Archive | Uncategorized RSS feed for this section

How to set up your own Pirate Bay Proxy…

4 May

Background

As some ISPs in the UK have been ordered to block it by the High Court, here are instructions on how to set up your own proxy server.  The following piece also be explaining how it is a good and low cost investment with a great outcome – we must fight censorship, we cannot let this continue.

We’ll be using nginx on linux, preferably CentOS but it works on pretty much all UNIX-based systems. Your server should not have anything else running on port 80 though, and of course it needs sufficient bandwidth. Don’t use a precompiled binary from your distributions repos though as it will not have all the required modules. You can get good value VPS servers for next to nothing these days that will be more than capable of running it, ours costs less than £5 per month.

We are running piratereverse.info on a small linux VPS with 1GB of RAM and it currently uses around 50MB, going up to about 70MB when we get really busy. We’re also using SSL which is useful but not required. If you order a domain with namecheap.com you get WhoisGuard which is useful for this type of thing and a cheap SSL certificate. I think in total we paid less than £8 for the domain, whois protection and SSL certificate, all valid for one year.

Guide

1. Once you’ve got your server set up and online you’ll want to get nginx installed. Install the dependencies first. 

yum install pcre-devel zlib-devel openssl-devel gcc make subversion

2. Download the source. Latest version is 1.2.0 as of 4/5/12. 

wget http://nginx.org/download/nginx-1.2.0.tar.gz

3. Download the substitutions4nginx source using subversion. 

svn checkout http://substitutions4nginx.googlecode.com/svn/trunk/ substitutions4nginx-read-only

4. Get ready to compile by configuring. Leave out –with-http_ssl_module if you aren’t planning on using SSL. Change the path of the substitutions4nginx-read-only directory to where you’ve downloaded it to. 

./configure --with-http_ssl_module --add-module=/path/to/substitutions4nginx-read-only

5. Compile it. It’ll be installed to /usr/local/nginx/ by default. 

make
make install

6. Test nginx is working by starting it then typing in your server IP in your web browser. You should see the “Welcome to nginx!” message. 

cd /usr/local/nginx/
./sbin/nginx

7. If its working, we’ll stop it so we can configure it. If you can’t connect to it, make sure there isn’t a firewall blocking it. For testing, run “service iptables stop” to stop iptables. You should configure iptables properly later but its not something in the scope of this article. 

./sbin/nginx -s stop

8. Rename the default config file so we’ve got a copy just in case something isn’t quite right. 

cd conf
mv nginx.conf nginx.conf-backup

9. Download our config and open it. 

wget http://about.piratereverse.info/proxy/nginx.conf
vi nginx.conf

10. You’ll need to modify some things for it to work for your setup. 

A. If you aren’t using SSL, take out the first server block (the one with the rewrite rule) then take out all the SSL lines in the last server block, there are 5 in total, then change listen from 443 to 80. 

B. Regardless of whether you are using SSL, change server_name to match your domain. You should not have any instances of ‘piratereverse.info’ in your config. The second server block is actually just serving this about section, I’ve added our IP in too so if you go to http://46.37.175.131/ for example you’ll see the about section too, so change to your own. 

C. Then you can change the subs_filters on the final server block. You need to make sure that you change the domain on the first rule to your own, this will allow content to be proxied from static.thepiratebay.se over your server as some people had reported images and CSS not loading because their ISP had blocked that subdomain. That is really the only important subs_filter rule, the rest just insert our links into the source. Delete them if you don’t want them. You can also create new subs_filter rules to modify the content on demand, but don’t do anything silly like removing the banner ads. 

D. Change the cache path if you want to, you could for example put the cache on a ramdisk to optimise it. Otherwise leave it as it is.

11. Make the cache directory. By caching we’ll be taking the stress off The Pirate Bay’s servers and speeding up delivery of our site. If you changed the cache path above then make sure its the same here too. 

mkdir /usr/local/nginx/cache

12. Test your config works by starting nginx. If there isn’t any output then its started. If you get [emerg] errors, something needs changing. Usually the output will point you in the right direction. If you can’t figure it out, try searching the internet as there are a lot of resources – otherwise email with as much detail as possible. 

