA, for enforcing a move away from cruft. Now we are more able to thwart you.

    I don't know what cDc's app will be like, but I do know that as a platonic perfect object, it's going to be a resounding success by filling in a lot of the weaknesses of the practice of encrypted p2p. With Freenet and Crowds having worked out the theory.

    Yay cDc!
  • If cDc plays nice, it'll support freenet gateways. The more the merrier! (think of the Mojo you could make by operating a MojoNation/FreeNet gateway!!) Hopefully the cDc version will support as much anonymity and security as freenet.
  • diverse...oh, wait.

    Ideally, one project would make everyone happy. But then we see things like microsoft... We're still in the early phases of the current P2P architectures (note the word 'current' -- let's not forget the 70s here, people). Different people will create from different paradigms, for different needs (cDc P2P--control any computer from any other computer?). We'll eventually figure out the central blob of features we need in every case, and the add-ons that each group prefers, and all will be happy.
    I would hope that the freenet folks learn from the approach of the cDc folks, and vice verse. I presume cDc will be open source, as freenet is, so there can be code sharing to reduce duplication of effort.

    So yeah, I guess my answer is diversity of features, but with a hope that people won't be stupid about it (the wheel already exists, don't reinvent it!) and a goal of a standard set of protocols and tools/features.
  • The usefullness of this tool in countries like the US isn't really clear. If this tool will successfully redirect ip addresses for "secure" e-commerce sites, it is a MAJOR point of concern for online retailers.

    This could be the script kiddies saftey blanket for online fraud like "carding" and creation of fake accounts for everything from software to porn.

    I will not be surprised when users sit up and say "Why doesn't this forum remember me?" The nature of the user that this software atracts, is the half educated kid that doesn't really get it

    On the other hand, cDc and L0pht have always produced tools that force security experts to stop being lazy and get back to making truely secure systems for e-commerce and the like.


    • The more the merrier!

    Amh. How come? Another project will always create duplication of effort, meaning that if the coders had worked on one project instead of many, that one project would be better than any of those many projects. What are the benefits of additional projects? And don't say "diverse features" or something like that, that's bullshit, I see no reason why all the features couldn't be in one client, provided the architechture is versatile enough. And it should be.


  • I didn't say I'm against diverse features. I'm against diverse /projects/. Microsoft was a problem because it was one project with one goal; I don't see linux, for example, as such problem because it's one project with many goals. Likewise, rather than two projects (cDc vs. freenet for example), I'd prefer seeing one with plug-ins/mods/forks/whatever for different purposes. Because, if you do different projects, you're bound to do some reinventing if the projects have anything at all to do with each other (P2P...).
  • If anyone can spank the RIAA, the MPAA, and the archaic information control policies of places like China, Singapore and half of the middle east, all at the same time, it's cDc. They've got great hackers/coders, and a great publicity engine. This is gonna sound corny, but in the age of information security, control, and secrecy, people like the cDc are freedom fighters.
  • I'm hoping peekabooty will be a *Great* tool. Freenet's in the ether, Gnutella seems to be regarded as "flawed".

    But no matter who gets it done right, the very concept of the tool is outstanding, because it gets right at the heart of the issue; do people have a right to privacy, or not? For the French and others, REAL P2P erodes their ability to say "We respect freedom of speech and thought... Except for X, which obviously has to be stopped."

    But I bet the only way this thing resembles a "web browser" is in tunnelling everything through port 80 (and maybe 443). Now *that's* the way to hide in a crowd. I'm very interested in the technical details. They will actually have a lot to do with who uses it and how...

    Boss of nothin. Big deal.
    Son, go get daddy's hard plastic eyes.

  • In the information age all wars will be fought with programmers. Programmers are the only true freedom fighters.
  • Now seriously, would *you* install a p2p client/server that comes from the same guys who do Back Oriface?

    Sure you read the source...

  • People at EFC [] have been seeking help for countries with restrictions on what they can and can't see so this would be a plus to them. (view their email on this [])

    What will be nice to see is how governments and corporations will respond to this, concerning piracy, patent violations, the typical bullshit we've seen for the past few weeks.

    Funny I posted this on my site [] days ago ;P

    Privacy links []
  • I am working on two related projects that might interest you. For some reason (probably because I am self-promoting them all the time), I can't seem to get any official Slashdot press. Both are built on top of Freenet, and both are aimead at answering your question:

    1. World Free Web [] - an attempt to connect browser caches to Freenet, creating a "backup web" that would be as anonymous and private as Freenet, but as easy to use as Mozilla.

