The seedy underbelly of the internet.
February 13, 2012 11:07 AM   Subscribe

The "visible web" is what you can find using general web search engines. It's also what you see in almost all subject directories. The "invisible web" is what you cannot find using these types of tools. It's the internet that Google doesn't show us; some of it dull, some of it private, some of it deliberately hidden.

More beneath the surface.

"The darkweb"; "the deep web"; beneath "the surface web" – the metaphors alone make the internet feel suddenly more unfathomable and mysterious. Other terms circulate among those in the know: "darknet", "invisible web", "dark address space", "murky address space", "dirty address space".

It's not all sunshines and lolcats down there. In the 'deep web', Freenet software allows users complete anonymity as they share viruses, criminal contacts and child pornography

Then there's Tor, the proxy network meant to protect the privacy of its users. But Tor can also provide anonymity to servers in the form of location-hidden services, which are Tor clients or relays running specially configured server software. Rather than revealing the server's IP address (and therefore its network location), hidden services are accessed through Tor-specific .onion pseudo top-level domain (TLD), or pseudomain. The Tor network understands this TLD and routes data anonymously both to and from the hidden service. Due to this lack of reliance on a public address, hidden services may be hosted behind firewalls or network address translators (NAT). A Tor client is necessary in order to access a hidden service.

Put simply, through a Tor proxy users can access a growing network of hidden web space and services. The Deep Web, or at least a small part of it.
posted by Stagger Lee (71 comments total) 135 users marked this as a favorite
 
Yes. The only use I have for complete anonymity is sharing viruses, criminal contacts, and child pornography.
posted by Nomyte at 11:13 AM on February 13, 2012 [43 favorites]


In many cases, one can also access many "invisible web" resources through access to a public library website.
posted by Rykey at 11:14 AM on February 13, 2012 [4 favorites]



Yes. The only use I have for complete anonymity is sharing viruses, criminal contacts, and child pornography.
posted by Nomyte at 11:13 AM on February 13 [+] [!]


Full disclosure, that's a quote from one of the articles. It's a bit alarmist, but then again, when I dd log onto the Onion network, I didn't see much else there. Maybe you have to dig deeper for the interesting stuff.
posted by Stagger Lee at 11:15 AM on February 13, 2012


Amazing! I was just demonstrating the Silk Road to a mate today. It's incredible -- the deep web -- and what it means. Combined with BitCoin, this is the capacity of the internet to be disruptive in whole new ways.

Couple of points:
Be very careful of what you click on. There are (purported) hit-man services, apparently loads of child pornography, and the ilk. If you accidentally click on a child pornography link and someday, somehow that log file were to become available... say it with me... world of pain

So treat it like a bazaar in Morocco or India. There are amazing things to see, however there's also some very dangerous parts to it.

That being said, I think everyone should look at the Deep Web and what's going on there. It offers a combination of accessibility and anonymity that has never been seen before in internet history.
posted by nickrussell at 11:15 AM on February 13, 2012 [6 favorites]


Just a reminder, friends, Tor and Torrent are two great tastes that do not taste great together.
posted by seanmpuckett at 11:20 AM on February 13, 2012 [10 favorites]


I visited Silk Road once just to see what it was about, but I was less than impressed. If you have to order your illegal drugs off the internet you really need to get out more.
posted by dortmunder at 11:21 AM on February 13, 2012 [3 favorites]


It's a bit alarmist

no really?
If you have to order your illegal drugs off the internet you really need to get out more.

is this a form of privilege and if so under what may it be filed
posted by This, of course, alludes to you at 11:22 AM on February 13, 2012 [6 favorites]


I visited Silk Road once just to see what it was about, but I was less than impressed.

