Using Silk Road: game theory, economics, dope and anonymity


Gwern's "Using Silk Road" is a riveting, fantastically detailed account of the theory and practice of Silk Road, a Tor-anonymized drugs-and-other-stuff marketplace where transactions are generally conducted with BitCoins. Gwern explains in clear language how the service solves many of the collective action problems inherent to running illicit marketplaces without exposing the buyers and sellers to legal repercussions and simultaneously minimizing ripoffs from either side. It's a tale of remix-servers, escrows, economics, and rational risk calculus -- and dope.

But as any kidnapper knows, you can communicate your demands easily enough, but how do you drop off the victim and grab the suitcase of cash without being nabbed? This has been a severe security problem forever. And bitcoins go a long way towards resolving it. So the additional security from use of Bitcoin is nontrivial. As it happened, I already had some bitcoins. (Typically, one buys bitcoins on an exchange like Mt.Gox; the era of easy profitable "mining" passed long ago.) Tor was a little more tricky, but on my Debian system, it required simply following the official install guide: apt-get install the Tor and Polipo programs, stick in the proper config file, and then install the Torbutton. Alternately, one could use the Tor browser bundle which packages up the Tor daemon, proxy, and a web browser all configured to work together; I’ve never used it but I have heard it is convenient. (I also usually set my Tor installation to be a Tor server as well - this gives me both more anonymity, speeds up my connections since the first hop/connection is unnecessary, and helps the Tor network & community by donating bandwidth.)

Using Silk Road (via O'Reilly Radar)

EFF Pioneer Award winners announced

Rebecca from EFF sez, "EFF is proud to announce the winners of this year's Pioneer Awards: hardware hacker Andrew (bunnie) Huang, anti-ACTA activist Jérémie Zimmermann, and the Tor Project -- the organization behind the groundbreaking anonymity tool Tor. These winners have all done truly important work to protect our digital rights. Join us at the award ceremony on September 20 in San Francisco. Cory

The Dictator's Practical Guide to Internet Power Retention, Global Edition

The Dictator's Practical Guide to Internet Power Retention, Global Edition is a wry little 45-page booklet that is, superfically, a book of practical advice for totalitarian, autocratic and theocratic dictators who are looking for advice on how to shape their countries' Internet policy to ensure that the network doesn't loosen their grip on power.

Really, though, this is Laurier Rochon's very good critique of the state of Internet liberation technologies -- a critical analysis of what works, what needs work, and what doesn't work in the world of networked technologies that hope to serve as a force for democratization and self-determination.

It's also a literal playbook for using technology, policy, economics and propaganda to diffuse political dissent, neutralize opposition movements, and distract and de-politicize national populations. Rochon's device is an admirably compact and efficient means of setting out the similarities (and dissimilarities) in the Internet control programs used by Singapore, Iran, China, Azerbaijan, and other non-democratic states -- and the programs set in place by America and other "democratic" states in the name of fighting Wikileaks and piracy. Building on the work of such fierce and smart critics as Rebecca McKinnon (see my review of her book Consent of the Networked), The Dictator's Guide is a short, sharp look at the present and future of networked liberation.

Firstly, the country you rule must be somewhat "stable" politically. Understandably "stable" can be defined differently in different contexts. It is essential that the last few years (at least) have not seen too many demonstrations, protests questioning your legitimacy, unrest, political dissidence, etc. If it is the case, trying to exploit the internet to your advantage can quickly backfire, especially if you can't fully trust your fellow party officials (this is linked to condition #3). Many examples of relatively stable single-leader states exist if in need of inspiration, Fidel Castro's Cuba for example. Castro successfully reigned over the country for decades, effectively protecting his people from counter-revolutionary individuals. He appointed his brother as the commander in chief of Cuba's army and managed his regime using elaborate surveillance and strict dissuasive mechanisms against enemies of the state.[49] As is always the case, political incidents will occur and test your regime's resilience (the Bay of Pigs invasion or the missile crisis, for example), but even massive states have managed to uphold a single-party model and have adapted beautifully to the digital age - in China's case, despite close to 87 000 protests in 2005.[2] Follow these states' example and seek stability, no matter what your regime type is. Without it, you are jeopardizing the two next prerequisites and annihilating your chances to rule with the internet at your side. If you are in the midst of an important political transformation, busy chasing counter-revolutionary dissidents or sending your military to the streets in order to educate protesters, you will need to tame these fires first and come back to this guide afterwards.

