In Soviet Reddit, you ban Russia



  • https://www.reddit.com/r/rudrugs/comments/3grm4d/tfw_you_are_the_reason_to_block_reddit_in_russia/

    The story as I understand it:

    Apparently there is a law in Russia that says pages containing discussions of drug-related stuff have to be blocked.

    So 2 years ago, one guy made a post explaining how to grow Psilocybe mushrooms in Russian, posted it to reddit (where it received literally zero attention, by the way) and reported it.

    And apparently it did get blocked. At the time reddit didn't support SSL, so ISPs could block that single page by inspecting your HTTP request. But last year they finally added it.

    The Russian censorship brigade attempted to contact Reddit admins to get the content removed, but received no answer (going as far as to post a public petition on their VK account).

    So they finally just blocked reddit.com entirely. 👏 👏

    (I think the lesson to learn here is obvious: HTTPS needs to be made illegal so bad content can be blocked without affecting the rest)



  • @anonymous234 said:

    (I think the lesson to learn here is obvious: HTTPS needs to be made illegalmandatory so bad contentRussia can be blocked without affecting the rest of us)

    FTFY



  • By the way, the page banned is here: https://www.reddit.com/r/rudrugs/comments/1derq9/минимальный_и_надежный_метод_выращивания_псилоцибы/ . If you copy the text here, you probably can get this forum blocked in Russia too (you probably shouldn't do that, but I'm not going to stop you)

    (also, both Firefox and Chrome turn the URL into a mess of encoded characters if I copy-paste it directly, had to do it in two halves)

    And yes, in reddit, like in 99% of websites, you can edit part of the URL to arrive at the same content in infinitely many ways. Hope their blocking software supports regular expressions.



  • I can't wait until we have QUIC and HTTP/2+TLS/1.2 support everywhere so people stop treating middle-man editing of HTTP streams as something that makes sense for non-malicious use.



  • @ben_lubar said:

    I can't wait until we have QUIC and HTTP/2+TLS/1.2 support everywhere so people stop treating middle-man editing of HTTP streams as something that makes sense for non-malicious use.

    In order for that reality, you'd have to divorce the stream encryption from the proof-of-identity contained in the cert chain. I don't see that separation ever happening, unfortunately ....

    Edit:

    And even then, you're probably looking at DNSSEC to pin your proof of identity which only magnifies the devastation involved in DNS reflection attacks, unless there's something in DNSSEC that can help mitigate them (which I honestly don't know if there is or not).



  • On any site that I log into (read: any site that would ever use HTTPS) it makes a lot of sense to keep the encryption so people can't steal my session.

    On any other site...

    Come to think of it, I don't know of any sites that are over HTTPS and don't have user logins. At least none that I use.



  • not that you use it, but I didn't see any HTTPS sessions at http://fantasy.premiereleague.com when I signed up (see fantasy futbol thread).

    Besides that, you missed the point that proof of identity should be divorced from encrypted communication. Unfortunately, we currently use SSL/TLS for both.

    edit: oh you're talking about !sign-up && has-https :headdesk: NM my first statement.



  • @ben_lubar said:

    Come to think of it, I don't know of any sites that are over HTTPS and don't have user logins. At least none that I use.

    duckduckgo?



  • @rad131304 said:

    proof of identity should be divorced from encrypted communication

    It would be nice... but it also makes it trivial for anyone who can intercept your traffic to simply proxy your connection through them.

    The only solution I know is to go the way of Convergence, which is essentially probabilistic: you verify that the public key you get is the same one that you've gotten from the same server other times before, and the same one that other people get when they connect. For a casual attacker, very hard to defeat, but viable for a government.



  • Why are we coming up with solutions to the opposite of a problem? "We have a system that makes it hard for attackers to steal your credit card number but also makes it hard for governments to censor information." isn't a problem that I'd try to solve, anyway.



  • @anonymous234 said:

    @rad131304 said:
    proof of identity should be divorced from encrypted communication

    It would be nice... but it also makes it trivial for anyone who can intercept your traffic to simply proxy your connection through them.