Agreed. The point is not what it is today, it's what it means. Remember, we started here and now we're here.
posted by nickrussell at 11:25 AM on February 13, 2012 [8 favorites]


Tor is also being used to combat firewalls in Iran, where privacy is apparently illegal.
posted by RobotVoodooPower at 11:29 AM on February 13, 2012 [5 favorites]


Those would be some of the criminal contacts.
posted by Bovine Love at 11:30 AM on February 13, 2012 [1 favorite]


I'd be interested in hearing about the process of procuring drugs from The Silk Road. I know that Tor and the deepnet in general don't mean you're untraceable-- just that it's less cost-effective and therefore much less likely to happen. BitCoin is also far from perfectly anonymous, as far as I understand it-- and even if it were, isn't each BitCoin by nature unique, and don't you have to pay for them with "real money" that is hooked to your legal name? It seems like this would be imminently traceable. Is the general idea just to make so many layers of inconvenience and legal trouble that no one bothers?
posted by WidgetAlley at 11:30 AM on February 13, 2012


The Deep Web (also called Deepnet, the invisible Web, DarkNet, Undernet or the hidden Web) refers to World Wide Web content that is not part of the Surface Web, which is indexed by standard search engines.

This is true.

First, you’ll need to download Tor, the software that allows you to access the Deep Web.

This is false.

TOR is primarily an IP anonymizer, and there are many other tools (e.g. Shodan, a search engine for finding web-facing security cameras, industrial control systems, etc.) and search techniques that you can use to find content, devices, etc. not indexed by Google.

As Rykey points out, the subscription databases that are probably available via your public library are a way in, too.
posted by ryanshepard at 11:31 AM on February 13, 2012 [17 favorites]


Rather than "false", I should have said "that's an overstatement" - TOR does appear to give you unique access to some parts of the Deep Web, but you can start exploring without it.
posted by ryanshepard at 11:35 AM on February 13, 2012 [1 favorite]


"Freenet software allows users complete anonymity as they share viruses, criminal contacts and child pornography."

Freenet is designed not to be searchable as a whole. One of the features about it is that the people using it for political activism stuff (and there are some, there's a LiveCD that boots into a ramdisk and ejects the CD so that one can take it back into a hiding place and continue to swap messages whilst being a reset switch away from deniability) are never even known about.
posted by jaduncan at 11:36 AM on February 13, 2012 [3 favorites]


I believe humanity needs "private space" online because humans are simply too accustomed to basic privacy. We could maybe adapt to "zero privacy" given a century of cultural evolution, but the short term costs of losing all privacy are staggering.1

We desperately need more, better, and more widely used tools like Tor, Freenet, off-the-record IM, and ZRTP for SIP, at least we'll need them for the next 50 years or so. I've been planning on writing a post about Tahoe-LAFS and Nilestore, which I believe might provide the gateway to a "private space" that people actually use.2

At the present, I'd encourage people to become familiar with encrypting their IMs using off-the-record messaging, encrypting their files locally, transferring files in encrypted state, like via drop box, and using Tor to evade censorship.

1 I've zero faith in Europe's "right to be forgotten" legislation because that's simply not how computers work, although facebook, apple, etc suffering through it make me laugh.

2 Ironically, these storage backends are actually capable of aiding law enforcement that pursues really universally derided activities, like child porn, which makes them very much like our ordinary every day expectation of privacy.

posted by jeffburdges at 11:37 AM on February 13, 2012 [3 favorites]


I should make one clarification : DropBox, Apple's MobileMe, Microsoft's SkyDrive, etc. do NOT encrypt your files. You shouldn't use them without first encrypting your files separately.
posted by jeffburdges at 11:40 AM on February 13, 2012


Just a reminder, friends, Tor and Torrent are two great tastes that do not taste great together.

I am woefully ignorant of the Deep Net, ways to access it, what goes on, security protocols, etc. Can someone explain this comment for me?
posted by Saxon Kane at 11:42 AM on February 13, 2012


This post is mostly about the stuff that's deliberately hidden on Tor and Freenet, but I'm much more worried about the stuff that's entirely visible to ordinary people with ordinary browsers but invisible to spiders like Googlebot. Because of Javascript and Ajax; a "web page" is no longer some simple static thing.

A site like Twitter or Gawker now has to build two versions of their site. The interactive one that humans use with all sorts of fancy Javascript presentation and content loading and a second, static site for spiders to understand without Javascript. The only thing tying the two sites together is the _escaped_fragment_ / #! hack that Google documents. (I have more links about this topic on my blog).