./usr/local/nginx/sbin/nginx

13. If it works, try it out. You’ve completed it. We recommend installing Webmin too, so you can see the error logs in the browser and manage the server with ease.

Spread the word

Please let people know about this – the more proxies that work properly the better.

Advertisements

The SOPA/PIPA Controversy

14 Apr

The SOPA/PIPA Controversy

Rights owners have long struggled to protect their intellectual property in the digital era. Two decades of instant copying and high-speed broadband are to blame for a significant downturn in cinema receipts and individual unit sales of CDs, DVDs and software.  Rights holders have levied accusations that search engines have profited from linking advertising revenue to sites that host infringing material.  To combat copyright infringement, rights owners have undertaken a multi-pronged approach to tackle illegal file-sharing and other ‘pirated’ content. Measures taken have included education, pushing for the imposition of sanctions – both criminal and civil, and pressuring national legislatures to propose tougher legislation granting rightsholders’ broad authority to shut down infringing sites ultimately creating economic scarcity for creative work. SOPA in the US House of Representatives, and its companion legislation in the US Senate, the PROTECT IP Act or PIPA, attempt to address the perceived problem of non-US websites engaged in infringing activity.  Because these so-called “rogue” websites have domain names registered outside of the US (for example, “.uk” rather than “.com”) and are hosted on servers outside of the United States, they are out with the jurisdiction of American courts and the existing enforcement mechanisms under US law. (SOPA and PIPA are part of a broader enforcement strategy, including the federal government’s seizure of hundreds of domain names registered in the United States and criminal prosecutions brought against the operators of web site, “Megaupload.com”.)  Although the bills have technical differences, their basic approach is the same.  They would require intermediaries subject to US jurisdiction to block access to the foreign websites, or to prevent the flow of revenue to these sites.  More specifically, SOPA and PIPA would authorise in rem lawsuits in US courts against a domain name associated with a site dedicated to infringing activity.  If the court found that the website met the statutory standard, the court would issue an order which would be served on four categories of intermediaries. ISPs would be required to prevent the domain name from resolving to an Internet protocol address.  In other words, when a user typed the domain name of the non-US site into his browser, the service provider would not connect the user to the non-US website. Search engines (for example, Google, Bing or other sites that direct users to other online locations) would be required to disable links to the non-US site. Payment systems (for example, Visa or MasterCard) would be required to refuse payment transactions between customers with US accounts and the account used by the operator of the non-US site.  Internet advertising networks (for example, Google AdWords or AdSense) would not be able to place advertisements on the non-US site or have sponsored links to the non-US site.

If intermediaries did not comply with an order, they would be subject to enforcement proceedings.  SOPA and PIPA provoked the following sharp criticisms from Internet companies and users. Although the bills’ sponsors said that they were targeting the “worst of the worst” foreign websites, the bills, as introduced, applied to both US and non-US websites.  Moreover, a small amount of infringing content within a large website could, conceivably, trigger a remedy that would apply to the entire website.  Compliance with the Digital Millennium Copyright Act’s (DCMA) notice-and-takedown procedures would not provide a safe harbour.  Thus, websites that host user-generated content, including cloud-computing sites, could be affected. All four types of actions required by intermediaries raised concerns, because they were targeted at websites rather than specific content within those websites. These were blunt instruments that could lead to the termination of the provision of lawful as well as unlawful content.