    2. FreeSQL [] allows you to port your SQL-based apps to use Freenet as the underlying storage mechanism.

  • These days a lot of the cDc members live in san francisco.
  • A question for you Ian (if it is you... ^_^):

    A new node every 3 minutes? How do you know that, considering the structure of the Freenet protocol? Is there a way of analysing the network, or are you just reading the node-list at octayne? If so, how many nodes are currently in operation?
  • The main reason China (and other nations) haven't YET cut off all internet access, and probably won't, is that as much as the governments love their ideology, they also love money and foreign investments. China, for example, knows it can't survive without foreign investment and commerce, and the internet helps facilitate that. Thus, I don't think China would ever completely cut off its citizens from the internet - though it might restrict things to a very few "approved" web sites.
  • It seems from the BBC article that what the atstake people are building will be socially useful, but not majorly different from Gnutella or Freenet. Not to knock their hard work and this project in any way (I support it and will try it out when it comes out), but I see the maximum social benefit coming from making an easy way to access the web in general, not from providing an easy way to publish documents on the web. This is because getting information out of China (or France, or Singapore, or any of the UN Human Rights Commission [] type countries) is a lot easier than publishing an ordinary newspaper to the mass populace.

    The link above is a good example, as it is likely that you couldn't easily visit it from a computer in China. To see what I am talking about, look at these:

    • Punching Holes in Internet Walls, a New York Times article on various attempts to circumvent access restrictions. (Here are the obligatory partners [] and channel [] links.)
    • Beijing Declares Victory But Chat Rooms Are Skeptical [], a New York Times article providing background information on web discussion boards used and censored by people in China. (Again, channel and partners [] links.)
    • [], (changing their name to Quova), a company attempting to keep a database of IP addresses versus geographic position. You can look at some technical information here. []
    What one gathers from the above articles is an on going tit-for-tat battle between the Communists (and other censorous governments, in conservative Islamic nations, etc) on one hand, versus the people of those nations, and those who would offer them information on the other. China and those other nations don't firewall based on the content of the data passing through; they just generally block connections to specific places, by DNS name and IP address. People found they could use a proxy service such as safeweb to get to the unfiltered Internet. Then the Communists found safeweb and blocked access to it. So safeweb started daily emailing out a new list of sites which were running the safeweb proxy, and the Communists would rush to block those and the safeweb folks would rush out new ones. Eventually the safeweb people came out with a way for any individual in the free part of the world to easily run a proxy that accepts connections and redirects you to safeweb, that is the Triangle Boy system. That's about the state of things now.

    A system or service like that described in the realmapping links might be used by gateway machines in China to broadly filter all sites outside the country, except for perhaps a select few. This is a real threat to the safety of the world. If Chinese grandmothers and high school students could easily and regularly read anything on the web, then China is much less likely to end up in a war with us or with Taiwan. The Chinese are not going to like America more or agree with our positions because they can read the propaganda and claptrap that our press spews out every day, but they will have a different sense of perspective (perhaps more cynical) and they will be less likely to get into a froth about some spy-boys getting a little rough with airplanes. I'm not going to get into the philosophy of it all, but suffice to say that I think that the more the people of the world can see and hear of each other, the safer the world will be. The Truth Shall Set You Free.

    A system like Triangle boy [], which is a network of proxies run by volunteers to enable you to connect to safeweb [], is what we really need to solve this Internet filtering in foreign countries. An easier to use freenet/ gnutella from l0pft will be very exciting of course, but I think it may not be the right solution for the Communist censorship problem.

    For a gnutella/freenet to have effect on the Chinese student who wants to read a New York Times article, it has to be undetectable by the Communist Firewall (because the Communists might decide to block all encrypted traffic, or find the student himself) and it depends upon someone in the free part of the world running a script to dump over into the gnutella/freenet system every day. I believe it would be much better to set up something like Triangle Boy but without the single point of failure of the central safeweb service, and doing something to hide and disguise the web page requests and content.

    That's really hard to do. If you settle for a distributed system that doesn't hide and disguise the traffic, then you run the risk that the Communists will simply block all encrypted traffic or start trying to track down and harass individuals inside their country. Maybe you can depend on the difficulty of running that type of firewall on a whole country, and the fact so many people will use it even the Communists won't be able to throw them all in jail. Maybe you can also set up clever proxy and client combinations that hide their real traffic in the meta tags and comments of innocent looking web pages, or use other steganographic techniques, but you would have to be constantly upgrading them against Communist detection.