I know some MeFi readers will harrumph at this and say web pages shouldn't require Javascript and everyone should install NoScript. And while I agree that graceful degradation is a good idea, it seems like a real weakness that for a growing number of new sites, Google, Bing, etc can't index the site the way way people see it. It's a solvable problem, but it's not easy.
posted by Nelson at 11:46 AM on February 13, 2012 [10 favorites]


As a rule, your bittorrent client shares your IP address with the tracker, meaning the tracker identifies you to everyone, even if you reject connections from suspiciously MafiAAish IPs using a blocklist.

There is a project called OneSwarm that offers Tor-ish functionality for bittorrent users. See my previous post on OneSwarm.
posted by jeffburdges at 11:47 AM on February 13, 2012 [2 favorites]


Okay, so now we know what SA's next target it: the darknet.
posted by Old'n'Busted at 11:52 AM on February 13, 2012


I am woefully ignorant of the Deep Net, ways to access it, what goes on, security protocols, etc. Can someone explain this comment for me?

my brief experience: this tor/freenet stuff is slow. slow as hell. slower than dialup molasses in the alaskan winter. torrenting generates a lot of traffic. trying to stuff a lot of traffic down a slow pipe is considered bad form.
posted by quonsar II: smock fishpants and the temple of foon at 11:52 AM on February 13, 2012


Just a reminder, friends, Tor and Torrent are two great tastes that do not taste great together.

I am woefully ignorant of the Deep Net, ways to access it, what goes on, security protocols, etc. Can someone explain this comment for me?

The l337 among us can correct me but I think it relates the fact that while running torrents over a tor network is possible it is extremely bad form due to the fact that tor is unsuited to handling large-to-massive file transfers (which is kinda the bread and butter for torrents).
posted by RolandOfEld at 11:53 AM on February 13, 2012 [2 favorites]


This is the "scary" arm of the "invisible web." (I really hate that term.) Certainly, icky stuff is out there on Freenet and Tor, but the classic use of the term has nothing to do with kiddy porn and viruses. Rather, the term "invisible web" has always been about the deep databases available online but not directly indexed through simple Google/Bing/Whatever searches.

Google has gotten a lot better (and webmasters have increasingly realized that they probably want their content to show up in search results), but plenty of useful material is inaccessible through basic web searches. Want a map of fatal automobile crashes that occurred between midnight and 2:59am on Sunday in California? You're not going to get that directly by searching (though you can come impressively close), but you can slice and dice the data any way you want it by searching the NHTSA database. An enormous quantity of newspaper and periodical archives have been digitized, but are only accessible through subscription databases, generally offered by libraries. High-res images of many works of art aren't searchable, but are available through special databases. Want to know how many poisoning deaths of those under 18 there were in the last decade, broken down by year, age, and race? Easy enough to find out, but you're going to have to construct your own query in WISQARS.
posted by zachlipton at 11:54 AM on February 13, 2012 [38 favorites]


@Old'n'busted

is that the place where all the militant feminists were or am i thinking of a different raid
posted by This, of course, alludes to you at 11:56 AM on February 13, 2012


shodan is crazy.

Logging in to routers with defaults still set is a good way to go to jail.
posted by Ad hominem at 11:58 AM on February 13, 2012


Can someone explain this comment for me?

As mentioned above, Tor is first and foremost a network anonymizing system. The idea is that information sent through Tor is not traceable by third parties, so that you can say visit MetaFilter and post comments without the people running MetaFilter or anyone else being able to connect the traffic back to you personally through your IP address or other means. The method to provide this anonymity mainly involves a convoluted routing system that is significantly slower than standard broadband Internet speeds.

BitTorrent is a peer-to-peer data transfer protocol. Since the data traffic is handled by the users themselves in a decentralized manner (unlike say YouTube or the defunct MegaUpload where all of the data gets hosted by a central repository) it tends to work well for things like illegal file sharing. However, it is not anonymous at all, anyone connecting to download the files can immediately see the IP addresses of all of the other peers who are hosting or downloading the files. Since collecting of IP addresses from BitTorrent peers can lead to lawsuits or ISPs banning users, using something like Tor to anonymize the traffic would seem like a good idea for a BitTorrent file sharer, but in practice the large amount of data traffic of the BitTorrent protocol is both slow for the BitTorrent user and taxing on the Tor network.
posted by burnmp3s at 11:58 AM on February 13, 2012 [3 favorites]


Full disclosure, that's a quote from one of the articles. It's a bit alarmist, but then again, when I dd log onto the Onion network, I didn't see much else there. Maybe you have to dig deeper for the interesting stuff.

