s1LX

Is TPB’s IPREDator Relakks in a new hat?

// July 4th, 2009 // p2p

- Freedom | P2P:- “This is a more interesting - and more subtle - story than most folks have figured out just yet,” says Fausty of  torrentfreedom.net in a Reader’s Write to a p2pnet post on The Pirate Bay acquisition . In it we point out TPB spokesman Peter Sunde assures active and ex-TPB followers, “Remember this, guys and gals, we really love you all .” At the tail-end, among other things, he says, “we are also working on the finishing touches to our anonymizer Ipredator …” Said TPB in March , “ IPREDator is a network service that makes people online more anonymous using a VPN. it costs about 5 EUR a month and we store no traffic data. our service is right now in a beta stage. we hope it will be released for the public before 1st of april. Sign up now to start using it as soon as we’re stable. The network is under our control. Not theirs. ” But in a TPB comment , “Is it true that ‘iPredator’ is just Relakks?” - Fausty asks, adding, “If so, why is it taking so many months to rebrand an old VPN service from 2006?” He doesn’t get an answer that we could find. Pirate Party Relakkses Back in 2006, “Yesterday came news that Sweden’s new Pirate Party had launched Relakks, an online service which, it says, ‘lets anybody send and receive files and information over the Internet without fear of being monitored or logged’,” said a p2pnet story . It would cost about $6.40 a month. But is it all it’s cracked up to be? - wondered Smirnov on the Pirate Party site, saying he was, “thoroughly and very perplexed”. His post has long since vanished, but you can read it at the end of this. Meanwhile, torrentfreedom.net is a Baneki product, along with CryptoCloud, and Baneki is, in turn, a Canadian company in Chilliwack , British Columbia. With co-founder Douglas Spink as CTO, it states, “Both as a company and as individuals, we support a broad cross-section of nonprofit and community-focused efforts, from free web hosting for politically unpopular websites to more direct financial contributions to groups such as the Electronic Frontier Foundation, this work isn’t just window-dressing to make us look good – it’s a central part of who we are.” In February last year, it boasted of $17-a-month TorrentFreedom, “we’ve built a clever service that allows people to protect their privacy and freedom to explore and share online without a bunch of hassle.  It’s put together with all open source components, plus a little clever glue here and there.  Genuine structural anonymity but torrenters, and free range to boot.  We call it torrent freedom.” Of CryptoCloud, Baneki says at $17 a month it, “employs robust, opensource security technology to protect all of your internet applications from surveillance: web, email, IM, VoIP, p2p - every packet. Route around censorship and limitations like packet shaping, content filtering, traffic logging, and protocol limits - make your own ‘net neutrality’.” ‘Don’t slag competitors’ “In general, we don’t engage in any competitive ‘mudslinging’ in our company,” says the ‘Baneki team’ in a post on the company’s CultureGhost site, promising, “our efforts are focused on running a great service and seeking out new ways to improve, not trying to belittle others doing similar work”. But, it goes on, “regarding the ‘iPredator’ service announced by TPB; given the overall relevance of his rant, and the connection to the larger filesharing community and the longer-term direction of the community itself, this is an exception we’ll make to the ‘don’t slag competitors’ rule”. Here’s what Fausty has to say »»» You’ll forgive me, dear reader, if in writing this post I sound rather like someone who has fallen down Alice’s rabbit hole and is living in a mysterious parallel universe. This week, I feel like that myself - even more so than usual. It seems The Pirate Bay has begun generating its own, Jobs-style reality distortion field. Or, perhaps, that field is being generated around them and they’re as caught in it as the rest of us. First, the fact topology: This spring, TPB announces with the usual press fanfare that they are going to launch a “VPN service.” Wow, that’s rather interesting to me given my years’-long involvement in the business of providing a VPN-based service to customers around the world. I’d cite the original wired.com article about this “launch” but, alas, that article disappeared from their website this week. I’ll see if I can find a cache of it and post it in a parallel thread. In short, the “launch” has zero details - what technology will they use? What new angle on VPN service will they bring to the table? Nothing. Oh, they do say they will “not keep logs of customer activity when using the VPN service.” Hmmm. . . that sounds amazingly familiar - down to the exact wording of the sentences. If imitation is the sincerest form of flattery, then I’m a bit flattered (having personally written Baneki’s “no customer logging” policy in early 2007). The “launch date” for this ‘ipredator’ service is set as April 1st. I dutifully go over and sign up for the “contact me” list on the website - only to hear reported, a few weeks later, that two hundred thousand people have signed up for TPB’s new ipredator VPN service! Wow, that’s amazing - I guess