IETF116 Conference Report: Friday March 31, 2023
Posted on April 4, 2023
| David Oliver
Day Five of the 116th IETF meeting in Yokohama Japan. For the rundown on Day Four, see my daily report.
With a lot of focus on privacy with respect to Internet protocols, novel new cryptography schemes are an important requirement for new protocol designs. For example, Privacy Preserving Measurement is relying on new cryptography to support distributed aggregation of a wide range of measurements in the advertising domain as well as application telemetry.
[Read More]
IETF116 Conference Report: Thursday March 30, 2023
Posted on March 30, 2023
| David Oliver
Day Four of the 116th IETF meeting in Yokohama Japan. For the rundown on Day Three, see my daily report.
The IETF is getting serious about interoperability among messaging services (this might have had something to do with it). The charter for the Messaging Layer Security Working Group (MLS) specifically excluded interoperability, though the group organized a draft that addressed the basic concepts that would allow MLS-compatible systems to federate. In early 2023, a new Working Group - More Instant Messaging Interoperability (MIMI) - was chartered to expand on the MLS federation work.
[Read More]
IETF116 Conference Report: Wednesday March 29, 2023
Posted on March 30, 2023
| David Oliver
Day Three of the 116th IETF meeting in Yokohama Japan. For the rundown on Day Two, see my daily report.
The long-running work on MASQUE - proxying all network-layer datatypes over QUIC (HTTP/3) - is nearing completion, with the specification for Proxying IP in HTTP in IESG review. With these components in place, the original MASQUE concept - a non-probable relay for client traffic providing privacy guarantees - has been revived, now defined within the new framework and leveraging HTTP Unprompted Authentication.
[Read More]
IETF116 Conference Report: Tuesday March 28, 2023
Posted on March 29, 2023
| David Oliver
Day Two of the 116th IETF meeting in Yokohama Japan. For the rundown on Day One, see my daily report.
The OHAI Working Group has submitted the core draft of Oblivious HTTP Application Intermediation to the RFC Editor for editorial finalization and publication. OHAI is designed to support transational uses of the HTTP protocol that seek IP address privacy (by means of a relay pair, one associated with the client and one associated with the target resource).
[Read More]
IETF116 Conference Report: Monday March 27, 2023
Posted on March 28, 2023
| David Oliver
This post begins a daily blog, live from the 116th meeting of the Internet Engineering Task Force in Yokohama, Japan, March 25-31, 2023. We’re focusing on standards activities of importance to the Internet Freedom community.
Since IETF114 (report), the Privacy Preserving Measurement Working Group has been deliberating over two distinct proposals offering very different technical methodologies for undertaking measurement activities while respecting user privacy. STAR offers an approach called k-anonymity - reporting a measurement value only if k or more parties are also reporting the same value.
[Read More]
Arti, next-gen Tor on mobile
Posted on March 4, 2023
| uniq
For software projects with recurring bugs, efficiency or security issues there’s a joke making the rounds in the software industry: “Let’s re-write it in Rust!” It’s a fairly new low-level programming language with the declared goal to help developers avoid entire classes of bugs, security issues and other pitfalls. Re-writing software is very time consuming, so it rarely happens, especially when just one more fix will keep a project up and running.
[Read More]
Steps towards trusted VPNs
Posted on February 28, 2023
| Hans-Christoph Steiner
VPNs have become quite popular in recent years for a number of reasons, and more and more they are being touted as a privacy tool. The question is whether using a VPN does improve privacy. It is clear that VPNs are quite useful for getting access to things on the internet when direct connections are blocked. VPN providers include a number of tactics in both their client apps and server infrastructure to ensure that their users are able to make a connection.
[Read More]
Scanning apps, off the record
Posted on September 28, 2022
| Hans-Christoph Steiner
Smart phones have brought us so many wonderful capabilities. They let people around the world access vast realms of information. They let app developers solve problems large and small in a way most relevent to their local context. They are personal computers for the world. They also have given surveillance capitalism an unprecedented reach into everyone’s lives. Repressive governments use them in ways that the East German Stasi secret police could only have dreamed of.
[Read More]
The Search for Ethical Apps: Let's start with governments
Posted on September 1, 2022
| Hans-Christoph Steiner
Governments across the world are moving services to mobile apps. The vast majority of these apps are only available in the Google Play store or in the Apple App store. Installing apps from these services requires users to agree to their terms of service. This means governments require their citizens to sign opaque and privacy invading contracts with foreign Big Tech in order to use digital services. This feeds ever more into Big Tech data control, filtering, and information bubbles.
[Read More]
Serving Websites Privately Over Tor Onion Services (From Your Laptop!)
Posted on August 29, 2022
| Shanzay, Summer Intern
In this day and age when our data is consistently being tracked and profited off of, sharing information safely and securely is difficult. However, that does not necessarily mean that all network services are subject to such scrutiny. Users now have the ability to combine the security of HTTPS with the privacy benefits of Tor Browser and share information through Tor’s anonymous network services – Onion Services. By using an onion service, users can hide their location while active, connect to other Tor users, and retain their privacy throughout.
[Read More]
DWeb versus Web3: An Intern's Journey!