Or live under a repressive government that actively punishes those who discuss critical viewpoints, Stagger Lee.
posted by IAmBroom at 12:02 PM on February 13, 2012 [1 favorite]


Just a reminder, friends, Tor and Torrent are two great tastes that do not taste great together.

I am woefully ignorant of the Deep Net, ways to access it, what goes on, security protocols, etc. Can someone explain this comment for me?


from Bittorrent over Tor isn't a good idea:

"...apparently in some cases uTorrent, BitSpirit, and libTorrent simply write your IP address directly into the information they send to the tracker and/or to other peers. Tor is doing its job: Tor is anonymously sending your IP address to the tracker or peer. Nobody knows where you're sending your IP address from. But that probably isn't what you wanted your Bittorrent client to send."
posted by jjoye at 12:04 PM on February 13, 2012 [1 favorite]


hey, guys, it's me. um.. just stopped in to say that "some of X, some of Y, and... child pornography" makes this one a 'NO' for me. anyone else have that kind of reaction?
posted by herbplarfegan at 12:19 PM on February 13, 2012 [1 favorite]


Do people still pirate using DCC fservs on IRC?.

people I know that are really into torrent lease servers in europe and pay through resellers where they don't have to give a real name. I'm pretty sure they use stuff like visa gift cards to pay.
posted by Ad hominem at 12:21 PM on February 13, 2012 [1 favorite]


@ad hominem

only for books
posted by This, of course, alludes to you at 12:22 PM on February 13, 2012 [1 favorite]


people I know that are really into torrent lease servers in europe

Generally known as a "seedbox"
posted by burnmp3s at 12:25 PM on February 13, 2012 [2 favorites]


hey, guys, it's me. um.. just stopped in to say that "some of X, some of Y, and... child pornography" makes this one a 'NO' for me. anyone else have that kind of reaction?

Yes, I've also stopped paying attention to the Guardian's bylines.
posted by RobotVoodooPower at 12:40 PM on February 13, 2012


hey, guys, it's me. um.. just stopped in to say that "some of X, some of Y, and... child pornography" makes this one a 'NO' for me. anyone else have that kind of reaction?


this is precisely the reason law enforcement/media smear Silk Road with this CP stuff in the first place. geeky potheads don't make for good shock value these days.
posted by jjoye at 12:47 PM on February 13, 2012 [1 favorite]


Okay let's clear something up.

I'm for activism and quiet places to talk where your boss and the government aren't listening.

I'm against child pornography and hidden databases of peer reviewed journals that nobody can afford to see.

I was trying to quote the articles I found available and not frame it according to my own politics. There were not very many solid, objective articles, but lots of exciting, dramatic ones. Feel free to blame the internet. :)
posted by Stagger Lee at 12:57 PM on February 13, 2012 [2 favorites]


So let' see...Greek default...Occupy Wall Street...50 million americans living under poverty line...still no cure for cancer...thousand of young women enslaved and sold for prostituion...Syrian massacres....the Arab Spring....

There's nothing to further investigate..mmhh: sex = underbelly + dirt=seedy + tech=internet == The Phantom Internet Dirty Underbelly Menace is upon us!
posted by elpapacito at 12:57 PM on February 13, 2012 [1 favorite]


Do people still pirate using DCC fservs on IRC?

This is still a very popular distribution method for scanslated (scanned+translated) Japanese manga, although webcomic-style online readers are more popular. There's also a lot of fileswapping in members-only BBSes through compiled links to 3rd-party sites like dear old Megaupload.

Scanslation is a curious little intersection of piracy+culture-crossing+geekery+social contact that I would love to see poked at by sociologists and economists.
posted by nicebookrack at 1:19 PM on February 13, 2012 [3 favorites]


"some of X, some of Y, and... child pornography" makes this one a 'NO' for me. anyone else have that kind of reaction?

