Sophos Cloud Optix
The internet was designed to be resilient and decentralized. Its multiple, redundant pathways between any two network nodes and its ability to accommodate new nodes on the fly should enable it to keep carrying data in the face of blocked nodes, censorship from repressive regimes or natural disasters.
However, its implementation has far diverged from its original design, with ISPs now holding the reins of the highly-centralized platform into which the internet has evolved.
Nowadays, each end user/node is stuck at the end of an isolated cul-de-sac. With the flip of ISPs’ switches, an overwhelming majority of a country’s nodes go dark.
Which is exactly what happened to protesters in Egypt when they were plunged into digital darkness after the country’s regime made some five phone calls to ISPs in the early hours of 28 January 2011.
The easily-persuaded ISPs pulled their plugs, disabling 93% of the country’s internet access within a mere 28 minutes.
This is all detailed in a fascinating article by Julian Dibbell in the March issue of Scientific American.
In the article, Dibbell delivers an account of how Egypt’s internet shutdown was “an object lesson in the internet’s vulnerability to top-down control,” with a shutdown that was “alarmingly instructive and perhaps long overdue.”
The Egyptian cutoff is only the starkest of a growing number of examples of how vulnerable the internet has become to top-down control, writes Mr. Dibbell:
During the Tunisian revolution the month before, authorities had taken a more targeted approach, blocking only some sites from the national internet. In the Iranian post-election protests of 2009, Iran's government slowed nationwide internet traffic rather than stopping it altogether. And for years China's "great firewall" has given the government the ability to block whatever sites it chooses. In Western democracies, consolidation of internet service providers has put a shrinking number of corporate entities in control of growing shares of internet traffic, giving companies such as Comcast and AT&T both the incentive and the power to speed traffic served by their own media partners at the expense of competitors.
In the face of an internet that can be controlled all too easily by corporations and regimes, activists are building alternative mesh networks that can never be blocked, filtered or shut down.
These networks often amount to what’s called an “internet in a suitcase”.
For example: FunkFeuer, a mesh network in greater Vienna, relies on 200 small, weatherized Wi-Fi routers on rooftops, each owned and maintained by the user who installed it, and each contributing bandwidth to a communal, high-speed internet connection throughout the city.
It costs nothing more than the $150 hardware setup, which amounts to what FunkFeuer co-founder and lead developer Aaron Kaplan refers to as “a Linksys router in a Tupperware box, basically.”
But can mesh networks replace the current set up?
Even committed supporters of mesh networking don’t anticipate that its promise of low-cost, do-it-yourself internet access could or should force ISPs out of the market. Jonathan Zittrain, a Harvard Law School professor and author of The Future of the Internet: And How to Stop It, told Scientific American that the centralization of ISPs has real benefits, including ease of use.
The magazine also quotes Ramon Roca, founder of Guifi.net, who doubts mesh networks could ever take much more than 15 percent of the market from the ISPs.
With that low level of penetration, however, mesh networks can serve to “sanitize the market,” Roca said, bringing the internet to low-income households and exerting downward price pressure on ISPs.
We can’t rely on market forces, nor widespread adoption due to ease of use; that makes government the next logical place to turn, Mr. Dibbell writes.
Whereas wireless mesh would serve the public good by delivering a network resistant to surveillance and censorship – things the network interprets as damage – the payoff for government would be in creating a communications channel that would route around actual damage, such as hurricanes, earthquakes or other natural disasters.
In those terms, it’s easy to imagine national security and law enforcement as being proponents of mesh.
But as Mr. Dibbell points out, it’s just as easy to imagine such entities distrusting a national mesh network, given that it’s outside the realm of surveillance and beyond earshot of the telephone and ISP companies that enable surveillance.
He writes:
Such are the complications of counting on government to support mesh networking when it is governments, often enough, that do the kind of damage mesh networks promise to help fix.
But we must bear in mind: surveillance actually does come in handy when you’re talking about cybercriminals and terrorists. As such, we could rightly wonder what the security situation might look like in a network independent of the watchful eye of ISPs and telephone companies.
As it turns out, security will likely be as do-it-yourself as the hardware, protocols, scripts and other technologies the activists are now hammering out.
For their part, those working on Eben Moglen’s FreedomBox mostly agree that it should serve as a web proxy to clean up and protect web traffic.
At this point, FreedomBox has posted a first draft of Privoxy, free software licensed under the GNU GPLv2 that serves as a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing ads and other “obnoxious internet junk.”
According to the FreedomBox site, Privoxy upgrades web traffic to prefer SSL encryption wherever possible. It also strips tracking software from web pages to provide greater privacy and anonymity to web surfers.