    By getting rid of the central safeweb point, you also avoid any censorship due to cooperation from publishers on the free side of the firewall. This would have the effect of making it impossible for Yahoo to not display Nazi stuff to France, because they couldn't tell who was from France. This would make the IP ban that occurs after you modded down 5 times in 24 hours also useless. Yahoo and the French, the Communists, and Rob Malda will all have to come to the realization that anything they put on the Internet is on the Internet for everyone, no discrimination.

    That day cannot come too soon. We need to get to work.

  • pedant:on

    You're right: this is terrible grammar. Ordinarily, a group / company / country should be taken as singular.

    So, Microsoft is planning world domination, as opposed to Microsoft are etc.

    The second should have a possesive apostrophe: blah blah at this year's Defcon.

    However. In spoken UK English, at least in London, you are more likely to say "A group of hackers are developing" than "is developing" because it allows you to roll the "are" sound into the end of "hackers" to make a "hack-erz-a" sound. The grammar rules have yet to catch up with modern speech, and many journos try to write as it they were speaking. It tends to read better that way, y'know?

    Still, if they dropped the "A group of" then the singular verb would be correct. As it stands, the to-be verb should correspond to the primary noun which is "A group", and not "hackers".

  • by BierGuzzl ( 92635 ) on Saturday May 05, 2001 @11:09AM (#243867)
    ...but not because it's revolutionary, new, or even somehow an impressive technical achievement (or achievement to be). It's important because cDc has the ability to make a statement that will be heard net-wide. It's importance is of a political nature.
  • That's funny, I thought the CDC [] was more interested in wiping out Ebola and AIDS...

    Of course, it could always be (successfully) argued that governments ARE, in fact, a disease...


    Zaphod B
  • Sorry, but anyone who thinks programmers of any stripe are "freedom fighters" has more freedom than sense.

    Back that statement up. If you're going to make such a claim it requires an argument.

    Anyone who provides tools to other people that help enforce their privacy from people who might wish to take it away can be considered freedom fighters in my book, and I'm sure most /. users books.


  • > > Sorry, but anyone who thinks programmers of any stripe are
    > > "freedom fighters" has more freedom than sense.

    > Back that statement up. If you're going to make such a claim it
    > requires an argument.

    Well, if programmers are "freedom fighters" does that mean the revolution's over when the power fails?

  • Ah, they're keeping at it [].
  • They've actually been talking about this for years. Last year, I was at a 'hackers and law' conference at our local law school, and 2 CdC members were there (oxblood, and BroncBuster). They were debating with a local FBI agent, and they ended up actually discussing this project back then. I think the idea is great! I just wish that they had 'sourceforge'd' it so others can help! Maybe they will do that at defcon...
  • CDC of course is famous for tools like Back Orifice, which is mostly controversial because its a perfectly legit admin tool with a really scary sounding name...

    Moderations Totals for CmdrTaco: Troll -5

  • i guess it depends where you live / are from in Britain

    Intel are/is would not be misunderstood by anyone
    forest is a collective noun replacing a plural for a singluar

    Intel is both a group of individuals and a corporate entitity hence the difference

  • Dead on.

    We really don't need anymore code that tries to implement yet another anonymous, decentralized peer to peer network and comes up a little short of its potential.

    What we really need is a good specification written in nice plain english.
  • by sracer9 ( 126645 ) on Saturday May 05, 2001 @09:19AM (#243876)
    I believe that that's what the folks over at the freenet project [] are attempting to do.
  • Whee, another relaying scheme. No seriously, I don't see why anyone would host potentially (more like probably) illegal connections for someone else. In the end someone has to pass the request to the destination server.

    And the argument that - "If suspected of originating these requests, simply explain that you were participating in a crowd (regardless of whether you were or not!)" is hardly going to make any difference in a court, or against an ISPs terms of service agreement.

  • by fleener ( 140714 ) on Saturday May 05, 2001 @09:08AM (#243878)
    I wish cDc would just go back to writing stories about Debbie Gibson fighting ninjas []. Stick to what you're good at.
  • by Chester K ( 145560 ) on Saturday May 05, 2001 @01:33PM (#243879) Homepage
    So now, almost a year after the P2P bandwagon got started, and only a few weeks after Sun removed any doubts that it was, in fact, a bandwagon by jumping on and promptly falling off

    Just think about the possibilities! This could be as big as Push technology and Portal sites!
  • I don't know about the second one, but collectives usually do seem to be considered plural in British English.