Allow me to introduce you to my old friend, The US Mail.
posted by Kid Charlemagne at 1:21 PM on February 13, 2012 [2 favorites]


Tor is also being used to combat firewalls in Iran, where privacy is apparently illegal.

Hey, law-abiding citizens have nothing to hide. Anonymity is for criminals!
posted by Malor at 1:28 PM on February 13, 2012 [1 favorite]


Scanslation is a curious little intersection of piracy+culture-crossing+geekery+social contact that I would love to see poked at by sociologists and economists.

Or fansubs, the equivalent in anime. One of the ironic aspects of it is that the fan localizations are often much higher quality than actual commercial localizations when they do exist. Localized manga might include footnotes about puns or other language-specific content that would simply be removed or ignored in a commercial translation, for instance.
posted by burnmp3s at 1:37 PM on February 13, 2012 [2 favorites]


Are people still getting busted for running Tor exit nodes that happened to carry illicit traffic? I always thought it was remarkable that something made at least in part by the US intelligence establishment could land you in your-life-is-ruined level trouble, although I suppose that's sort of a summary of the byproduct of intelligence work in general.
posted by feloniousmonk at 1:39 PM on February 13, 2012


and hidden databases of peer reviewed journals that nobody can afford to see.

It's not an issue of cost (yet) - your local library card is, generally, free to $1.

I do think there's a problem when we take something structural (like a 'dark net' aka information on the web that traditional search engines can't access) and start to assign it a moral value of one kind or another (good because activists can use it, or bad because pornographers can use it).
posted by muddgirl at 1:58 PM on February 13, 2012 [1 favorite]




It's not an issue of cost (yet) - your local library card is, generally, free to $1.


Sorry, I mean to the institutions, not the individuals. Library access is a good work around for individuals.

I'm looking at a university that's suffering budget cuts, and watching the librarians have to decide which databases to lose.
posted by Stagger Lee at 2:07 PM on February 13, 2012 [1 favorite]


hey, guys, it's me. um.. just stopped in to say that "some of X, some of Y, and... child pornography" makes this one a 'NO' for me. anyone else have that kind of reaction?

Depending on what exactly you are referring to, that's like refusing to speak because some people use sound to transmit profanity.
posted by Salvor Hardin at 2:16 PM on February 13, 2012 [4 favorites]


...Is TOR cyber-sexting your children?
posted by broken wheelchair at 2:23 PM on February 13, 2012 [4 favorites]


It's not an issue of cost (yet) - your local library card is, generally, free to $1.

Your local public library likely doesn't provide access to a lot of the good stuff (especially medical and scientific publications) and these resources are certainly not free to the libraries: research universities pay tens of millions of dollars a year for electronic database access.
posted by zachlipton at 2:27 PM on February 13, 2012 [4 favorites]


I understand that electronic database access is expensive to the organization, zachlipton - that wasn't really my point and I misunderstood Stagger Lee's point. I don't really know how to classify 'good stuff,' but my local library has a PubMed subscription and dozens and dozens of abstract databases. If the full-text of an article I need is in a subscription database that we don't have, I ILL it. Yes, I'm even talking paper copies - which is another 'dark net' I suppose.

I know that library resources are unfortunately vanishing at a frightening rate, but that's another discussion orthogonal to the existence of an 'invisible web.'
posted by muddgirl at 2:39 PM on February 13, 2012


Don't click shit if you don't know what the fuck it is
posted by Renoroc at 3:32 PM on February 13, 2012


shit
posted by This, of course, alludes to you at 3:38 PM on February 13, 2012 [2 favorites]


I am 99.9% certain those "hit men" sites have no actual assassins on them. I bet if you tried to hire there, one of three things would happen:

- They run off with your money and you never hear from them again
- They run off with your money, then periodically contact you to tell you what a dumbass you are
- You get a knock on the door from the FBI since the whole site was one large sting operation
posted by ymgve at 3:51 PM on February 13, 2012 [3 favorites]


There are sites on the Deep Web that offer the services of hitmen, advice to gang members ...

