and even in the event they [cloud providers] found out
it would be impossible for them to gather data on the users.
The encryption key that is providing disk encryption on the VM instances would be accessible to the VM host. The VM host could also directly access the memory of the VM instances to read the disk cache, etc.
I think that quote was made because the writer was confused about what happens during live operation, and what happens during the time when communication was cut.
The host could potentially sniff the traffic during live operation by sniffing the memory of the vm.
But when the vm's communication is cut, the whole disk is encrypted. I expect this encryption to be done using some sort of public/private key encryption scheme, such that without the private key, you can't actually unencrypt the disk. THis is what is meant by gathering data on the user i suspect.
With whole disk encryption, the disk is always encrypted. While running, the decryption key is stored in memory and used to decrypt/encrypt blocks. When communication is cut, they are presumably purging the key from memory. The password would need to be entered to produce the key.
This means that while the system is running, the key can be read by the host. It doesn't matter is the key is later purged. Changing the key requires re-encrypting the entire disk which is a slow operation.
I guess there isn't enough detail to raelly work out what would happen - its not clear that they meant whole disk encryption in the way you described. I thought they encrypt the disk _only_ after loss of communications. The private key is not on the VM anywhere. Thus, the vm once encrypted, is useless (without the passphrase, which presumably only exist in the head of the operator of tpb).
Isn't it enough to take down the DNS servers to make TPB unusable for sharing (at least to add new torrents) ?
Achieving fault tolerance using a few cloud providers is nice (and expensive) but they're still far from raid proof (all it takes is some coordination from police in multiple countries).
It's an increasingly technical digital game of whack-a-mole, and the mole has completed another burrow.
There are still technical measures that could be taken with-in one country. Eg. automated null-routing of A records for thepiratebase.se (and then do it N-times a second).
I think somehow the MAAFIA is going to manage to get laws passed which will null out any set of words they like in the registry without prior notice. This would mean the end of DNS as we know it i guess. Or stipulate that DNS services reveal those who registered and then can prosecute along those lines.
According to the article the main vulnerability would be the load-balancer, which is hosted separately. Traffic between it and the cloud instances is encrypted, so that the cloud providers don't actually know they're hosting The Pirate Bay.
so that the cloud providers don't actually know they're hosting The Pirate Bay.
When the IP addresses of the 'loadbalancers' are known then it takes any cloud-provider the better part of 5 minutes to determine which of their instances are exchanging how much traffic with those IP addresses.
However, if a country really wants to go ballistic on TPB then it'd be much easier to just knock their public-facing IPs out at the IX-level[1]. A fairly low-cost operation (if your legislation enables it) and the only circumvention is then to proxy through a different country - a significant barrier for most users.
In the case of a DNS takedown, all it would take would be for The Pirate Bay to publish a browser extension that stores a few IP addresses and "drops in" whenever the user attempts to acces thepiratebay.se.
Savvy users in parts of Europe (Denmark, I believe) are already just adding an /etc/hosts entry to do exactly this.
That doesn't solve the problem of the IP address itself changing, but then you need some system of distributing the updated IP addresses whenever they change. Which would require inventing a distributed lookup system....hmm... this is starting to sound familiar....!
basically, truly distributed DNS servers, where your domain name->ip maps are shared and voted on iteratively and continuously. Its synonymous with bitcoin in that sense, where the only way to break it is to have control of X% of the computers involved in the entire cluster (and then make X a really high percentage so that it costs prohibitively high to undermine the system).
Something that could be "funny", if that governments, when they don't understand something, they just call it outlaw/illegal, as they almost did for P2P. That's not because someone make a bad use of something that the whole thing must be considered as dangerous. How long before the "cloud" is declared illegal by governments ? :)
(c) what if they have 4 backup cloud installs ready to go live? You take out the 2 there, and then 2 more in a different, unknown hosting company go live.