Posted on August 19, 2022
| Shanzay, Summer Intern
Close your eyes and imagine. You are sitting, designing the next game-changing innovative idea; however, you are not worried about any information leakage or spread, as you are in control. You not only hold ownership of your data, but with each online activity, your fear of being tracked dissipates more. This new internet you explore on understands each input, tailoring the content to your specific needs as it no longer runs on basic commands, but rather uses the combination of technologies and concepts such as machine learning, big data, and decentralized ledger technology to process information in a smart, human-like manner.
[Read More]
IETF114 Conference Report: Friday July 29, 2022
Posted on July 29, 2022
| David Oliver
Day Five of the 114th IETF meeting in Philadelphia USA. For the rundown on Day Four, see my daily report.
A quiet day today with only the Messaging Layer Security Working Group holding its session. Draft 16 of the MLS protocol completed last-call in mid-July and has been submitted for review after significant technical and editorial feedback from the working group. Are we getting close (again)? The MLS Architecture document was lightly revised and version 8 submitted for review.
[Read More]
IETF114 Conference Report: Thursday July 28, 2022
Posted on July 28, 2022
| David Oliver
Day Four of the 114th IETF meeting in Philadelphia USA. For the rundown on Day Three, see my daily report.
At IETF112 (online) a formal Birds of a Feather (BoF) session was held on the concept of Privacy Preserving Measurement. A Working Group was chartered and, at IETF113 in Vienna, we were treated to an incredibly detailed presentation on Prio, an academic concept for supporting privacy in the context of Internet-scale measurement.
[Read More]
IETF114 Conference Report: Wednesday July 27, 2022
Posted on July 27, 2022
| David Oliver
*Day Three of the 114th IETF meeting in Philadelphia USA. For the rundown on Day Two, see my daily report.
Interest is starting to consolidate on the need for additional definition for serving media over the QUIC transport layer, particularly for streaming and conferencing applications. Following an informal gathering at IETF113 in March 2022, a formal Birds of Feather session met today with a draft charter proposal and two draft documents describing the intended use cases and a protocol.
[Read More]
IETF114 Conference Report: Tuesday July 26, 2022
Posted on July 26, 2022
| David Oliver
Day Two of the 114th IETF meeting in Philadelphia USA. For the rundown on Day One, see my daily report.
Lucas Pardue, of Cloudflare and co-chair of the QUIC Working Group, gave a not-so-tongue-in-cheek talk about the breakdown of the OSI layering model of the Internet. His focus was on the top of the stack, illustrating handsomely what QUIC and HTTP/3 have done (unknowingly to most) to our perception of layers.
[Read More]
IETF114 Conference Report: Monday July 25, 2022
Posted on July 25, 2022
| David Oliver
Day One of the 114th IETF meeting in Philadelphia USA.
With privacy a key consideration in new protocol design, cryptography has become a major focus of IETF activities. The Internet Research Task Force (IRTF) has the Crypto Forum Research Group where new cryptography schemes are brought forward and vetted for use in IETF protocols. Well, new is a misnomer. Much of the mathematics has long been defined, at least at its core, and the work is rather being brought into the IETF context where important engineering considerations apply: use of memory (at rest or in flight), processing required, round-trips required, etc.
[Read More]
IETF114 Hackathon Report: Sunday July 24, 2022
Posted on July 24, 2022
| David
This post begins a daily blog, live from the 114th meeting of the Internet Engineering Task Force in Philadelpha Pennsylvania USA, July 23-29, 2022 (in-person meetings having restarted in March 2022 after the COVID pandemic abated). We’re focusing on standards activities of importance to the Internet Freedom community.
The Hackathon event kicks off each IETF event, with projects that run the gamut from early implementations of just-emerging specifications to full multi-vendor interoperability testing of nearly-mature protocols.
[Read More]
RightsCon Report: Surveillance and Facial Recognition: Protection or Instruments of Control?
Posted on July 20, 2022
| Shanzay, Summer Intern
Safety is one of the foremost questions we seek to answer as we roam about in our everyday lives, taking precautions to reduce the likelihood of all threats. It is the very reasoning behind the use of surveillance technology from civilians to the state government, as it hinders crime through fear of persecution and retribution. However, variables such as the time taken for assistance can limit this objective. In these instances, surveillance is not a means of protection, but rather justice, as facial recognition technology can discern the perpetrator to bring to justice.
[Read More]
IETF113 Conference Report: Friday March 25, 2022
Posted on March 28, 2022
| David
Final day of the 113th IETF meeting, in Vienna Austria.
The IETF is looking to make a clear contribution to the problem of hyper-aggressive measurement of user activities on the Internet and the many misuses thereof. To do so, the IETF recognizes that some measurement is important but that many desirable measurements require data most people consider sensitive. It also recognizes that aggregated measurements often provide the most value, rather than individual ones.
[Read More]
IETF113 Conference Report: Thursday March 24, 2022
Posted on March 27, 2022
| David
Day four of the 113th IETF meeting, in Vienna Austria.
Privacy Pass - originating at Cloudflare in 2017 as a solution to user frustration with CAPTCHA - has been in full swing as an IETF activity since mid-2020. Privacy Pass allows a client to solve some form of validity check (a CAPTCHA, a puzzle, a user-pass authentication) to then receive some number of tokens to be used at websites accepting Privacy Pass, thus eliminating the need to do a CAPTCHA at each site.
[Read More]