The Dictator's Practical Guide to Internet Power Retention, Global Edition

Google execs: our technology can be used to fight narcoviolence in Mexico

In a Washington Post op-ed, Google's executive chairman (and former CEO) Eric Schmidt and Google Ideas director Jared Cohen argue the case for technology as a tool to aid citizen activists in places like Juarez, Mexico. Schmidt and Cohen recently visited the drug-war-wracked border town, and describe the climate of violence there as "surreal."

In Juarez, we saw fearful human beings — sources — who need to get their information into the right hands. With our packet-switching mind-set, we realized that there may be a technological workaround to the fear: Sources don’t need to physically turn to corrupt authorities, distant journalists or diffuse nonprofits, and rely on their hope that the possible benefit is worth the risk of exposing themselves.

Technology can help intermediate this exchange, like servers passing packets on the Internet. Sources don’t need to pierce their anonymity. They don’t need to trust a single person or institution. Why can’t they simply throw encrypted packets into the network and let the tools move information to the right destinations?

In a sense, we are talking about dual crowdsourcing: Citizens crowdsource incident awareness up, and responders crowdsource justice down, nearly in real time. The trick is that anonymity is provided to everyone, although such a system would know a unique ID for every user to maintain records and provide rewards. This bare-bones model could take many forms: official and nonprofit first responders, investigative journalists, whistleblowers, neighborhood watches.

I'll be interested to hear what people in Juarez, and throughout Mexico, think of the editorial. The notion that crypto, Tor, or other anonymity-aiding online tools might help peaceful observers is not a new one, and not one that activists in Mexico need outsiders to teach them about. There are plenty of smart geeks in Mexico who are well aware of the need for, and usefulness of, such tools. But Google execs speaking directly to the conflict, and how widely-available free tools might help, is a new and notable thing. Red the rest here. (thanks, @martinxhodgson)

Tor anonymity developers tell all

Runa from the Tor anonymity project sez, "Karen and I will be answering questions on Reddit today. Feel free to ask us anything you'd like relating to Tor and the Tor Project!" Cory

A fatal lack of accountability

As long as secrecy and anonymity reign, public sector bureaucracies will be the hiding places for the incompetent, lazy and corrupt. Failures will be rewarded and successes stifled. It’s easier to lie when no one knows your name. It’s easier to do all sorts of unethical, if not criminal, things when you are promised anonymity.

Read the rest

Anodyne Anonymity

When we think of journalists’ anonymous sources, we think of the proverbial whistleblower. Company insiders, or civil servants, ready to violate their nondisclosure agreements to expose some wrongdoing, or perhaps to settle some score. On the other, sleazier, end of the scale, we might think of tipsters: a cash-strapped waiter at a restaurant who sells the story of a celebrity food-fight to a tabloid, a blabby nurse at a plastic surgery clinic who spills the beans on some captain of industry’s chin-augmentation.

But the most commonly cited anonymous sources in the news today are the official, on-the-record spokespeople for corporations. And the anonymous speech that is protected by the journalists who quote them is the most bland, anodyne stuff you can imagine.

Read the rest

Screenwipe on anonymous sourcing

In this segment from Charlie Brooker's Newswipe, Heather Brooke highlights the problems of anonymous sources in the UK media, where police spokespersons frequently mislead the public about suspects and investigations. [Video Link]

Read the rest

Fox News whistleblower begins anonymous tell-all series

Gawker has launched a new column written by an anonymous Fox News employee who posts under "The Fox Mole." S/he claims to have been with Fox for "years," and claims that s/he can't find work elsewhere because other news organizations view Fox alumni with suspicion. The Mole's first column describes a particularly nasty piece of work by Fox -- the notorious "Obama's Hip Hop BBQ Didn't Create Jobs" story -- as the breaking point that got her/him interested in exposing wrongdoing at the organization.

The post neatly summed up everything that had been troubling me about my employer: Non sequitur, ad hominem attacks on the president; gleeful race baiting; a willful disregard for facts; and so on. It came close on the heels of the Common controversy, which exhibited a lot of the same ugly traits. (See also: terrorist fist jabs; Fox & Friends madrassa accusations; etc.)

The worst thing about the Hip Hop BBQ incident is that we didn't back away from it. Bill Shine, who is a rather important guy—sort of Roger Ailes' main hatchet man, and the go-between for Ailes and most of the top talent—bafflingly doubled down and defended it. The story still exists on the Fox Nation site, headline and photo montage intact, to this very day.

