Charlie Harvey

HTML5 and covert peer to peer filesharing

Written by Charlie on

Imagine a well-designed P2P distribution network that was reasonably anonymous, took no effort to install or configure and could be used without large amounts of effort by any normal computer user. Such tools can and indeed have been built and open up a range of opportunities for illegal use to cybercriminals requiring minimal technical know-how, according to a recently published paper. Download the paper.

Which all sounds very scary. However, when reading such sentences, I consider it something of a maxim that I should see how things sound when I replace words like "cybercriminals" with words like "democracy activists" and phrases like "illegal use" with phrases like "privacy-enhancing use". Much less scary I hope you agree. Such is the double-edged nature of meaningful privacy.

WebRTC is a protocol that is now supported pretty well in most browsers. It is able to provide "cryptographically enhanced HTML5 data channels", by which is meant data integrity, source authentication and end-to-end encryption. There are a number of services which provide HTML5 file transfer. Of interest to filesharers is a things called sharefest.me:

a file-sharing “one-to-many” based website that aims to dynamically generate and maintain file-sharing swarms by connecting peers that are interested in sharing the same data. Like the BitTorrent protocol, multiple peers are utilised simultaneously to transfer portions of the data thus increasing download speeds by avoiding the bottleneck that is the lower up- load speed of a standard ADSL internet connection.

The researchers point out that sysadmins (or repressive regimes) may be able to blacklist the sharefest.me site, but that as a free software project, folks could install their own node should they desire. One way of fingerprinting sharefest.me is by observing the Session Traversal Utilities for NAT (STUN) traffic.

Of the projects surveyed, AeroFS and PipeBytes provided both anonymity and encryption, but AeroFS required registration. Which might increase the risk of deanonymization, I suppose.

Some of the uses the researchers identified for secure HTML5 file transfer were:

  • "Cybercriminal" (or "democracy activist") community backup
  • Secure covert messaging
  • Industrial espionage ("ie. data exfiltration")
  • Piracy ("ie. sharing")
  • Website hosting
  • Malicious software distribution ("software distribution")

As far as the researchers are able to ascertain

The only method available to law enforcement is to effectively wiretap the transfer by running a software or hardware based deep packet inspection tool on the network at either end of the transfer

That sounds on the surface like an excellent way to frustrate the bulk collection schemes of the likes of NSA and GCHQ.


Comments

  • Be respectful. You may want to read the comment guidelines before posting.
  • You can use Markdown syntax to format your comments. You can only use level 5 and 6 headings.
  • You can add class="your language" to code blocks to help highlight.js highlight them correctly.

Privacy note: This form will forward your IP address, user agent and referrer to the Akismet, StopForumSpam and Botscout spam filtering services. I don’t log these details. Those services will. I do log everything you type into the form. Full privacy statement.