I missed the launch. I check the ipredator website - no, there’s no launch, still just a “enter email address’ field and a link to some wikipedia articles on what a “VPN” is. Nice. Apparently the press is simply reporting however many people TPB says entered their email address as people “signing up for the ipredator service” - rather an unusual trick of reporting for a paid service eh? Given the massive traffic to TPBs’s main website they could safely “announce” a “service” sending people to the moon on flying carpets, put a link in the site’s footer (as they did for ‘ipredator’), and have hundreds of thousands of people “sign up” by entering an email address in a form. Anyway, ok well I’m sure lots of folks will sign up for their service whenever it launches. I mean, they have a big tracker and putting a link to a paid VPN service on the front page of a tracker, I dunno, it also seems just a little bit familiar . Great minds think alike? I guess. . .April comes and goes, then May, then June. Suddenly there’s a new flurry of press puff-pieces in late-June: ipredator is in “beta testing” yay! Nobody mentions that it was supposed to be launched April 1st. Nobody asks how a multi-month delay happened, why the “launch” is now a “beta test,” what technology they are using, etc. Nope, but it is widely reported that they already signed up two hundred thousand people to their new service!!!! eh? Given the massive traffic to TPBs’s Wow, great reporting there. Anyway, nobody on the email list has EVER received so much as a ‘welcome’ email from TPB so I’m skeptical about this “beta test.” Apparently, you have to be really cool (and really Swedish?) to qualify as a super-cool ipredator beta tester. I wait for further news, and then. BAM! This week TPB announces they are selling the tracker. Or not selling the tracker. Or selling the membership, but not the tracker. Or selling the tracker, but not the membership - or something. Nobody can quite agree on what is being announced - but the press dutifully prints, verbatim, whatever TPB says they are doing. They sold! They didn’t! They have angel wings! Oddly, I actually decide to read the press release issued by the company who is supposedly BUYING TPB - seems a decent place to start if one wants to report on a “sale,” right? Well, the press release is very clear: this isn’t a sale, it’s a reverse merger. And the “buyer” doesn’t have the cash component of the “purchase” - they have to go raise that money now. And there’s no actual business plan for what happens after the sale/merger - but someone is making good money moving worthless Swedish penny stock on the basis of the announcement alone: millions of shares change hands, day after day, all week. In non-Swedish, not-cool situations we call this “pump and dump” - if I did it, given that I”m not as cool or Swedish as TPB, the press would be all over me about it (appropriately). However, TPB’s reality distortion field obviates that apparently. All week I’ve waited for SOMEONE in “the press” to utter the words “reverse merger” to describe TPB’s transaction. And wait. And wait. I mean, this is hardly controversial - Peter Sunde has essentially said it’s a reverse merger - a way for TPB to “become listed” as the “ultimate prank!” Finally, I send a rather snippy email to Torrentfreak - who claims to “cover” the filesharing world but lately seems to be much more concerned with writing puff-pieces on whoever is coolest. Yes, they also “reported” on the 200,000 people that “signed up” for ipredator - and no they never corrected it, etc. As I wait around, twiddling my thumbs in boredom this week (ok not really ), serendipity strikes: today, in fact, a friend of a friend actually gets one of the ‘coveted’ beta tester invites to iPredator. Two salient points: 1. This is NOT a ‘beta test’ - it’s a paid launch. Beta tests, by definition, are NOT paid launches - they are TESTS. If you charge people to use a service - charging full price, natch - it is NOT a “beta test.”2. This isn’t even a new VPN service - it’s just Relakks, with a halfway-updated skin slapped over the same forms and payment pages and all the rest. TPB’s “new iPredator anonymizing service” is a warmed-over, left-for-dead project from 2006. What is Relakks? Well, Relakks was the first consumer-focused VPN service - launched in 2006. They got some good mainstream press (including the Wall Street Journal , where I first read about them) and claimed to have signed up “20,000 customers” (a number I now question, seeing as they have now resurfaced with a similar claim about iPredator, one we know is bullshit, i.e. the “200,000 signups”). I got an account with them in 2007, as a test. Their “service” is just a shoddy implementation of pptp - which is, itself, an old proprietary VPN framework that Cisco and Microsoft developed in the 1990s and largely left for dead. Why use it? Simple, it’s built in to all Windows OS’s (being a proprietary Microsoft creation, no surprise) - so there’s exactly zero development work needed to “lauch” a pptp-based service. You just put a how-to page up telling people how to activate the pptp frontend in Windows, buy a (licensed?) copy of a Windows Server OS, and let people connect. Anyway, the Relakks pptp-based VPN service is. . . ok, I guess. It’s