That was it for me. It wasn't that the one incident was so bad, in and of itself. But it was so galvanizing, and on top of so many other little incidents, that I guess it just finally pushed me over the edge.

Announcing Our Newest Hire: A Current Fox News Channel Employee (Thanks, Fipi Lele!)

Scalable stylometry: can we de-anonymize the Internet by analyzing writing style?

One of the most interesting technical presentations I attended in 2012 was the talk on "adversarial stylometry" given by a Drexel College research team at the 28C3 conference in Berlin. "Stylometry" is the practice of trying to ascribe authorship to an anonymous text by analyzing its writing style; "adversarial stylometry" is the practice of resisting stylometric de-anonymization by using software to remove distinctive characteristics and voice from a text.

Stanford's Arvind Narayanan describes a paper he co-authored on stylometry that has been accepted for the IEEE Symposium on Security and Privacy 2012. In On the Feasibility of Internet-Scale Author Identification (PDF) Narayanan and co-authors show that they can use stylometry to improve the reliability of de-anonymizing blog posts drawn from a large and diverse data-set, using a method that scales well. However, the experimental set was not "adversarial" -- that is, the authors took no countermeasures to disguise their authorship. It would be interesting to see how the approach described in the paper performs against texts that are deliberately anonymized, with and without computer assistance. The summary cites another paper by someone who found that even unaided efforts to disguise one's style makes stylometric analysis much less effective.

We made several innovations that allowed us to achieve the accuracy levels that we did. First, contrary to some previous authors who hypothesized that only relatively straightforward “lazy” classifiers work for this type of problem, we were able to avoid various pitfalls and use more high-powered machinery. Second, we developed new techniques for confidence estimation, including a measure very similar to “eccentricity” used in the Netflix paper. Third, we developed techniques to improve the performance (speed) of our classifiers, detailed in the paper. This is a research contribution by itself, but it also enabled us to rapidly iterate the development of our algorithms and optimize them.

In an earlier article, I noted that we don’t yet have as rigorous an understanding of deanonymization algorithms as we would like. I see this paper as a significant step in that direction. In my series on fingerprinting, I pointed out that in numerous domains, researchers have considered classification/deanonymization problems with tens of classes, with implications for forensics and security-enhancing applications, but that to explore the privacy-infringing/surveillance applications the methods need to be tweaked to be able to deal with a much larger number of classes. Our work shows how to do that, and we believe that insights from our paper will be generally applicable to numerous problems in the privacy space.

Is Writing Style Sufficient to Deanonymize Material Posted Online? (via Hack the Planet)

FBI tells net cafe owners that TOR users might be terrorists

Icecube sez, "Are you concerned about your online privacy? Do you shield your laptop from view of others? Do you use various means of hiding your IP address? Do you use any encryption at all like PGP? That means you are probably a terrorist according to the FBI. These are just some of the activities that are suggested indicators of terrorism according to a flyer being distributed entitled 'Communities Against Terrorism' You can find a PDF version here entitled 'Internet Cafes'" Cory

Judge: to ask for anonymity in porno copyright troll case, you must enter your name into the public record

Hard Drive Productions is a pornographer that has switched business models, shifting its focus from making dirty movies to making sleazy lawsuits. It collected IP addresses of people who were supposedly downloading its movies over BitTorrent, then sent their ISPS legal demands to reveal their names. The next step would be demanding cash settlements from the named persons, threatening to name them in embarrassing lawsuits if they didn't pay up. Many of the victims of the sloppy data-gathering methodology have protested their innocence, but would like to remain anonymous in the court record, rather than having their names associated in a public document about pornography consumption.

Unfortunately the federal court judge in the case has ruled that in order to request anonymity, the 1495 defendants will have to have their names entered into the public record. The Electronic Frontier Foundation has asked the judge to reconsider.

The case is one of a growing number of mass copyright lawsuits that do not appear to be filed with any intention of litigating them. Instead, once identities of suspected infringers are obtained from ISPs, the plaintiffs send settlement letters offering to make the lawsuit go away for a few thousand dollars. A ruling on whether a film company may obtain identities of anonymous Internet users may be the last chance for defendants to be heard by the court.

EFF's brief explains both the speech implications of the ruling and the importance of the court rules that protect defendants, given the numerous ways these mass lawsuits violate due process.