Who told you that? Any cloud provider can at any time inspect what's running inside a guest, so they'll definitely know it's piratebay (not to mention the metric fuckton of obscure network traffic that make torrents easy to spot).
As far as data, cloud providers usually have functions to administrate guest VMs, which would allow a law enforcement agency to peer into the box as well, nullifying any benefit of data encryption while the box was online.
I may be misinterpreting your comment, but the massive amounts of data associated with torrents don't actually go through the trackers. The trackers just manage peers while the data goes directly from one user to another.
TPB doesn't even run trackers anymore. My impression is that these servers only serve up magnet links (not even torrent files) and textual descriptions of them.
Provided they spread it out even a little, nothing about that traffic should appear out of the ordinary.
TPB only serves torrent text info and magnet links, encrypted, so to cloud providers, it will look like any other site but whose data it cannot read. It is not impossible however, for example, they can use a few workarounds, like making a lot of requests for a specific page of TPB and then monitor the call spikes in their system but that requires for the providers to be aware that at least one of their VMs are hosting TPB. TPB does not even have a tracker now, so no obscure network traffic that makes torrents easy to spot because there are no torrents involved at all.
As for the second point, yes, much like youtube's approach, they can give law enforcement agency access to all VMs but again, they must know what cloud provider is hosting the site at any given moment.
It's like robin hood taking from the rich and giving to the poor, his motives are pure, depending on how you look at it, and robin hood can continue this as long as the governing body who wants him dead is inept at catching him. The pirate bay, like robin hood, cannot live forever. SOME of us will only be stronger than ALL of us for brief moments in history. The only way TPB is to survive is for it to make good on its invisibility promise and make both the users and and distributors invisible to those who want it dead. There needs to be a creative mechanism to render the service invisible to those who disagree with its existence, and to render it visible to those who crave data.
It won't matter that TPB is distributed, clouded, encrypted, PTP, or whatever. When the governments are successful in getting SOPA, ACTA or whatever through congress, the ISP's and companies like Google and Apple are going to be made responsible for cooking into their devices preventions for unauthorized copying and unauthorized distribution of 3d schematics for weapons that pass through their ISP's or their hardware. As elite as TPB thinks they are, a few elite hackers can't fight an army of mediocre hackers.
An important factor in TPB living forever is preserving its image in the hearts and minds of ALL hackers everywhere, worldwide, collectively we can outsmart those who wish to catch us, a small group of us will eventually be defeated, as all robin hoods must be. We have to have the hackers on the ground floor who wish TPB to live forever inside Google, Comcast, Apple, HP, MPAA, RIAA, and everywhere else. The battle for control what you can think, what you can do inside the comfort of your own mind is under attack. The battle begins here, with the ownership of what can take place in your computer. Soon these computers will be our minds, and the governments will rule over the thoughts that take place inside them. We will wake up as directive following slaves on the land our fathers conquered. We have to have a 10 and a 50 year plan.
"It's like robin hood taking from the rich and giving to the poor"
No, really, it's not. For the most part it is encouraging people to consume something for free they should have paid for.
I really don't get the love for TPB and copyright infringement in general on HN when most are dreaming of starting businesses where you need people to hand over money.
>For the most part it is encouraging people to consume something for free they should have paid for.
So, the Robin Hood analogy works perfectly then.
The movie and music companies aren't suffering, artists aren't suffering (in fact, in can be argued that artists embracing the new media world are flourishing), software companies and developers aren't suffering. There is more music, movies and software than ever before.
I see you are in Britain, where copyright originally developed. As I recall, the history was a couple of publishers trying to bloody each other (1). It had nothing to do with whether a merchant wanted to transcribe copies of Hamlet to share with friends practising for the local theatre production 50 years after Shakespeare's death. The principle profits had already been wrung out.
