You and Your Phone are Huge Threats to the Net #security #privacy #tor #dns – HT @rdggeek @techhub @doctorow

This is the talk I presented at Reading Geek Night 27 on Jan 10th; the theme was the power of mobile computing and of real networking, and of how NAT, IPv4, DNS, and the typical provision of network access (eg: browsing over NAT) to the user – rather than network connectivity ie: full bidirectional internet access – is a strategic risk to individual communication, an increased opportunity for censorship, and a threat to the health of the Net at large.

Video

Notes

  1. I referenced Cory Doctorow’s The coming war on general computation in the Q&A session
  2. I referenced the tremendously fast networking at TechHub in London, an environment where I am a enthusiastic visitor – plus the beer’s great! More #OpenSourceAle please! 🙂
  3. I alluded during discussion (no video) to Firefox plugins which bypass DNS takedowns; by coincidence they got some coverage on Boing Boing the day after the talk, but the one I was thinking of was MAFIAA-Fire
  4. I alluded to how measures to improve DNS Security are being undermined by US legislation to enable domain seizure (amongst other badness) – see also.
  5. One thing I’d like to clarify but which I don’t cover well in the video: the 20Mbit bidirectional bandwidth is when I’m connected to Wifi at somewhere with a fast network, but I am still NAT’ed behind a firewall. All the other ping probes and traceroutes shown are when I am connected over GSM, but yet again NAT’ed behind a firewall.
  6. What I want to highlight is the full server capability of the modern “smartphone” device – and that it is permanently hobbled by being stuck behind NAT for both GSM and domestic Wifi. Worse, people have come to expect this when in fact your personal server phone is more than capable of being fully attached to the Internet, 24×7, working for you.

Slides

8 Replies to “You and Your Phone are Huge Threats to the Net #security #privacy #tor #dns – HT @rdggeek @techhub @doctorow”

  1. Great Talk Alec!

    I was just going to glance at the post and listen tomorrow but I got caught up in it and then had to look go look at a few things, Tor, my phone, The coming war on general computation … and now its almost 2am!

    Thanks for posting the video!

  2. Some hope from an audience member at Reading Skeptics tonight; his take was that 4g (aka: LTE) networking is going to be so fast, and provide such bandwidth to the handsets, that websites will start to replace apps and that phone-to-website latency will be in the order of 10ms – which is below the threshold of human perception.

    For this to work – says he, persuasively – the phone companies will have to rip out much of the latency-inducing intermediate NAT and other session-based crap, moving instead to pure IPv6 solutions.

    Whether this will fully presage running webservers on your phones is unclear – still it would be good to have demand so that technology is nudged that way – but it’s a step in the right direction.

  3. A quick collation of some thoughts sparked off by this and other events:

    * you’re spot on, with your statement that your typical smartphone is potentially a little Linux- or BSD-based server.
    * part of the reason that smartphone connectivity is unidirectional-initiate (you can connect from your ‘phone to the Internet, but not vice versa) is down to cacheing proxies and the need for many-to-1 NAT; the latter is mostly imposed by IPv4.
    * iOS 6 will have IPv6 over wi-fi and LTE (the presenters don’t mention it, but freeze-frame the Apple WWDC keynote video at 107.13); Android ICS has it too (from results of a straight Google search). When the telcos themselves go IPv6, they can keep the cacheing proxies on one side for bandwidth conservation, but it’s “bye-bye NAT, hello bidirectionally-initiated IPv6”.
    * I’m hoping the sudden ability for very many people to go self-hosting will see more notice taken of the Mine! project – especially as security-conscious Brits will want to host their own medical records rather than let the NHS keep them (unless Dame Fiona Caldicott injects some sense into current NHS proposals)
    * there will naturally be security concerns from smartphone vendors, about setting them up as servers and thus making them more readily attackable. ARM TrustZone is going to help, rather a lot. Power consumption issues could be interesting.

  4. Oh, and DNS has been A Bad Thing, for a long time (although maybe not its entire life). DNSSEC isn’t much better. If IPv6 address space was a bit bigger, you could go all Hofstadter in it and turn the numbers into a vocabulary; as it is, people in Internet-disconnected environments will, anyway. IPv6 as a conduit of more-than-addressing info, while being an abuse of the standard, has considerable virtue in disconnected systems.

Leave a Reply

Your email address will not be published. Required fields are marked *