  • Is this going to be a client for a web browser, or a server to work as a proxy?
  • What if we could actually come up with a far more scalable version of the existing 802.11b "ad hoc" wireless networks, which let you connect a whole bunch of laptops w/ wifi cards together without needing a gateway or hub? Getting across oceans and wide-open spaces would still require some dependence on infrastructure (and thus on corps and govs) but in a megalopolis like the northern half of the east coast has become, we could get enough people with wireless access just roaming around to route messages pretty far without ever touching a cable. This is what'll be REALLY uncontrollable, especially once we figure out some anarchic way of bridging the vast distances that's got plenty more bandwidth than packet radio. Still problems here - you're broadcasting stuff, so you're easy to find, plus frequencies can be jammed, also that scalability thing that gnutella seems to still be having some trouble with.
  • The way I read it, if the information you want isn't on the network a computer with more freedom will go and get it for you.

    I'm curious as to how the communication works on a lower level. For example, if I'm behind a firewall that blocks almost all traffic that isn't going to a certain address (Bess), will this thing do me any good?


    "Great minds run in great circles." -fortune

  • by phoxix ( 161744 ) on Saturday May 05, 2001 @09:06AM (#243884)
    Isn't it theoretically possible to create a "second Internet" using technology like gnutella over the current Internet?

    One that would be much harder to filter ... and harder to regulate ...?

    I could see this doing wonders for many large countries like China ...

    makes you wonder

  • this program could be used for a lot of things. blah blah china people might be able to get around the censorship blah blah. cDc made that up ahead of time so they had a good excuse built up for when their ass was against the wall. And we believe this? this program is an uberproxy. you cant pin it down because server requests are encrypted and passed between a few different users before they hit the server. puts an anonymous proxy to shame.
    possible uses for this software include credit card fraud ("carding")...ok thats all i can think of...but that makes carding on any site completely safe. trace all you want. you cant go through 6 different home computers in time.
  • i dont know if anybody else had a proxy in school. but i did, and the way to get around it was to use another proxy, to make someone else send you the data through you request a page, they go through the usual process, then spit it out to you

    I assume cDc did the same thing but with p2p:
    First an encrypted request is sent out, a certain number of users take the job of routing it. the person on the far end begins download and encryption. then the data passes downstream to the enduser. (the person who requested the html file in the first place.)

    For any reason you might want to be anonymous, you could use this program. carding (credit card fraud), spam, useful for hacking maybe, i dunno, but basicly this is for withholding your IP for any reason.
  • but this isnt even a remote administration tool!!

    this is just a hack of microsoft's BackOffice Remote administration tool! they took that program and made it into an embryonic trojan. any smart 13 year old script kiddie could slap that into another program without blinking twice. please show me your legit uses of this program, because im straining to see the light. damn optimists.


  • Many users (such as myself) with nice fast connections have bandwidth limits per month after which we start to pay.

    In my case, my cable modem downloads are 'unlimited' but if you exceed a 500MB upload in a single day (pretty tough to do, since they limit upload speed to 256kbps), they get TOS on your ass. I suspect that there's some point in the download that they'd decide you're abusing the system, but it's theoretically unrestricted. I wasn't aware that any cable companies were charging extra for bytes above some limit. I thought they just threatened to cut off your service.

  • so if 'they' really doesn't want you to see it, they can just take that server out

    It presumably won't allow you to discover on what server the information resides. At least, that's how it sounds from the description in the article.

  • I'm aware that it says "gnutella like" but i don't know how this could be better implemented

    The way the article phrased it was, "Peekabooty will work like the Gnutella peer-to-peer network that has no central server." So the only stated resemblance to Gnutella lies in the lack of a Napster-like central server.The underlying implementation could be (and probably is) completely different. cDc must be aware of Gnutella's problems and presumably wouldn't be bothering to do this if it wasn't going to end up beng usable.

  • Hmmm. I always thought that the Brits say, "Intel are developing ..." because they consider corporations to be collections of individuals. (Although why they don't maintain consistency and say "That forest are certainly pretty" are beyond my understanding" :-)
  • Tell me: what content do you share on Gnutella that is in the public domain or freely distributable?