In the US, the copyright exists To promote the Progress of Science and useful Arts (2). It essentially is allowed to exist with the hopes that on average it will further the common good, but it is limited because even at the time, there was a good deal of skepticism about that monopoly power. With regards to music and the visual and performing artists, I think many might actually argue that they are expressly uninterested in meeting the definition of "useful": "Art is art and everything is everything else." (3). But even if we offend them, it must surely be useful to lower the cost music in the air. It must surely be in the public good to reduce the cost of happiness.
I would be interested in hearing why you think right is what you think it is, your understanding of the history of where copyright came from.
Okay what if the story is that the current prices of their items includes some of the cost of piracy. And that it is very unfair to ask those who are being honest to pay for those who aren't.
"The movie and music companies aren't suffering, artists aren't suffering (in fact, in can be argued that artists embracing the new media world are flourishing), software companies and developers aren't suffering. There is more music, movies and software than ever before.
The whole piracy issue is overblown."
In real world economics, you argument actually supports the exact opposite. When supply increases and demand decreases, the ability for an artist to sell enough music to live on gets exponentially harder.
When a few people buy the music, then spread it by piracy means its not just the artist and music companies who are losing money. It's the producers, the mixers and dozens of other technical people not making a million dollars when Jay-Z's new album sells 10K copies in the first week.
The piracy issue is overblown only to those who have never experienced it first hand. It's not just the artist and the big music companies you're hurting, there's a ton of lower level people who work in the industry who are suffering because of piracy.
> The piracy issue is overblown only to those who have never experienced it first hand. It's not just the artist and the big music companies you're hurting, there's a ton of lower level people who work in the industry who are suffering because of piracy.
The argument seems to be that file-sharing is bad because "potential" jobs are destroyed. This doesn't seem like an argument formed in principle because the internet has destroyed many "potential" jobs (see blockbuster, b&n). Innovation kills jobs (and creates them) and I'm okay with this. But I'm not okay with killing innovation by means of legislation.
> the ability for an artist to sell enough music to live on gets exponentially harder.
For that argument to make sense, you have to assume that an artist has a right to make a living selling music. If you believe that then the status quo ante was failing miserably (because almost all artists were never signed by a label with the marketing power to make them economically viable).
>For the most part it is encouraging people to consume something for free they should have paid for.
You act as though people's consumption of media is this black hole, this void that feeds but produces nothing of value. It can't be further from the truth. People actively market the things they listen to and enjoy. They remix and create new content. They integrate it into their culture and social networks (both the virtual and meatspace ones).
This is value creation at its finest, and yet no dollar amount is placed on it (yet).
What I see here are two larger issues at work of which "Piracy" and TPB happens to be the battleground. The first is the level of control large media conglomerates have over both culture and government. This concept is a dead horse, so I won't beat it here. The other, in more generic terms, is the interesting fight between a service that wants to exist (and the people who want it to exist) and those entities that want that service destroyed.
On a more generic level, the fight between governments and media corporations and the Pirate Bay are interesting from a technological and ideological standpoint; How does a service stay operational against a large and well financed fight that wants to shut it down?
While "Piracy" is the very visible fight, this question is likewise relevant to activists and protesters as well as free speech in repressive governments. It is also relevant to providers that are attacked by malcontents, black hat organizations, and less-than-egalitarian governments that are attempting to disrupt their services.
Whatever you think of TPB, you have to give them credit for being both nimble and technologically savvy in solving a problem of service disruption against what many would see as long odds. They give us an interesting case study of how to deal with service disruption and how it can be dealt with. All the companies that pass through HN have to deal with the problems of Uptime, especially in the case of adversarial situations that are beyond our control.
This particular case is interesting because the service is dealing with a well organized and deliberate attack against it as well as it's users. Downtime due to malicious hackers and automated attacks is a thorny problem. It becomes trickier when we want to protect sensitive customer data.
While I don't expect a detailed technical breakdown of their systems, I would love to read their whitepaper.
No it's not. Take for example India where copyright enforcement is just not existent. People do not buy any software, unless it is Windows when you are buying the branded laptop and it is bundled.