slow, it’s proprietary, it’s not happy with some of the more non-mainstream IP protocols (like, err, bittorrent). Oh, and it leaks DNS information routinely - it was never meant to be a “real” VPN framework, and that’s not even mentioning the fact that it’s proprietary. As we built our first VPN service, at Baneki, we used them as a starting point - and quickly realized that doing VPN service correctly would require a completely different technical approach. We researched OpenVPN , rolled up our sleeves, and got to work. In the winter of 2007/2008 we acquired another VPN service (VPNtunnel.co.uk) which had also spent years developing an OpenVPN-based network. We kept developing and improving and updating our network and our client - using opensource code every step - and, nowadays we’re at version 3.1 of our client applet. What about Relakks? Well, it’s kind of a funny/sad story. By 2008 Relakks was regularly reported to be having multi-day network outages. At the same time, they made a big fanfare about their “Internet Passport” feature which would allow people to “choose their country” from the VPN client - and of course lots of press coverage for this vaporware “feature” which was never launched and never spoken of again (in contrast, of course, we released our successful GeoChoice country selection feature last week - after months of REAL beta testing - and the press has been too busy non-reporting on TPB to notice this non-vaporware service rollout, apparently). Their website would also disappear sometimes until, finally, the website and the network - the whole damned thing - just vanished for several months. Oh well, I guess that’s the end of that. Eventually, we’ve been told, it sort of showed back up with a “gee we’re sorry” note and acted as if nothing happened, but by all accounts their customers seem to have wisely concluded it’s not such a reliable service (who would trust these guys with their network security, anyway?). They’ve been largely written off as of historical interest alone. Then, today, I read a follow-up to the follow-up piece at wired that says the following: Quote: The Pirate Bay’s other projects, including the upcoming streaming-video site TheVideoBay and the iPredator anonymizing service, are not part of the sale, the Bay’s current management said. So, here’s what we’ve got: we have TPB announcing a reverse merger - which is pointedly NOT called a reverse merger in any press coverage I’ve seen thus far (and there’s been plenty of coverage) - and TPB announces their “anonymizing service” isn’t part of that transaction. . . but they fail to mention that their “anonymizing service” is just a warmed-over re-branding of Relakks - which was itself left for dead by whoever owns it in 2008. By the way, who does own Relakks? For all that we like to trust those silly Swedes and assume they’re all swarthy and solid - wouldn’t it be kinda nice to know who is behind a paid security service like Relakks/iPredator? I mean, we don’t make any secret about who our founders are - warts and all. Is iPredator just Relakks under a new name? If so, who is the “man behind the curtain” who is running this thing? Why should we trust him/her? If it’s TPB running it - and TPB just rolled the dice on a spectacularly shady reverse-merger (which is not called a reverse merger, of course) and showed horrific judgment - isn’t that perhaps relevant? If it’s the Relakks crew - the same one that disappeared for months in 2008 and abandoned their customers - that might also be noteworthy. Alas, don’t hold your breath for anyone to do anything as prosaic and pedestrian as ask questions about such things when giving fawning interviews to TPB ; no, nothing but that. Instead we’ll just continue to see the same warmed-over talking points, the same lying-through-omission about what “iPredator” actually is, the same “trust is we’re cool” approach to justifying what TPB is doing (and not doing) with community-supported resources. It’s all a bit much for me - I grew up in an era when we were held to task for what we did, good or bad (and I’ve been on both sides of that). I can’t imagine, personally, showing this level of bad judgment and NOT being torn to shreds by the press as a result (and yes I HAVE shown judgment this bad - and worse - in the past and, yes, I’ve been torn to shreds by the press for it. . . and learned as a result). The whole thing has turned into a bit too much of a celebrity/paparazzi dynamic for me to understand; that’s just not my world. In my world, people are “famous” because they do good, important, useful, creative things - people like Jeff Bezos or Zennstrom or Fanning - these are the people I’ve always watched as role models and as peers. When things flip over to a fully press-driven, fame-driven, famous-for-being-famous universe I’m just out of my league. I’ve done my share of press junkets - good and bad - and I’ve had my share of front-page stories (good and bad); they were all because of something I DID (good or bad), not just because I was “famous for being famous.” TPB is now in that world, and it seems their tenuous connection to the actual world of network technology and network community has been cut entirely. Honestly, this week, I feel as if the Michael Jackson news has been more substantive