    The only solution I know is to go the way of Convergence, which is essentially probabilistic: you verify that the public key you get is the same one that you've gotten from the same server other times before, and the same one that other people get when they connect. For a casual attacker, very hard to defeat, but viable for a government.

    I mean, I don't really think it's a good idea (in the sense that it would be both safer and easier to implement [it probably would be neither, honestly]). I was just saying that you need to divorce them in order to have an all HTTPS communication world.



  • If you absolutely need to have a snooping middle-man on your HTTP connections, just install a fake root CA.


  • Grade A Premium Asshole

    @anonymous234 said:

    So they finally just blocked reddit.com entirely.

    Now where will Russians get stupid cat pictures, read MRA sentiments or find the latest wacko conspiracy theories?

    This is how Russia will rise again. Their populace will be more intelligent as a result of not having Reddit.



  • @ben_lubar said:

    If you absolutely need to have a snooping middle-man on your HTTP connections, just install a fake root CA.

    Well, I mean, depending on your needs why is snooping a problem? The problem concerning altered data doesn't require an encrypted stream, it's a lack of identity on the stream that's the concern (i.e. did packet x come from location y, with tab A inserted into slot B, etc.). Conversely, confidentiality doesn't require identity, per-se, it's just required if you want to trust the data (i.e. I can receive both a lie and the truth with equal confidentiality). In TLS/HTTPS, we combine the two, which is why trusted communication can never occur in the current HTTP standards.

    Trusting the non-modification of a stream doesn't require encryption.


  • Discourse touched me in a no-no place

    @anonymous234 said:

    And yes, in reddit, like in 99% of websites, you can edit part of the URL to arrive at the same content in infinitely many ways. Hope their blocking software supports regular expressions

    It does - they've blocked ­https://.reddit.com/.. 🍹



  • How many websites are there where you need identity verification, you have no way of interacting with the site, and it isn't something like Debian's repositories where it uses GPG for verification? Because the moment I send a password to the site, I'm going to want it to be an encrypted connection. Same with any cookie I send to the site thereafter.



  • @ben_lubar said:

    Come to think of it, I don't know of any sites that are over HTTPS and don't have user logins. At least none that I use.

    Well... I don't use Google account, but Google use it for it's common search page and results.



  • But if Google didn't, you would either need to go to a different site to do the same action, or send your session cookie over an unencrypted connection.



  • I believe the primary reason that Google mandated HTTPS for search result is for evading the censorship by certain government. The primary reason is not related to session cookies.



  • So thought an update to the situation would be appropriate

    https://www.reddit.com/r/ChillingEffects/comments/3gw9g1/20150813_ip_blocks/

    Reddit has blocked viewing that post from Russia (thus getting unblocked), and also has banned Germans from accessing posts in /r/watchpeopledie (which is exactly what the name says).

    Which, by the way, made me wonder: how does government censorship handle things like CDNs or CloudFlare, that can serve hundreds of websites over a single IP?


  • Trolleybus Mechanic

    What's a reddit? Is it one of those sites that lets you test if you're red/green colorblind? Why does Russia care? Is this some sort of leftover artifact of the communist government from the 80s-- anyone who can't see red, by some loophole, isn't a true Russian, and gets "banned" (sent to Siberia)?


  • Banned

    @anonymous234 said:

    (I think the lesson to learn here is obvious: HTTPS needs to be made illegal so bad content can be blocked without affecting the rest)

    Does anyone remember the proposal for HTTPS protocol few years back to include "trusted proxy" which could decrypt all user's connections, and ISPs being mandated to mandate all connections to go through that "trusted proxy"?



  • That non-sense?

    If any bad guys compromised any of the proxies, he/she would have unlimited access to credit card numbers and passwords, and that's just direct money, let's forget the indirect ones.



  • If the government or any other group of people want to steal my credit card numbers, they'll need to get a warrant and come to my house and ask politely.



  • Well, there's a lot of people who do their payments online, especially for game players...