Games, movies, TV Shows, Desktop Software and Market apps; everything that is available for pirating, will be pirated. Sure, some part of it is due to the fact that they cannot buy-watch-use this material either due to them being delay for years or because they require Credit Cards while most Indians have a Debit Card but that is a very small percentage of the entire sales loss.
>Sure, some part of it is due to the fact that they cannot buy-watch-use this material either due to them being delay for years or because they require Credit Cards while most Indians have a Debit Card but that is a very small percentage of the entire sales loss.
You believe that this is some part of it. I believe that this is ALL of it. If media companies made it easier for people to get access to media easily and for a reasonable price, piracy will all but disappear.
India also has issues with government corruption, and needing to pay bribes to officials to get anything done. I think that software piracy is the least of the issues there.
The solution is NOT to make the mothership government and computer under your desk the sovreign ruler over what you can and cannot do on your computer, your mind. We are thinking on a decade and century level timescale here.
I don't care if some artist or some coder somewhere doesn't get paid for some work well done. The future of our species is at stake here and we are trying to paint a bright future for your great grandchildren.
A future where your children rule over the machine, not where the machine rules over you. In my machine, I may break the law if I choose to do so. the machine under my desk shall not be made into an iron fist of the government. I will fight this to the death. we have your best interests in mind. the internet is going to become a mind, and we need to protect this baby. It is still an infant.
the government has no idea how to raise it, it only knows how to bleed it and tax it. I give this baby a voice.
The threat isn't not watching Game of Thrones. The threat is not being permitted to own and modify open general-purpose tools at all, because they happen to be able to play Game of Thrones.
Correct. And even if copyright disappeared completely, GoT would continue to be made: it costs $50M/series and I'm sure they could crowdfund it with 5 million people handing over $10 (or some other multiple).
While I agree with your ideals in general, I don't think TPB is a paragon we should uphold. TPB is not like "Robin Hood" at all. Have you seen the extremely deceptive ads on each torrent page that looks like the actual download button? The real download button is a small hyperlink, but they are clearly trying to deceive people into downloading whatever malware is linked. It's more like the rich stealing from the rich and poor in this case.
>An important factor in TPB living forever is preserving its image in the hearts and minds of ALL hackers everywhere, worldwide, collectively we can outsmart those who wish to catch us, a small group of us will eventually be defeated, as all robin hoods must be.
Heh, reminds me of the Hacker's Manifesto..
Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike.
Well perhaps they are arguably robbing the rich, but they're certainly not paying the poor.
The reason I don't like TPB is not because of pirating, but rather they are making money from others' work while pretending its about freedom.
It especially annoys me to see fellow programmers getting extremely upset when a software authors work is copied or used in violation with their chosen license. Yet musicians are not allowed to speak up when their work is copied or else they're labeled as greedy and out of touch.
How so? A lot of the stuff on TPB would be too expensive for the lowest class of working Americans and much more so for most of the rest of the world. It's true that the TPB are profiting out of it (though they are offering a service and covering a market in their own right) but you make it seem like the users are getting nothing out of it. That's blatantly false. A significant part of the 3rd world's technological infrastructure is built on pirated software.
It's gonna be hard to identify who is usung TOR, and doing so will require to take measures that will be against freedom, like controlling what people are installing on their computers.
It's very easy to identify most people who use Tor (almost all nodes are publicly available). You can't know what they use it for, but if merely using it becomes illegal, the secret police will have a very neat list of houses to visit.
What free world? Soviet Union was on the winning side of WWII, and the result for many European countries (including mine) was decades of communist repressions. History is more complex than a Hollywood movie, with good guys vs bad guys.
A handful of countries attempt to block Tor and only two (China and Iran) do it seriously, using deep packet inspection (still doesn't work because of obfsproxy, duh). Even though, not even China and Iran outlawed it.