    While I don't use Gnutella (and agree with you that it's questionable to try and cook up a legitimate use), I could see it being used for something like movie trailers, where it's more or less freely redistributable, but the server serving it could easily get Slashdotted as ever geek with DSL (and even some stubborn ones with modems) rushes over to see what the Matrix 2 is going to look like.

  • I've frequently thought about how cool it would be if we could think of a "legitimate" use for the Gnutella network

    If you've had the software around as long as Gnutella's been around and you're still trying to come up with a legitimate use for it, it's my opinion that you've already lost.

  • by Mike1024 ( 184871 ) on Saturday May 05, 2001 @09:44AM (#243894)
    This could be done very much like Crowds [], which is also an online privacy tool. It seems to be closed source though, so I havn't tried it. I predict the following extra features in the CDC program:

    1) Strong encryption, ideally masquerading as SSL, to stop it being too easily blockable. Or better sill, MSN Messenger format messages.
    2) Open source, and availiable on all platforms.
    3) Something to allow all your HTTP traffic to be routed through the same machine for one session, so it is possible to access sites like Hotmail that forward you about a lot, and check your IP address.
    4) More cow pictures.

  • What will be nice to see is how governments and corporations will respond to this

    For really totalitarian governments this is easy to predict:
    There will be a severe punishment for using these tools or encryption. Think about the third reich. Anyone caught listening to enemy radio stations was *severely* punished, up to the death penalty. Also, letters were censored. If you had somethiong written in obviuous code (encrypted), there would have been severe punishments as well. So, all you can transfer per letter is a few bits. For example, if my father had ever written a letter to my aunt where the date were underlined, this would have been very bad news. The argument is fairly simple: You only need to hide things when you are doing illegal stuff. People doing illegal stuff should be punished.

    I would guess that it is much easier for the government to find out whether you are participating in encrypted/PeekAFoo/Gnutella Internet usage than whether you are passively listening to the "wrong" radio station. Therefore, I guess these things are not very effective in a totalitarian state.

    Off course, the government will let things through it likes. For example, my father could read all the science magazines from the allied powers, so that he could build even better killing machines for the Gröfaz (Hitler). They came in via spain.

  • Stop totalitarian governments? I'm all for freedom of speech; i.e. expressing ideas, criticizing government, etc., but governments that repress this are certain to outlaw this browser. As for the U.S., etc, do we really need more tools to help people hide things like child porn?
  • They've got great hackers/coders, and a great publicity engine.

    They've got great publicity for sure, however I'm not so sure about the "great hackers". This instance of a "coming soon!" application sounds notoriously trivial (would any programmers out there who think writing a P2P encrypted system is difficult please raise your hands...okay please step out of the career because you're woefully underskilled), though I respect that they are doing it. BackOrifice, while still a notorious trojan that is responsible for a lot of neophyte computer users getting fuxored, did show Microsoft to be very hypocritical regarding SMS when they canned BO.

  • by ShaunC ( 203807 ) on Saturday May 05, 2001 @09:25AM (#243898)
    >Isn't it theoretically possible to create a "second Internet"
    >using technology like gnutella over the current Internet?

    In theory, yes; the problem is those last four words, "over the current Internet." If you want to get data to China, but China happens to be blocking packets which originated anywhere outside of China, good luck. It wouldn't matter what program, protocol, or network was involved; your data wouldn't make it.

    Peekabooty looks like a good idea, and because China isn't yet at the point of blocking all foreign data, it's probably going to be effective. But I wouldn't be surprised to see some countries (I'm trying hard not to pick on China here; many middle east nations also filter net access) implement a cutoff from the "harmful outside world."

    cDc's stuff is always useful and fun to play with - I don't think Peekabooty will let us down.

  • At any rate, I wish a lot of the focus of peer based projects would shift from simply being Peer to Peer!!! into specific implementations of peer based functionality, like resource discovery, content transfer, etc. -- PureFiction

    Good points. Of course, these are the core problems of any network implementation. I'd say that, as an industry and as a science, we've done a poor job at developing robust discovery solutions that are both useful and resistant to degradation -- degredation due to malfunction, overloading, or black hat mischief.

    This is another example of a situation where the availability of a flawed but usable solution creates de facto standards that are barriers to better solutions as they appear, and are disincentives to those who might invest effort to develop those better solutions.