Future FreedomBox work will include a script to test HTTPS Everywhere rules. HTTPS Everywhere is a Firefox extension that ensures communications with a number of major websites are encrypted.
While the FunkFeuer Free Net in Vienna does maintain a list of known vulnerabilities, the group’s policy is that the onus for security lies with each node operator.
Their policy, as tweaked a bit from a kludgy translation:
The Beacon IT security team helps the beacon node owners to maintain a safe and virus/Trojan/worm-free network (and thus a well-functioning network). This is done mainly by warnings and alerts . We will not directly help individual node owners to install anti-virus protection.
Ultimately, beacon is a "bottom-up" power. This means that users are also responsible for the security of their router.
The IT security team reserves the right to warn, and in extreme cases, to block spammers and others who disturb the quality of the network. This should only be a last measure to protect other users or to ensure the basic function of the network.
If the idea of an internet that’s more robust in the face of surveillance and censorship appeals, now’s the time to pitch in and help projects in your country or region.
Here are a list of resources and opportunities from Scientific American:
- FreedomBox is planning future hackfests in various cities. They need help with ideas, with bug squashing, with script writing, with script testing, and with hardware. Write to join@freedomboxfoundation.org.
- The Mesh Networks Research Group
- The FunkFeuer Free Net network in Vienna/li>
You may also find it interesting to listen to a Scientific American podcast where attempts to build a hardier alternative internet are discussed.
Internet world image, courtesy of Shutterstock
Woop, Woop! Now, this does look very promising, although there have been mesh networks like this deployed around the border of Afghanistan and parts of Africa over the past several years. There's also the One Laptop Per Child mesh concept, which ran into problems because of disputes over a special type of wireless driver, etc. etc.
It's worth looking at the routing protocols used in OLPC, as that seems perfectly suited for dynamic networks of low-powered mobile devices. I'm also very enthusiastic about the potential of IPv6-related technology to facilitate secure comms in networks like this.
Excellent article.
A similar network (Athens Wireless Metropolitan Network – AWMN) exists in Greece since 2002. You can find a map here: http://wind.awmn.net/?page=nodes&session_lang…
It offers many services… some of them: private bitorrent tracker, DNS, IPv4/6 routing etc.
Even without the concept of combatting the influence of governments and corporations on internet usage, I think this is a great idea, and I think it will show its worth at the next natural disaster.
— Jonathon
There are two problems here. The first is that it should be more than obvious that NO national security organization would support this, unless they believed that it would make it easier for them to eavesdrop. The second is that your headline is a lie. At least for the ironically named “Freedom Box”, censorship is part of the fundamental design! Sure, they think that they are doing me a favor by removing ads, cookies and the like, but they ARE censoring me! And, since they have the technology built in, why should I trust that they aren’t or won’t be censoring other things? For example, there’s a campaign among US liberals to make a politician’s name into a crude term. Why couldn’t Freedom Box decide that this was a good thing, and block any other instance? It would be trivial to do.
15% seems like a respectable amount to me! That would definitely take a bite out of the corporate dominance. They might tolerate 3-5%, but 15% would have them scrambling. Not sure how they would respond, however.
Fantastic article, Lets hope this comes to fruit in the long run for us all.
You might also want to look into Project Byzantium (http://wiki.hacdc.org/index.php/Byzantium) from HacDC.
Check out Project Byzantium, courtesy of DC hackerspace HacDC: http://wiki.hacdc.org/index.php/Byzantium
"The goal of Project Byzantium is to develop a communication system by which users can connect to each other and share information in the absence of convenient access to the Internet.
The use cases for such a system would be:
The infrastructure for accessing the internet has become damaged or inaccessible. (Eg, a natural disaster such as Hurricane Katrina.)
A central authority has decided to explicitly block or shutdown key infrastructure. (Eg, Egypt's recent internet blackout.)
A zombie apocalypse in which the personnel responsible for maintaining key infrastructure have all been turned."
Beth H wonders how corporations would respond to 15% of the market going to this mesh network. Simple:
1. Buy some to understand them better;
2. Put up alternatives;
3. Make it policy that their customers cannot use their connections with these
4. Get gov’t to make laws that require huge red tape on them, like audit logs be stored and possibly be forwarded to selected gov’t and/or ISP for storage and review.
BTW, 15% is not possible, except in areas that have such low population concentration that are currently highly underserved.
The reasons being put forth "against" don't appear to be stronger than the reasons being put forth "for." Count me in. And I don't live in a low population concentration that is currently underserved.
go for it!
We need all the help we can get to defeat this pro-surveillance government and secret groups.
What we need is for Sophos to also join the fight.