"All that the plaintiffs need here to pursue their settlement shake-down scheme is the identity of the anonymous defendants," said EFF Intellectual Property Director Corynne McSherry. "These defendants have a First Amendment right to argue for their anonymity without the court forcing them to moot that argument from the start. We're asking for these motions to quash to go forward without requiring them to be unsealed, and we're also asking the court to throw this case out given the basic due process flaws."

EFF Asks Judge to Prevent ‘Catch-22’ in Porn-Downloading Lawsuit

State of Adversarial Stylometry: can you change your prose-style?

Today at the Chaos Computer Congress in Berlin (28C3), Sadia Afroz and Michael Brennan presented a talk called "Deceiving Authorship Detection," about research from Drexel College on "Adversarial Stylometry," the practice of identifying the authors of texts who don't want to be identified, and the process of evading detection. Stylometry has made great and well-publicized advances in recent years (and it made the news with scandals like "Gay Girl in Damascus"), but typically this has been against authors who have not taken active, computer-assisted countermeasures at disguising their distinctive "voice" in prose.

As part of the presentation, the Drexel Team released Anonymouth, a free/open tool that partially automates the process of evading authorship detection. The tool is still a rough alpha, and it requires human intervention to oversee the texts it produces, but it is still an exciting move in adversarial stylometry tools. Accompanying the release are large corpuses of test data of deceptive and non-deceptive texts.

Stylometry has been cited by knowledgeable critics as proof of the pointlessness of the Nym Wars: why argue for the right to be anonymous or pseudonymous on Google Plus or Facebook when stylometry will de-anonymize you anyway? I've been suspect of these critiques because they assume that only de-anonymizers will have access to computer-assisted tools, but as Anonymouth shows, there are many opportunities to use automation tools to improve anonymity.

Stylometry matters in many ways: its state of the art changes the balance of power between trolls and moderators, between dissidents and dictators, between employers and whistleblowers, between astroturfers and commenters, and between spammers and filters.

During the Q&A, a questioner asked whether Anonymouth's methods could be used by, say, fanfic authors to make their writing style match the author whose universe they're dabbling in; the researchers thought this would be so. I instantly wondered if avid fans might make a JK-Rowlingifier that could be used by dissidents to anonymize their speech, homogenizing it to pitch-perfect Potterian English so that stylometry fails. And of course, this makes me wonder whether stylometry could be used to falsely identify a block of prose with a third party (making a terrorist rant stylometrically match an innocent's prose-style) -- the researchers doubt this, and suggest that when deception is a possibility, prose-style shouldn't be considered as identifying evidence.

As an aside, the Anonymouth team is part of a lab at Drexel seeking grad-students and postdocs.

Privacy, Security and Automation Lab

HOWTO be more anonymous in your anonymous blog

Andy Baio explains how he tracked down a trolling "anonymous" blogger who revealed his identity by using a Google Analytics ID that was incremented one up from his public blog. He uses this as a springboard for offering practical advice to people who want to blog "anonymously" (or, at least, as anonymously as possible):

1. Don’t use Google Analytics or any other third-party embed system. If you have to, create a new account with an anonymous email. At the very least, create a separate Analytics account to track the new domain. (From the “My Analytics Accounts” dropdown, select “Create New Account.”)

2. Turn on domain privacy with your registrar. Better, use a hosted service to avoid domain payments entirely.

3. If you’re hosting your own blog, don’t share IP addresses with any of your existing websites. Ideally, use a completely different host; it’s easy to discover sites on neighboring IPs.

4. Watch your history. Sites like Whois Source track your history of domain and nameserver changes permanently, and Archive.org may archive old versions of your site. Being the first person to follow your anonymous Twitter account or promote the link could also be a giveaway.

5. Is your anonymity a life-or-death situation? Be aware that any service you use, including your own ISP, could be forced to reveal your IP address and account details under a court order. Use shared computers and an anonymous proxy or Tor when blogging to mask your IP address.

Andy Baio: Think You Can Hide, Anonymous Blogger? Two Words: Google Analytics

Google rejects JWZ's 2-step plan to end the nym wars

JWZ proposed a two-step plan to help Google realize its stated goal of allowing pseudonyms on Google+:

1. Stop deleting peoples' accounts when you suspect that the name they are using is not their legal name.
2. There is no step 2.

Googlers voted up the question "can we do this?" for a response at this week's company meeting. According to JWZ's source, "To nobody's great surprise, [Larry Page's] answer was a very long-winded 'no'."

Google Nymwars, redux