than the drivel reported on what TPB’s been doing. And that, indeed, is a low threshold to meet. Fausty And here’s what Smirnov had to say of the Swedish Pirate Party’s Relakks three years ago »»» First, both the Relakks site and the announcement make it very clear that the service is supposed to provide anonymous access to the Internet. What isn’t as clear is that Relakks is just a PPTP (VPN) provider. Customers sign up, pay ?5 a month and get on their merry way. All of their traffic is encrypted to the Relakks servers, at which point it travels the Internet like regular traffic. As far as I can tell, all your traffic carries a Swedish Relakks IP, presumably mapped to your real IP somewhere on a Relakks computer. Now you can’t connect to Relakks anonymously, because then they’d have no way of verifying you are a paying customer (plus VPN authentication is based on identity verification), so Relakks knows who you really are when all your traffic goes through them. Let’s compare this to something that has been traditionally called an anonymous network — Tor, a program implementing onion routing. With Tor you connect to an onion router, which then builds a path for you through other onion routers to your destination, in such a way that it makes it very hard to determine both the sender and the receiver of an on-going communication. The entire link is encrypted, unless of course you are outproxying to the intenet (then traffic has to be decrypted either way when it leaves the outproxy). But at least with Tor, it is very hard for the outproxy to figure out where the real request came from. Today, the Swedish Pirate Party launched a new Internet service that lets anybody send and receive files and information over the Internet without fear of being monitored or logged. The problem is that since Relakks knows who I really am, and that any outgoing connections from them are unencrypted, I really do have something to fear.. Relakks. What is the difference between trusting them and trusting my own ISP not to give me away? Relakks could be logging behind the scenes, turning on a silent switch without telling anyone. Even in a case where we do trust Relakks not to keep the logs of the actual data that goes through, they will still have mappings between Relakks IPs and Real IPs at any point in time — this is just begging for an organization such as the antipiratbyran or the MPAA/RIAA to set up honeypots across various torrent sites, until finally they have enough Relakks IPs information to be able to sue them in court if they have a real IP, at which point the Swedish police could raid the Relakks location and get those real IPs. If Relakks did not have their own direct connection to the internet, their outgoing ISP could be tapped and then setting up such a honeypot would be trivial. Otherwise, multiple peers could actively participate in swarms on sites such as the Pirate Bay, logging actively all of the IPs of the seeds and the superseeds on such swarms. Secondly, the Relakks service is called a “Darknet.” After reading the paper that originally introduced the term Darknet at http://www.bearcave.com/misl/misl_tech/msdrm/darknet.htm, I am hard pressed to understand what makes a VPN tunnel a Darknet. The idea of the darknet is based upon three assumptions: 1. Any widely distributed object will be available to a fraction of users in a form that permits copying. 2. Users will copy objects if it is possible and interesting to do so. 3. Users are connected by high-bandwidth channels. This seems to me to describe a subset of P2P services, perhaps F2P. A program such as Waste, facilitating connections to your friends would fit the bill, but a general-connectivity tunnel? Would that not be akin to calling IPSec or IPv4 a darknet solution because it allows programs such as Freenet to operate under it? Would that not make any low level Internet protocol a Darknet then? The service allows people to use an untraceable address in the darknet, where they cannot be personally identified. Yet I do not recall Darknets having to be anonymous. Pseudononymous, perhaps, but only because that is a side effect of keeping the connections limited to a group of friends. Even if a Darknet had to be anonymous though, as I said earlier, Relakks hardly keeps your identity safe — they have to know who you are at all times (unlike say Tor)! Lastly, I have some less related comments I wish to share with you: * The PPS does not own Relakks, they seem to be affiliated and perhaps will get a share of each person they refer to Relakks? * I wonder what political repercussions the PPS is hoping to achieve by actively promoting a network which will incentivize users to engage in illegal activities (such as unauthorized works distribution) behind the scenes of a “trusted” outproxy. P.S. My views do not represent the official views, positions, standings or otherwise, of the Pirate Party US, unless otherwise stated by an appropriate party official. Definitely stay tuned. - . More First they ignore you, then they laugh at you, then they fight you, then you win ~ Mahatma Gandhi p2pnet -  ‘We need your support!’ The Pirate Bay, July 3, 2009 love you all - The internets needs all of us!, July 3, 2009 - - | | rss feed: http://-/p2p.rss | | Mobile - http://-/index-wml.php -? -