    JMHO - Trevor
  • it only takes one leak in or out

    Also remember that leaks are not always network leaks. No matter how good the network blocking, no computer network will ever be able to stop someone from charging across a border with a backpack full of CD-Rs. (For that matter, how about a small, cheap unmanned glider plane with a CD-R or two inside?) And then, as you have pointed out, the data is inside and can be spread anonymously. The two ways to combat this are:

    1. Accept data leak as inevitable, and relax the information controls
    2. Enforce all-out electronic, physical, and psychological war on independent data channels

    Which option do you think is more sane? Now which option do you think most governments will choose? And this can happen to any country, not just the totalitarian ones. One has to wonder if someday in the US there will be a war on information like the current war on drugs. The US is still one of the most free places on earth. But the trend is rather disturbing.

  • Don't they, however, usually say "the United States is planning to . . ."?
  • The MIT Freehaven [] site is a similar project and has some interesting articles about problems of current anonymous p2p systems like Gnutella Freenet and Mojo Nation , such as Accountability flexibility and different kinds of anonymity.
  • What about a completely new internet?
    I mean, i didnt know the first years of the internet. When only universities were using it. When all the commercial stuff was more or less out of it. But as far as i know it i think it must have been great. So why not building a new one? Perhaps every 20 years or so, when the old one is fucked up, just create an internet[n+1] :)
  • As said in the article they have the publicity..
    Dont underestimate this.
    And the arent bad at making nice GUIs, which is important too if a piece of software wants to get accepted. (hmm.. strange why napster was accepted, IMO :)
  • I've frequently thought about how cool it would be if we could think of a "legitimate" use for the Gnutella network

    If you've had the software around as long as Gnutella's been around and you're still trying to come up with a legitimate use for it, it's my opinion that you've already lost.

    Legitimate: wholly legal. Tell me: what content do you share on Gnutella that is in the public domain or freely distributable? Open source stuff is faster to download from their servers. Same with most other "legitimate" things: the reason we use Gnutella is because servers serving illegal stuff get shut down. I really am interested in hearing what examples you might be thinking of.
  • by 3-State Bit ( 225583 ) on Saturday May 05, 2001 @09:50AM (#243906)
    The software, which is due to be unveiled in July, uses a combination of encryption and a Gnutella-like network...'
    I've frequently thought about how cool it would be if we could think of a "legitimate" use for the Gnutella network, so that
    • an ISP can't possibly feel itself justified in shutting down anyone shoving gigabits through the Gnutella port (you've already heard about this probably...), and
    • so the Government can't try to stop Gnutella (company?) from distributing Gnutella software (it wouldn't matter if it did: Gnutella's already out there and since it's P2P the government can't do anything to get gnutella company to shut down the service, but:)
    • Or worse, to try to go after the users and to make it illegal to use gnutella! (Which isn't so farfetched...)
    The government or RIAA can say today, "Look, there's no justification for using gnutella since it's basically only used for piracy, so anyone that's shoving data over it has every reason to be denied that right."
    But if we could say: "Uh, actually, it's just a distributed internet surfing system with encryption, which also happens to work as file-sharing as part of its distribution scheme, since it doesn't differentiate between html documents and binary documents, which isn't a meaningful distinction anyway since you can MIME encode anything into html if you want,"
    THEN the government will be forced to say: "well hot-damn. We can't have ISPs shutting down distributed information sharing, which is the only thing WEB-SURFING can be construed as, since it would be a denial of freedom of speech (denial of right to know. Freeedom of speech, although IANAL, only is a meaningful right as long as those who want to listen to you have the right to listen to you.)
    There's little the Government or any ISP could say against "It must be encrypted so that the information becomes available to users under a totalitarian regime. It must be distributed so that that regime cannot shut down a web server and cause the source of the information to cease."
    The upshot: the government, your ISP, the RIAA, etc, etc, will have NO way of keeping the ENCRYPTED, DISTRIBUTED, "stuff" that you share from happening to be pirated. They can shut down Gnutella of today to some extent by making the software illegal to own, since they would be fairly justified in saying that it is used almost exclusively for illegal purposes. If you started doing web surfing over it, there is no such argument.

    For this reason alone, all of us should start doing all of our surfing through this new system as soon as it's featurey enough.