The domain name and search engine blocking remedies were particularly controversial.   Both approaches are used by governments which restrict free expression.  Thus, US endorsement of these methods to block access to content that the US government considers illegal (i.e. IP infringing) would legitimate other countries’ use of these methods to block access to content they consider illegal (e.g., criticism of the government).  Indeed, a letter from Members of the EU Parliament stated that “blocking of websites, by DNS or otherwise, severely undermines America’s credibility in the global information society.”[1]  Google has fully complied with DMCA requirements for rapid “take-down” of videos that conflict with intellectual property owners’ legitimate claims. Google has also gone much further than the DMCA requires, by implementing a comprehensive “Content ID” system to pro-actively flag uploaded content matching the “signatures” provided by content owners (resulting in various actions, some of which are punitive in nature). Some observers would argue that this latter feature can sometimes be too aggressive, by flagging content that actually meets “fair use” requirements. Additionally, take-down tools (or legal threats and actions) are sometimes used by governments not to enforce copyright restrictions per se, but in reality for raw censorship of political or religious material that is considered to be undesirable or offensive to particular groups — in the process sometimes cutting off access to those videos to everyone around the planet.

Domain name blocking also has the potential to introduce cyber-security vulnerabilities.  Court-mandated domain name blocking requires service providers to return authenticated and unencrypted responses to domain name queries in contravention of emerging cyber-security protocols.  Moreover, as users attempted to circumvent the domain name blocking they would use foreign domain name service providers that did not comply with US government cyber-security standards. Because both bills provide for private rights of action, the volume of cases could be very large, and the intermediaries would need to take action with regard to many sites, at great expense. 


[1]BAND, J. 2012. SOPA and Its Implications For TPP [Online]. Available: http://infojustice.org/archives/7546 [Accessed 13 April 2012].               

Aside

Government plans to search everything we do online, offline…

1 Apr

“Having opposed the previous government’s attempts to introduce mass surveillance of Internet communications, the Conservatives are planning to introduce the very same policy they previously described as a ‘culture of surveillance which goes far beyond counter terrorism and serious crime.’ The plan is essentially to allow stored communication data to be trawled without the inconvenience of needing a warrant or even any reasonable suspicion.”

More comment on this soon, but in the meantime check out the full story on the BBC…

Quick change of plans. I am going to defer to friend and colleague Lachlan Urquhart who has written previously on the matter…

http://nakedsecurity.sophos.com/2012/02/22/imp-or-ccdp-who-cares-its-still-storing-your-data/

Maine Demands That The US Be More Open And Transparent In TPP & Other International Trade Negotiations

19 Mar

As the administration continues to be ridiculously secretive about negotiations on the Trans Pacific Partnership (TPP) agreement, it seems that even various state governments are growing concerned about the process. The Maine state legislature issued a joint resolution demanding that the administration be much more open in how it negotiates international trade agreements. The resolution states that it strongly supports good international agreements, but that they need to be open and transparent. It notes that the lack of transparency has meant that trade negotiations have come to agreements against states’ own interests and that the negotiators do not consult the states, despite the massive impact these agreements have on state economies. Then it specifically calls out the TPP, and says that the administration must improve the process. Here’s just a few of the lines from the resolution, though you can read the whole thing at the link above.

WHEREAS, existing trade agreements have effects that extend significantly beyond the bounds of traditional trade matters, such as tariffs and quotas, and can undermine Maine’s regulatory authority and constitutionally guaranteed authority to protect the public health, safety and welfare; and 

WHEREAS, a succession of federal trade negotiators from both political parties over the years has failed to operate in a transparent manner and failed to meaningfully consult with states on the far-reaching impact of trade agreements on state and local laws, even when binding the State of Maine to the terms of these agreements; and 

WHEREAS, the negative effect of existing trade agreements on Maine’s regulatory authority and constitutionally guaranteed authority to protect the public health, safety and welfare has occurred in part because United States trade policy has been formulated and implemented in a process that lacks transparency, fails to properly recognize the principles of state sovereignty and lacks any meaningful opportunity for congressional review and acceptance; and 

WHEREAS, the United States Trade Representative is currently negotiating the terms of a proposed Trans-Pacific Partnership Agreement, which will have a significant effect upon the citizens and commerce of the State of Maine; and 

WHEREAS, there is a current opportunity for improving the process by which significant foreign trade policy agreements such as the Trans-Pacific Partnership Agreement are negotiated; now, therefore, be it 

RESOLVED: That We, your Memorialists, respectfully urge and request the President of the United States and the Congress of the United States to improve the process by which United States trade agreements are developed and implemented in order to encourage meaningful transparency and appropriately acknowledge the vital role of state sovereignty and afford more meaningful opportunity for congressional review and acceptance

When even the state governments are complaining about the lack of transparency in trade negotiations that impact them, can the USTR really continue to pretend that there are no problems with the way it goes about these negotiations?

