online privacy, Bradford's World

This piece was originally published at AVNation.tv September 7, 2017. I have updated it to reflect my personal opinions.
Bradford September 18, 2020

During the week of August 25, 2017 Dreamhost, a hosting company, was under a Distributed Denial of Service (DDoS) attack. The attack resulted in basically everything AVNation.tv and my domains not working. In total I had about 45 domains and subdomains that were non functioning. I was also in China on a business trip.

The reasons for this attack has not been formally announced nor has anyone taken responsibility for the attack. There are two likely causes. Dreamhost had been in the news for two stories during that week; the first was telling the US Department of Justice that it would not supply IP addresses of who visited a site. The second reason was that “The Daily Stormer” used the automated registration process to start a new site, “Punished Stormer” after being denied hosting by other companies. For those that are not familiar, these sites are aimed toward spreading hate speech.

I indicated these reasons to AVNation and that I did not plan on changing hosting or DNS (Domain Name Server) services. There were practical reasons, but more importantly I support the decisions that Dreamhost made. I explained to AVNation that if the business risk was too high I would start changing once I got back to the United States. I would not be changing my personal hosting as I believe the issues causing the problems are important. Yes, there was no debate within AVNation that it was the right thing to do.

The first reason I decided that three years ago was a federal judge signed a search warrant against DreamHost. The Department of Justice (DoJ) was looking for information sought by federal prosecutors investigating the disturbances that occurred in Washington, D.C. during President Trump’s inauguration. The DoJ wanted the IP address of anyone who had visited the website http://www.disruptj20.org/. If you looked at the website the government wanted to know. I liken the situation to looking at the cover of a book or magazine, not peruse or purchase, the government wanted to know that you looked at it. Librarians for years have been fighting this issue, http://www.ala.org/aboutala/offices/oif. The government knowing what you are reading is not appropriate in my opinion. Dreamhost’s account of the situation can be found here https://www.dreamhost.com/blog/we-fight-for-the-users/ as well as EFF https://www.eff.org/deeplinks/2017/08/j20-investigation-doj-overreaches-again-and-gets-taken-court-again.

The Daily Stormer being denied service by Dreamhost and others is not a 1st Amendment issue. The government did not make a law banning the Daily Stormer; multiple hosting companies, GoDaddy, Cloudflare, and Google to name a few, did not want to host them. The Daily Stormer had quietly registered the new domain, Punished Stormer, using an online signup form. IOnce Dreamhost became aware of the domain they terminated the website. “Unfortunately, determined internet vigilantes weren’t willing to wait for us to take that action,” DreamHost said in a statement to Ars Technica. “They instead launched a DDoS attack against all of DreamHost. We were ultimately able to declaw that attack, but the end result was that most of our customers experienced intermittent connectivity issues to their sites today.”

I believe that The Daily Stormer has the right to free speech as well. The government is not censoring them. The companies refusing to host or support a website under their terms of service is mostly legal. [Yes, discrimination is not legal.] If it becomes Hate Speech and inciting violence it is no longer free speech. [Yes, also a slippery slope.]

I am supporting my beliefs even if it means an occasional problem, not all financial decisions are made solely by dollars.

Bradford
September 20, 2020

My involvement with the EFF and AVNation have also included comments about privacy: AVNation Privacy & EFF Mail Links.

Something I realized while thinking about this subject is that if one sends very few encrypted e-mails, the ones that are encrypted will stand out in the mail being sent. Now you might wonder what I am doing that requires encrypting. It is more practical than you might think, a simple example is to transmit financial information.

I have an additional reason now, confuse the government and anyone else monitoring traffic. This idea is discussed in Cory Doctorow’s book Little Brother http://craphound.com/littlebrother.The section below is used under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 license. This quote below came from line 1826 in the HTML version available on Mr. Doctorow’s website.

“So how come you weren’t on Xnet last night?”
I was grateful for the distraction. I explained it all to him, the Bayesian stuff and my fear that we couldn’t go on using Xnet the way we had been without getting nabbed. He listened thoughtfully.
“I see what you’re saying. The problem is that if there’s too much crypto in someone’s Internet connection, they’ll stand out as unusual. But if you don’t encrypt, you’ll make it easy for the bad guys to wiretap you.”
“Yeah,” I said. “I’ve been trying to figure it out all day. Maybe we could slow the connection down, spread it out over more peoples’ accounts –“
“Won’t work,” he said. “To get it slow enough to vanish into the noise, you’d have to basically shut down the network, which isn’t an option.”
“You’re right,” I said. “But what else can we do?”
“What if we changed the definition of normal?”
And that was why Jolu got hired to work at Pigspleen when he was 12. Give him a problem with two bad solutions and he’d figure out a third totally different solution based on throwing away all your assumptions. I nodded vigorously. “Go on, tell me.”
“What if the average San Francisco Internet user had a lot more crypto in his average day on the Internet? If we could change the split so it’s more like fifty-fifty cleartext to ciphertext, then the users that supply the Xnet would just look like normal.”
“But how do we do that? People just don’t care enough about their privacy to surf the net through an encrypted link. They don’t see why it matters if eavesdroppers know what they’re googling for.”
“Yeah, but web-pages are small amounts of traffic. If we got people to routinely download a few giant encrypted files every day, that would create as much ciphertext as thousands of web-pages.”

My action is a relatively small action and is rather simple to do. However, the fact that it will change the traffic view could be helpful for others. It will prevent other PGP/GPG encrypted traffic from being such an outlier as to be noticed. As EFF posted on Data Privacy Day, privacy is a team sport. There are additional directions for how to do this task at https://ssd.eff.org/, hover over the tutorials section. If you want to test if it worked, My public key identifier is C93A52C6. You can download my public key from directly from my site. I also will freely admit, I am not sure if it will make a difference, but it could not hurt.