    Besides, at the very least, if we started doing that, then whatever we do websurf will be hidden from our ISP by being encrypted, and documents will probably come over much faster under a distributed system. Well, static documents would at least. Maybe this system would also serve to route you around faster, mimicking IPV6, so we could still do better to use it than surf straight. There's no limit to how much good we could get from doing all of our surfing through a distributed, encrypted system, and since the fact that it would make piracy easy is an inherent but small side-effect, it would mean that no one could stop it.
    Long Live the Freeedom to Rip Artists Off!

    (Which I happen to disagree with, but to a far less extent than I do with the RIAA's trying to force us not to share our files. If artists included an address to send money to in the extended descriptions fields of their MP3's [yes, artists should distribute their own mp3s], I know that I for one would take advantage of it and give them their due. As it is, it's far too much trouble and far too much of what I would pay would go straight to the record industry's pocket. That reminds me of a joke [], which is actually a good analogy for why we share name-brand artists instead of no-name artists, even though name-brand artists are being whored out by the record industry.)

  • The positron traces show you used some brand new electrons as well, Buster!
  • by nachoworld ( 232276 ) on Saturday May 05, 2001 @09:33AM (#243908) Homepage
    You know, being from Lubbock, I'm particularly wary of cDc. I've never been able to figure out where in town they operate. Then one day I was driving about and I saw a guy with glasses and a nerdy outfit dragging a dead bovine body, roadkill from our truckers, across the road. I followed him for awhile and somewhere near 82nd street and Indiana he turned into a back alley. When I caught up to him next, I couldn't believe my eyes. He was using a crane to lift the dead cow up to the top of a huge pile of dead cows. There must have been hundreds. It was quite smelly. Finally I met these Geek Gods. I didn't know how to open up conversation. I was nervous. Plus, I found it kinda strange that they collected dead cows, literally. So I decided to ask them about their new software coming up. His reply? "Cult of the Dead Cow? Browser? Back Oriface? I'm just a homely redneck collecting cows." Oh well, I'll find them someday.

  • An Anonymous Coward writes "Judging by the Back Orfice encryption i suspect that this encryption will either a)Be terribly slow that no one will want to use it. or B)It will get cracked in a week." Now I'm not sure about the original BO's encryption, but BO2k has the option for plugins that can choose Blowfish, Triple-DES, or other encryption schemes for data. Doubtful that someone will crack that in a week. As for speed, I have yet to use BO2k (I'm currently experimenting with VNC, although BO2k seems to have more features), but I doubt that it is terribly slow. (Btw, if anyone does use BO2k, can you comment on the speed under a decent computer (say anything higher then a P200) with a strong encryption scheme? Thanks.)
  • the harder you press to stop the free flow of information in any form, the harder people will press back. This is the natural way of things.

    Ther harder you try and conform people to a standard the more they will nonconform.

    You take away thier books, they will write there stories in the streets.

    You take thier pens and paint, and they will write there stories in thier music.

    You take thier voices and they will write there stories with thier blood.

    This will never stop, as it is the natural order of things.

  • We have spent millions of dollars creating a new copyright law to protect authors and musicians, in Australia,

    You're a liar. If you really protected artists they wouldn't be so thoroughly exploited by corporations-subsidized by your policies I might add. Copyright law is for business', not artists.

    and you guys come along and simply slap up circumvention devices like there never was a problem.

    There wasn't a problem until greedy morons like Bill Gates came along and made the Internet a commercial battleground. A battleground where your government gives money and infrastructure to businesses like Microsoft so they may succeed in this endeavor and control the entire Internet much like they already control the 'computers-sold' market worldwide. It's all about the market.

    Why don't you government wogs ever give millions to artists every year? Answer: they don't pay for your campaigns.

    Tell me this Smart arses:

    BTW, impersonating a government official is a federal and international crime.

    How do you think my corporate benefactors are going to treat me now that you've (in theory) stepped straight around the provisions in my new laws?? Don't you realize I'm going to have to send some Australians to jail for five years once they use this now illegal circumvention device.

    That's right. Use the Internet and you could go to jail. Didn't take long for the powers that be to threaten the Net using public at large. How about this? You go to jail for misuse of the peoples funds and are banded from public service for being a brainless jerk!
  • Um, China has always had the idea that China was the Earth as far as its citizens were concerned. This has been its philosophy(isolationism from all countries) for hundreds of years, and it hasn't changed. It doesn't cut off the Internet so that its citizens do not get angry at China. Most Chinese citizens probably think they recieve the same Internet access that all nations do.
  • The internet is the main weapon freedom fighters have against increasingly Orwellian governments. We must keep it free (as in freedom) at all costs. We must block all intrusions by those who would spy on us.