ICANN Warns US Not To Undermine Multistakeholder Model

19 Mar

The Internet Corporation for Assigned Names and Numbers (ICANN) has issued a new statement about a future contract with the United States for root zone management and other internet infrastructure functions, warning against undermining the multistakeholder model for governing core internet infrastructures.

ICANN statement here [pdf].

The US National Telecommunications and Information Administration (NTIA) recently added provisions to a new draft contract with the separate Internet Assigned Numbers Authority (IANA), obliging the contractor to demonstrate “explicit consensus support” for a new top-level domain (TLD) before it could be added to the root by IANA.

Some see this action by the US government as a reaction to the inclusion of the controversial .xxx to the root zone. ICANN now warned that “the IANA functions contract should not be used to rewrite the policy and implementation process adopted through the bottom-up decision-making process“.

The new consensus check as precondition for being added to the root might be an additional hurdle for new TLDs for which ICANN recently decided to open applications next year.

ICANN, a non-profit self-regulatory organisation that has been operating IANA and core policy functions for the domain name system, also commented on other terms for the future IANA contract.

In September, the US administration and the EU Commission will hold a consultation in Brussels on the future of the IANA and potential reform issues for ICANN after both administrations criticised ICANN for not fully implementing government advice in recent decisions.

Comments to NTIA’s ongoing further notice of inquiry on IANA can still be submitted until 29 July.

Federal Register notice here.

How to Banish Embarrassing or Annoying Autocomplete Suggestions from Your Browser

19 Mar

How to Banish Embarrassing or Annoying Autocomplete Suggestions from Your Browser

Stop me if you’ve heard this one: Once upon a time, you visited a web site that you’re not exactly proud of. Let’s say the content of said web site rhymes with “corn”. And oops! You forgot to go incongnito beforehand. You’ve frantically deleted the site from your history once you realized your mistake, but from this point forward, every time you type in “po”, Chrome helpfully autocompletes the entire URL. THANKS CHROME!

If you have heard this story before (from a friend, right?), you may want to familiarize yourself with the handy Shift+Delete shortcut.

The short version: In both Chrome and Firefox, highlighting an autocomplete entry and pressing Shift+Delete removes said autocomplete entry from the address and search bars so you can avoid pesky or embarrassing autocompletes. And yes, this tip is handy even if you aren’t de-porning your browser.

A G-rated example:

My test search on Google is “dog”—i.e., any time I need to do a quick search to make sure my connection is working, I type “dog” into a Google search. Some people type “test”, I type “dog”. Then, a couple of weeks ago, I checked out a web site called Dog Vacay, which is sort of like AirBnB for your pets. No problems so far, except—damn, now every time I try typing “dog” into Chrome, it autocompletes to dogvacay.com. Chrome! *shakes fist*

Sure, I could change my test search, but that’s years of muscle memory, and I like my routines and pictures of dogs at the top of results.

Instead, I just type my normal “dog” into the address bar, get slightly angry when “dogvacay.com” shows up, then, making sure that entry is highlighted in the autocomplete drop-down (which, of course, it already is, having been autocompleted), I press Shift+Delete (or, on a Mac keyboard, Shift+Function+Delete). The autocomplete entry is removed, and I’m back to searching in peace. for dogs a few times a week.

Also: This works with porn. (Remember, Incognito mode is just a Ctrl+Shift+N/Cmd+Shift+N away!) Have fun out there!