  • TLS is a thing that exists. I wonder if it's been discussed in this topic yet.



  • Well, if they want to make decrypting proxy mandatory, it doesn't make sense to just limit it to SSL and not TLS.

    They'll make sure all these protocols are vulnerable.

    EDIT: Btw, TLS is just another version of SSL.



  • SSL is the old version, though. The one with known vulnerabilities.



  • Actually, SSL3.0 is vulerable just because it allow NULL cipher being specified.

    On the other hand, that "trusted proxy" will require itself to generate e-cert bith built-in trusted CA-cert on-the-fly and perform man-in-the-middle type of attack to inspect traffic.(Using the web server provided cert to encrypt traffic back to web server, and use the self-generated cert with the name of web server to encrypt traffic to be web browser) Currently all kinds of SSL (including TLS1.0/1.1/1.2) would be vulerable to this kind of interception. (That's why Google quickly ban the CA-cert of a CNNIC subsidy when they known the CA-cert would be used for this kind of purpose)



  • Apart from rewriting OS or browser updates, which would require a security breach anyway, there's no way for an untrusted third party to install a CA on my machine.


  • Discourse touched me in a no-no place

    @ben_lubar said:

    there's no way for an untrusted third party to install a CA on my machine.

    Much easier to coerce an existing CA into cooperating “in the name of national security”.



  • @rad131304 said:

    Conversely, confidentiality doesn't require identity, per-se, it's just required if you want to trust the data (i.e. I can receive both a lie and the truth with equal confidentiality).

    Confidentiality does require identity, because of man-in-the-middle attacks.



  • @anonymous234 said:

    So thought an update to the situation would be appropriate

    https://www.reddit.com/r/ChillingEffects/comments/3gw9g1/20150813_ip_blocks/

    Reddit has blocked viewing that post from Russia (thus getting unblocked), and also has banned Germans from accessing posts in /r/watchpeopledie (which is exactly what the name says).

    Which, by the way, made me wonder: how does government censorship handle things like CDNs or CloudFlare, that can serve hundreds of websites over a single IP?

    I call BS on their claim that the "German Government" contacted them and demanded a block of that subsite.


  • Discourse touched me in a no-no place

    @Planar said:

    Confidentiality does require identity

    Unless you don't mind talking confidentially to some random stranger on the internet. Some people go in for that sort of thing.



  • @anonymous234 said:

    (I think the lesson to learn here is obvious: HTTPS needs to be made illegal so bad content can be blocked without affecting the rest)

    Don't even joke.

    "Cameron never wanted to ban encryption," Boiten told WIRED.co.uk. "The thing he has always wanted is to be able to access all people's communications without having to ask them."

    Ok, so I guess that's a backdoor rather than banning encryption.

    For the record: I voted Green.


  • BINNED

    @dkf said:

    talking confidentially to some random stranger on the internet

    Sounds like someone is looking for some chat-roulette time ...



  • @dkf said:

    @Planar said:
    Confidentiality does require identity

    Unless you don't mind talking confidentially to some random stranger on the internet. Some people go in for that sort of thing.

    So, every time you browse the internet? Because HTTPS/TLS has no useful proof of identity no matter what the cert providers want you to think.



  • @ben_lubar said:

    I can't wait until we have QUIC and HTTP/2+TLS/1.2 support everywhere so people stop treating middle-man editing of HTTP streams as something that makes sense for non-malicious use.

    OK, so here's my use case: I netadmin a primary school (in US terms, roughly K-6). Our students' parents would be up in arms if we were not making every reasonable effort to keep the nastier parts of the Web off the screens of school computers. The school makes fairly heavy use of YouTube for instructional purposes. YouTube contains a hell of a lot of content that's completely unsuitable for little eyeballs. So I maintain a whitelist of YouTube video URLs, and if you use student credentials with our Web proxy, the whitelisted ones are the only ones you can get to.

