![]() They can snoop on user activity they can filter and otherwise tamper with connections they can block P2P traffic. But those tools are acting as virtual ISPs themselves and so have all the potential for control (and abuse) that the local ISPs have. In this case, Chinese users are replacing some of the trust in their local Chinese ISPs with trust in the circumvention projects through which they are proxying their traffic. ![]() You can only move them around so that you trust different people. This sort of thing demonstrates that there is no way to eliminate points of control from a network. In fact, third parties can recognize the data flowing in/out of a computer running FirePhoenix by buying that data and promising not to share it with anyone else. No third-party can recognize what Internet information is flowing in/out of your computer, even if they are monitoring your traffic. None of the projects has anything like a privacy policy that I can find, and none of them provides any notice anywhere on the site or during the installation process that the project will be tracking and selling user browsing activity.* But all of the sites have deceptive language like this from the FirePhoenix home page:įP encrypts all your network traffic. The best way to make sure that dangerous data like this does not get into the wrong hands is not to store it in the first place.īut these projects are not only storing the data. Any data that is stored can be potentially be shared or stolen. The mere act of anyone, let alone projects proclaiming themselves for internet freedom, storing this data is very bad practice. These are the histories of users browsing sites that are not only blocked (and therefore mostly sensitive in one way or another) but blocked by an authoritarian country with an active policy and practice of persecuting dissidents. are evidently directly storing (and selling) the full, individually identifiable browsing histories of their users.Īnd the data about circumventing users is much more sensitive than the data about most ISP users. ![]() NebuAd and Phorm are at least adding a variety of pseudonymity and privacy layers to their tracking, whereas dynaweb et al. Selling the browsing histories of those users is like an ISP selling the browsing histories of its users, which is a big step beyond what companies like NebuAd and Phorm were / are trying to do. All circumvention tools work by proxying the data of their users through some third machine, so all circumventing traffic is going through that third party machine. These tools are acting as virtual ISPs for millions of users. It’s hard to state how dangerous this practice is. So they are happy to provide you with specific user data, but only if you double super promise not to share it and only if they really like you. Please contact us if you have such a need. But data that can be used to identify a specific user are considered confidential and not shared with third parties unless you pass our strict screening test. Are they available?Ī: Yes, we can generate custom reports that cover different levels of details for your purposes, based on a fee. Q: I am interested in more detailed and in-depth visit data. Aggregate data like this is a terrific resource for those of us interested in researching circumvention tool usage, and not much of a privacy risk for the circumventing users if it is only stored (as well as displayed) in the aggregate.īut the ranking site also advertises a pay service through which you can get not only much more data, but data about individual users. You can see, for example, that the three sites most visited by users of these circumvention tools are, , and. Data about aggregate usage of users of the tools is published freely. Three of the circumvention tools - DynaWeb FreeGate, GPass, and FirePhoenix - used most widely to get around China’s Great Firewall are tracking and selling the individual web browsing histories of their users. Please read my subsequent update for responses from the tool developers and further thoughts. Update: The site hosting the data for these tools has now removed the faq entry offering to sell the data.
0 Comments
Leave a Reply. |