Security outfit targets cDc anonymity app 'Peekabooty'

The press has been blissfully buzzing lately with rumors and
long-shot speculation about a privacy/anonymity application called
Peekabooty, which white hat group Cult of the Dead Cow (cDc) is
developing for roll-out at this year's Defcon convention in Las Vegas
this July.

It certainly didn't take long for UK-based security/censorware outfit
Baltimore Technologies to try to parlay the rumors into a fast buck
by selling protection from Peekabooty -- which it warns will shelter
criminals and pedophiles and lead to all sorts of crippling liabilities
for corporate network operators -- with its product MIMEsweeper.

"Organizations can prepare and protect themselves from the
malicious use of the "Peekabooty" browser, due to be launched in
July, by using the Baltimore MIMEsweeper family of solutions," an
alarmist company press release says.



"Although developed for ethical reasons [PB] has raised concerns
that it may be abused and used maliciously to circulate child
pornography, confidential information, and stolen data." (We just
love it when censors try to sound righteous and civic-minded.)



But here's what's interesting; Balto Tech thinks it knows how
Peekabooty works, and cites the media (chiefly ZDNet and the
BBC) as the source of its information.



"Recent media reports claim that 'Peekabooty', a browser
developed by 'The Cult of the Dead Cow', can make it impossible to
control the material people have access to on the World Wide
Web," the company warns.



Of course, controlling the material people have access to on the
Web is what MIMEsweeper is all about. But we're not confident that
Baltimore Tech knows what it's saying, because no one from cDc is
willing to reveal precisely how Peekabooty works just yet. They
naturally want to save the details for the rollout.



So Balto Tech is really saying that if PB works the way a few news
drones guess it works, then they'll be able to defeat it; and you'd be
wise to buy their products now, before this
gangster-and-pedo-enabling scary hacker stuff gets loose.



Rumor and Innuendo
The great P2P myth comes originally, we think, from ZDNet's Will
Knight, who on 30 April claimed that PB "will be based on
peer-to-peer network technology. This allows data to be distributed
directly between computer systems and has attained fame through
the emergence of music-sharing technologies such as Napster and
Gnutella."



And then that venerable technology source the BBC swallowed it
whole, paraphrased it, and passed it along: "Peekabooty will work
like the Gnutella peer-to-peer network that has no central server and
instead uses all the machines in the system to hold data," their
report dated 6 May says.



Undoubtedly this is how Balto Tech hopes it works. But unless they
managed to obtain a beta version, then they're only guessing and
selling the security equivalent of snake oil -- which is hardly a unique
move in the world of commercial Internet security and virus
protection.



The usual marketing strategy depends on exaggerating some lame
little threat in a slew of alarmist media releases, thereby using a
less-than tech savvy press corps as a mechanism of free
advertising to help sell peace-of-mind in the form of a product or
service.



And here Balto Tech is showing great mastery of the exaggerated
threat genre, appealing to the protection of innocent children in a bid
to hustle its wares.



Some Truth about Peekabooty
We can't tell you exactly what it is (though we will in about a month's
time); but we can certainly tell you what it isn't.



First off, it's not based on P2P technology; it's got nothing to do with
anonymous file sharing, and nothing to do with distributed data
storage. And, contrary to what Balto Tech imagines, it's not a
'browser.'



On the other hand, generally speaking, it has to do with anonymizing
a client's access to a server. It will be distributed, but actual Web
content won't (i.e., it's not a proxy scheme).



What's to be distributed here is a means of anonymous access to
the Web. It will be collaborative, and in that sense similar to
SafeWeb's Triangle Boy, and yet individualized.



It's also highly political. It defies, and rightly so, the outrageous
claims of government and commerce upon our natural, human right
to communicate freely, anonymously, and in confidence.



If it works as advertised, governments and corporations will hate it,
and will struggle to defeat it. But if it works as advertised, it will
evolve as an open-source application and perhaps stay a step
ahead of would-be censors.



That it has both political and philosophical dimensions is no
accident. The group is quite conscious of both, and is developing
the tool deliberately in anticipation of political impact. In that sense,
it represents hacktivism at its best.



Because it's able (we hope) to defeat commercial and government
observation, and because it can be set up by individuals or small
groups for their own use without recourse to any sort of 'official'
assistance, it cuts society out of the private communications loop
which it so desperately wishes to regulate.



Thus it speaks to the difference between civil rights, which are
granted by societies through their governments, and human rights,
or natural rights, which belong to us a priori. These are so essential
to our nature as a species that no legitimate government has the
right to abridge them, or even presume to grant them.



Among these are the right to draw breath; to believe what we will in
spite of social conditioning; to draw the curtains when needed and
be secure in an inviolable state of privacy, whether in solitude or in
company. And of course, to communicate freely with our own kind.
These are not 'civil rights': these are natural human needs, which
grant us the natural privileges which each one of us owns from birth
until death.



So if Peekabooty really does work as advertised, it will have the
effect of removing society and its enforcers from one district, at
least, in the realm of natural-rights regulation, where it has no
business venturing, and restore an important balance of power
between the individual and the masses surrounding him who think
they know what he should be allowed to read, and to say.



We've got our fingers crossed.



The Register