Tech-savvy hitmen and gang members? The future is here!
posted by vidur at 4:04 PM on February 13, 2012


Freenet software allows users complete anonymity as they share viruses, criminal contacts and child pornography.

No, that's Reddit, 2nd door down the hall.
posted by benzenedream at 4:25 PM on February 13, 2012


Okay, so now we know what SA's next target it: the darknet.

Anonymous tried to take down a tor site, they DDOSed it, declared victory in the media, and the site was back the next day.

Taking down a tor site would require banning tor (and that might not even work as they are working on masking tor data as unencrypted data) or breaking tor to discover the true hosts.
posted by jeblis at 4:59 PM on February 13, 2012


At the present, I'd encourage people to become familiar with encrypting their IMs using off-the-record messaging

Hah hah hah! Hah ha! Hah! Ehhhh.
posted by clarknova at 5:21 PM on February 13, 2012 [1 favorite]




Ordering your weed online and sending it through the US mail seems to unnecessarily commit about 10 more felonies than just buying from the guy in the park.
posted by T.D. Strange at 6:55 PM on February 13, 2012


{ One of the ironic aspects of it is that the fan localizations are often much higher quality than actual commercial localizations when they do exist.

Indeed! The translations can run the gamut from wonky-babelfish-bad* to pro-level, but they're always labors of love, to an extent not covered by labeling them "piracy=rip movie from DVD+convert to AVI+upload to Pirate Bay." And the audience has darkweb elements as well; e.g. a not-insignificant number of fans swapping yaoi (male/male romance) media online live in places like Indonesia where mailing books with queer content is illegal, offering little chance for legal digital translations to be made available either.


*often made more complex by eager amateur manga translators working from Chinese translations of Japanese books, with English/Japanese/Chinese the translator's second or third language, working for an English audience. One of my favorite groups does English scanslations of Thai versions of old-fashioned Japanese girls' comics from the '70s.
posted by nicebookrack at 8:53 PM on February 13, 2012 [1 favorite]


The various levels of the Deep Web explained.
posted by scalefree at 9:10 PM on February 13, 2012


there's a LiveCD that boots into a ramdisk ...

Link?
posted by zippy at 2:06 PM on February 14, 2012


@jeffburdges: At the present, I'd encourage people to become familiar with encrypting their IMs using off-the-record messaging....

You will hit the same problem people do when they off the record message me in Google Chat: I have pidgin set to automatically log everything sent to me, so that I can find links, phone numbers and addresses again, as well as have the last thing they said start the conversation in case I accidentally close the window.

Now I'm very willing to delete peoples log files if they ask me, but a lot of people wouldn't be, and encrypting your message while it travels from you to me won't help that.
People have tried deniable email like this before, through various ways: The 'take screenshot' button tends to defeat it.
posted by Canageek at 3:07 PM on February 14, 2012 [1 favorite]


'take screenshot' is deniable.
posted by Bovine Love at 8:07 PM on February 14, 2012


@Bovine Love Sorry, not deniable: Unsharable. Confidential. Deleteable. Yes, you could forge the screenshot, but then again, you could also forge the origional email if you had another email from the person and knew enough about how the email system worked to forge the headers.
posted by Canageek at 8:32 AM on February 15, 2012 [1 favorite]


I don't think you understand the point of deniability, then.

One of the features of a conventional crypto system is that it provides proof of sending. So, you sign an email and send it to me, so that I can be assured that you sent it. Assuming you have not lost control of your keys, I can prove you sent it. One of the very clever features of OTR is that it provides assurance of who sent it, but later an evesdropper could forge messages. So it provides authentication without providing non-repudiation. Hence, if presented with a chat log in court, you can deny you sent them, even they they are cryptographically authenticated. This is very much unlike traditional systems which give non-repudiation as a bonus feature to the authentication. Not such a great bonus sometimes.