    Demand liberty. Always
  • good luck and god speed to them in their quest to defeat the totalitarian regimes out there. Maybe they'll have a better record along those lines than the U.S. government.
  • Sure, the functionality it provides IS useful, but you can't call a program which DELIBERATLY hides itself from users a "legit admin tool". It's a trojan, and it was meant to be a trojan.
  • Though I've never used it, I'd bet that Back Office shows up in at *least* the add/remove programs list, or the start menu. I don't mean you know know if/when it's running. I mean you don't even know it's installed (unless you run a virus scanner..).
  • So XMYTH sez:

    "Sure, the functionality it provides IS useful, but you can't call a program which DELIBERATLY hides itself from users a "legit admin tool". It's a trojan, and it was meant to be a trojan."

    BO2K does everything that MS System Management Server does, including the "stealth" option.

    BO2K costs nothing and is Open Source. MS SMS costs about US$1500 or thereabouts, and is, of course, closed and propriatary.

    SMS can be trojaned just as easily as BO2K.

    Does that therefore make SMS a trojan or a legit administration tool?

    Beleive me, if BO2K was released by Symantec or MacAfee or even MS, there would be none of this BS about BO2K being a trojan.
  • The folks over at cDc really are the freadom fighters of the information age. Makes me think of the original Star Wars movie. The world is full of oppressive governments (the USA included aka carnivore) and monopolistic corperations like M$ and AOL. Some one has to fight for freedom of thought.
  • "but you can't call a program which DELIBERATLY hides itself from users a "legit admin tool"."

    If I'm not mistaken, Microsoft's Back Office has the exact same feature to 'hide' itself from users. So does this mean it's not a "legit admin tool" either?

  • Wrong.

    They will be (and are) fought by analysts and diplomats:

    Side A: "Our intelligence says you require this much power to keep your hospitals running. Either you release those prisoners or we launch these ICBMs pointed at these power stations"

    Side B: "And? WHo says we didn't plant that intelligence? We anticipated your move, and have tripled military power output and redirected it to potential targets"

    Side A: "Damn!"
  • Even if [insert totalitarian country here] did attempt to block all foreign packets, this technology or Freenet's version is still a vital means of publishing information without going through the government filter. And it only takes one leak in or out to cirumvent attempts at blocking, anyway, because the info could then be stored in the Peekabooty system within the country.
  • by janpod66 ( 323734 ) on Saturday May 05, 2001 @09:08AM (#243922)
    Does that mean they are implementing something like crowds []? I just hope they do it right, because making anonymity work is a bit more complex than just shipping stuff through a bunch of intermediaries.
  • The cDc is a great organization, but we need it to either grow or for more groups like this to form so as to take on more projects. Think about the problems with censorship from governments and organizations like the RIAA and the Video Watermarking Group that need to be dealt with. The digital watermarking of cds and dvds, filters in public institutions, the amount of data that big corporations can collect about us, etc... I find it worrisome that there is virtually no public outrage about these things. The cDc is the perfect kind of group to take care of business.
  • Let me firm up my post. I didn't *just* mean the cDc (although I admit to being somewhat uninformed about them), and I know the SDMI watermarks were broken by a bunch of college professors and scientists. What I meant was, the idea behind the cDc, a bunch of geeks and techies that crack oppressive and/or unwanted DCMA-abusing stuff, is a good one. If the cDc isn't big enough and doesn't have the knowhow to do things like that, than they either need to get the ability, or something else like the cDc ought to form that has the power to circumvent these denials of freedom.
  • This might initially seem to apply to only those nations under strict regimes and which limit access to information, but it seems that it could be fought in other nations, too. Consider that it would allow French citizens to get around the ban on Nazi memorabilia. If we make it more difficult for them to comply with the court order, we'd better hope the French government doesn't hear of it because it might put more restrictive limitations on Yahoo. To be honest, I couldn't care the least about Yahoo, and I think it's excellent that something like this be created, but if governments which we respect and recognize find out about this and they start putting more restrictive orders on censorship, we set a dangerous precedent.
  • What's wrong with Freenet? [] Wouldn't it be smarter to assist an ongoing anonymous, decentralized p2p network (which sounds substantially more advanced than Peekabooty) rather than spawn off another one? --Greg

A bug in the code is worth two in the documentation.