Avoiding "The Botnet" - impossible?

People these days worry more and more often about escaping what I will call "The Botnet" in this article - just a "meme" way of describing mass surveillance. Websites have been created describing spyware and alternatives to it. Replacements for social services, instant messaging, VoIP, etc. already exist. You can use anonymizers like the Tor network or a VPN to hide from your ISP. There are ways to privately share files and host websites as well. But are all those effective - and more importantly - is this the core of the botnet - or maybe we're going after this entirely the wrong way?

Existing ways of combatting The Botnet - and why they're ineffective

The Tor Illusion

The Tor network allegedly allows you to browse the Internet anonymously. It works like 3 proxies connected together except encrypted, so a "proxy" (called the Tor node) cannot see the contents of the previous, only the destination. However the last node does see unencrypted traffic - so we hit a roadblock already before we started. The first node also sees your IP, but not the contents of your request.

What are some other problems with Tor? Well, a lot of websites simply block it, or otherwise try to make its usage inconvenient. Since the list of exit nodes is public, any website owner can easily do it. So you might be planning to "anonymize your browsing", but then realize it's simply unsuitable for everyday usage. Even more so if you intend to actually interact with the websites you're visiting - forums, imageboards, markets, file download websites, etc. all famously hate Tor. If push comes to shove, ISPs could very easily block all Tor traffic as well. - in fact this has already happened in Venezuela for example - https://www.accessnow.org/venezuela-blocks-tor/ (archive).

What about the so-called hidden services - exclusive to the Tor network? Well, most of them are defunct and it's hard to find one that actually works - and if you do, mostly you just see some scraps. In my country, I was only able to find ONE onion forum that I could actually connect to, and it didn't have very much activity. Their servers are also routinely raided (see Freedom Hosting) and their owners jailed.

There are many ways of identifying Tor users anyway - browser fingerprinting, stylometry, or even people sharing their personal data while on Tor. Operation Onymous (archive) was very successful. An already famous case of a guy sending a bomb threat using Tor can be read here: https://www.bestvpn.com/privacy-news/harvard-bomb-threat-student-caught-using-guerrilla-mail-tor/ (archive). They got him because he was the only person using Tor on that particular network at the time. The FBI has even paid a university to deanonymize Tor users (archive), and that's how Silk Road's owner could be locked up. This is just what we know about - more attacks are surely in use or preparation.

Tor still relies on its encryption, and if that's ever broken - say goodbye to your anonymity, since all the traffic is stored for possible future decryption. Quantum computing makes this likely, too.

Conclusion? Tor will not protect you (reliably). Does that mean you shouldn't use it? No, of course. Use anything that's available to improve your privacy and anonymity - just realize it's not a magic spell, and does not strike at the core of the botnet.

VPNs

These are proxies that route ALL traffic (not just HTTP) through their servers. There are lots of them claiming to be 'no log', but it is easy to find examples where people got ratted out by these, like https://www.wipeyourdata.com/other-data-erasing/no-logs-earthvpn-user-arrested-after-police-finds-logs/ (archive). Even assuming the 'no log' policy is true, it depends on the laws of certain countries - laws that can change anytime, and over which you have no control. Of course, VPN traffic is also easily blocked at the ISP or website level.

VoIP, social, IM, etc.

Simply suffers from lack of usage - so if you want to actually reach to anyone, it's Facebook, Skype, etc...And it all still goes through their networks anyway.

File sharing, hosting...

All regular hosting / file sharing providers have huge lists of what's allowed and what isn't. Even my current host reserves the right to suspend, block or cancel access to any and all Services, if they decide something contradicts their list. And of course, copyright holders can claim something is violating theirs, and you get your shit deleted then. Rom sites have been getting taken down recently for example. There are also 'good hosts' like autistici.org, but who's to say the government won't eventually take them down if they host too much stuff they don't like? As long as we're using their networks, nothing is safe. Push comes to shove and they raid the servers. Even Freedom Hosting went down eventually.

Operating systems

Of course alternatives to Windows are available, but you will come across Windows sooner or later - whether at a relative's house, school, or somewhere else.

The core of internet surveillance

Any packet you send or receive is physically going through networks that you don't control. ISPs can watch, modify and block them any way they want - and they are subject to government whims as well. Encryption is at best a temporary non-solution, as explained in the Tor section (they could block all encrypted messages easily for example - by comparing them to known languages. If it's not found in any known language, the packet is trashed. Blocking HTTPs? What was it - port 443? Boom and done.). Maybe some smart 'hackers' would learn to bypass these blocks, but in the end, we'd be fighting a battle we're sure to lose. Eventually we're going to have to face the fact that...

The Real Botnet...is PHYSICAL

As said, ISPs and governments own the networks, so the botnet is physical, not technological - and the solution, by extension, must be as well. This might be hard to see in internet surveillance (which is not even the worst botnet) - but easy in something such as CCTV. They come in, mount the cameras, and boom! You're being watched. You're now their property - which they literally admit to. No really - for 30 days (or some other amount), they can do whatever they want with your captured movements. And the duration is just claimed...Regardless, you're at their mercy now. If they see you engaging in some 'forbidden behavior', they can punish you and they do have a proof you did it. And they can blame you for sins they arbitrarily chose - they certainly aren't asking you if something should be banned or not. Everything in this society is owned by businesses or governments - and so serves their interests, not yours. CCTV is just one example. Drones, killer robots, whatever you can think of - and not necessarily technological. Schools, hospitals, airports (remember the patdowns?) - you have no control of any of these. And that is The Real Botnet. If we want to destroy internet surveillance, we're going to have to take the ISPs over - PHYSICALLY - since presumably we won't spy on or censor ourselves...And with that, hopefully we can bury the other botnets as well.

The Fake Botnet Fighter

The guy sitting in his apartment with a hoodie, running a fully libre ThinkPad, unbreakable Qubes OS, Tor for all connections, carefully avoiding all stylometry and sharing any personal data at all, encrypts his stuff with a one time pad three times, and worrying whether some botnet hasn't slipped in anyway. He has no phone or only uses 'burner phones' and pays with bitcoins. And then...he finally has to come out of his house, and has his face recorded by a CCTV camera a hundred times. This guy has to be respected for his dedication, but he is useless for a revolution. You cannot combat The Botnet using tech only.

All your tech solutions...will eventually fall!

It is inevitable. And everytime it follows the same script - let's say, some country or ISP blocks Tor or VPNs, or torrent sites get taken down, or anything - and people freak out and scramble for more technological solutions that are only band-aids. Then, if they find one, they continue their comfortable life while the cuffs get tighter. I mean, can you imagine that, in 20 years, you will be able to use the Internet as freely as today? Impossible - they will keep cracking down on everything until the 'solutions' are too tough or not even viable anymore. Of course, you cannot take over the ISPs just like that - the web of slavery is too deep - if we just barged in, the police, media etc. would get involved, and that would be the end of it. A full-scale revolution is our only option - and we should use the time during which we can fairly freely talk on the internet to plan for it. Then we could fix not only "The Botnet", but most of the other problems of society.

Last updated: 16 / 08 / 2018

Click here to go to the main page