A screen shot can trivially be denied as being forged. And, yes, non-signed emails can be easily forged, of course, and as such are deniable to a fair extent. And often are, of course. Of course, in all cases, it depends on where they are collected. If an email is collected off the recipients system, or in transit, then the sender can easily deny having sent it (assuming it was not crypographically signed in the conventional manner). If it is collected off the senders system, however, it gets much harder to deny, since he would need a plausible explanation how it got on his machine in his sent folder. This holds very similarly for chat. If you are using OTR, and don't keep chat logs (either by mistake or on purpose), then it becomes quite easy to deny at any point. If you happen to keep logs on the senders machine, then collection there is hard to deny, but collection anywhere else is still easy to deny. If you used a conventional system such as PGP, then it could be proven after the fact that you sent the message (nonrepudiation).
posted by Bovine Love at 12:13 PM on February 15, 2012


@Bovine Love: It still boils down to whether you trust the person on the other end. People assume that if you turn on 'OTR' in Google Chat the other person doesn't have a log, and they don't have to worry about things they said coming back to haunt them. Ditto JPEG email. However, if the other person makes these public then a significant number of people will believe them, your rep is ruined, etc. All the encryption in the world won't help you if the person on the other end isn't trustworthy.
posted by Canageek at 5:36 PM on February 15, 2012


Aren't IMs sent using OtR always logged locally? Adium and Jitsi certainly both log them permanently. Your IMs are "off google's record", not "off the record".
posted by jeffburdges at 5:47 PM on February 15, 2012


Canageek, I haven't met many people who know what OTR is and think that it makes the other end trustworthy. OTOH, I haven't met many people who knew what OTR was. I'll agree 100% that OTR does not provide trust, but that is unrelated to deniability. Clearly the other person can keep logs; for that matter, they can forge logs. I don't think that there are rampant numbers of people going around who thing that something like OTR means they won't have trouble.

In Adium, go to preferences, General. You can log messages in general (or not), and specifically choose whether or not to log messages which are OTR-secured if general logging is turned on. I don't know Jitsi.

Clearly the other party can cut'n'paste, screen shot, log, lie, whatever. Hell, someone you never chatted with to can fabricate a log/etc and claim you sent it. That has nothing to do with the utility of OTR other than that, because you used OTR instead of more traditional security, that person cannot *prove* you sent them. That is very important. They can claim anything, but the can't prove any of it. You can equally claim they are lying. Hence, deniable.

Knocking OTR because it doesn't make people trustworthy is pretty random (but not cryptographically so :)
posted by Bovine Love at 6:04 PM on February 15, 2012 [1 favorite]


I was interested in the bitcoin experiment, so an article in the Deep Web caught my attention; it trumpeted the value of bitcoins, at $14 US. Right now, the exchange rate on Mt. Gox is $4.24 US, around 30% of what they were eight months ago. So, I don't have high expectations of bitcoins becoming very disruptive.
posted by Pronoiac at 7:18 PM on February 15, 2012


@jeffburdges Not if you use the built in GMail client (as most people do) or Google's client.

@BovineLove And yet every few years there is some company trying to see 'unsavable' JPEG email so you can delete the email so that the other person can't prove you sent them something.
posted by Canageek at 8:57 AM on February 18, 2012


Are you talking about the gtalk client in the gmail.com web app? I understood that google's "off-the-reccord" messages aren't using the real off-the-record protocol for encrypted messaging.

Indeed, google's client's don't support any end-to-end encryption at all, they simply turn off their logging when you ask, perhaps they still analyze the conversation for advertising purposes.

You should avoid using the web based clients for all these IM services, including facebook chat.
posted by jeffburdges at 4:33 PM on February 18, 2012


@jeffburdges I still think anything electronic is a *bad* idea for communication. There are all sorts of ways you can do text analysis to show if something is really by a person (Linguistic analysis, mention of things no one else could have known, etc. A nice walk in a big feild away from anyone, or a nice boat trip are much safer if you are talking about something sensitive.
posted by Canageek at 7:44 PM on February 18, 2012


It never occured to me someone was talking about what google calls "off the record". Yah, that is unrelated to the OTR in Adium, Pidgin, etc. That, AFAIK, just don't log. Doesn't provide you any protection against sniffing at googles servers, etc.
posted by Bovine Love at 7:21 AM on February 20, 2012


« Older "I thought others might appreciate these tidbits...   |   Yo Lady G, wassup? Newer »


This thread has been archived and is closed to new comments