    But YouTube has gone to mandatory https. I don't want to run a general MITM ssl bump inside the web proxy, for reasons that everybody here should find obvious, so instead I've implemented a local http proxy for YouTube. The school DNS server fakes YouTube's IP addresses so browser YouTube requests come to me instead of going upstream; I edit the outgoing requests and substitute https: for http: everywhere, then hand the request off to the real YouTube via openssl s_client; then I edit the incoming responses and substitute http: for https: everywhere, so that the browser doesn't try to connect to linked stuff via https: by mistake.

    It works quite well. But if I couldn't do the stream editing, it wouldn't. And I claim that what I'm doing is about as non-malicious as it's possible to be.



  • I don't see any reason the "fake root CA" plan wouldn't work for you, especially because the students are young and probably don't have their own computers.



  • @ben_lubar said:

    the students are young and probably don't have their own computers

    I wouldn't count on that.



  • @flabdablet said:

    I don't want to run a general MITM ssl bump inside the web proxy

    Why the hell not?

    If you want to filter traffic between two encrypted clients, making one trust your public key and then doing a MITM is literally the only universal way.

    And if they want to use their own devices, tell them to install your CA or get out. In a few years they'll all be connecting through 4G and bypassing everything, and you'll be forced to tell them to install some "nanny" software on their phones anyway.



  • @dkf said:

    Unless you don't mind talking confidentially to some random stranger on the internet. Some people go in for that sort of thing.

    How is it confidential when an unknown number of other strangers are eavesdropping on your conversation ?



  • HSTS has useful proof of identity.



  • @ben_lubar said:

    HSTS has useful proof of identity.

    In what way? All HSTS does is prevent SSL stripping attacks against websites you've already visited. Your browser will still happily accept a malicious cert if it's signed by a valid root authority.



  • How does a malicious valid cert differ from a normal valid cert?



  • @ben_lubar said:

    How does a malicious valid cert differ from a normal valid cert?

    A malicious cert is not controlled by the domain operator. I.e. I create a cert for my firewall. I strip all external SSL connections at the firewall and re-create them on the inside using my malicious cert. If my cert is signed by a valid root CA on your machine, you'll get your green lock in the corner like you should, but I can read all of your data at the firewall.



  • Yeah, like Russians, who are expert mushroom hunters, shouldn't be allowed to know anything about the psychoactive kind. Hell, they probably discovered or bred some.

    (Translation of the end of the URL: "A simple and reliable method of cultivating psylocibin".)



  • But how does the cert differ? Can you come up with a way of verifying the identity of a site you've never been to before?

    HSTS can verify the identity of a site you have been to before, or that is considered "important" by your browser.



  • @ben_lubar said:

    But how does the cert differ? Can you come up with a way of verifying the identity of a site you've never been to before?

    HSTS can verify the identity of a site you have been to before, or that is considered "important" by your browser.

    Something like DNSSEC - you get the identity cert with your DNS lookup for the domain. That request is signed by the root DNS authority's cert (since you're already trusting them about where to go, you should trust them to prove identity as well). You pin the root DNS signing certs to the clients so that all DNS requests can be verified independently of the request (prevents DNS spoofing and redirects). Now you have an independent way to verify who you are talking to. From here, you sign the encryption cert coming from the server with the private key associated with the identity cert from DNS. Use this to set up the communication. If somebody intercepts, they can't replace your encryption cert(s) unless they get your identity cert.

    All HSTS tells you is to connect via HTTPS if you've visited the site before. There's no check on which cert is used, just that a cert must be used.



  • static_sts_domain: google.com
    static_upgrade_mode: OPPORTUNISTIC
    static_sts_include_subdomains: true
    static_sts_observed: 1438982234
    static_pkp_domain: google.com
    static_pkp_include_subdomains: true
    static_pkp_observed: 1438982234
    static_spki_hashes: sha1/vq7OyjSnqOco9nyMCDGdy77eijM=,sha1/Q9rWMO5T+KmAym79hfRqo3mQ4Oo=,sha1/wHqYaI2J+6sFZAwRfap9ZbjKzE4=

    Why would it have hashes in there if it wasn't going to check them?


Log in to reply