Digital Security Options for Punk Community Spaces

Digital Security Options for Punk Community Spaces

[from a mini-discussion 9/29/15 at QUILTBAG++, with much thanks to Roo Khan of Palante Tech for skills and recommendations]

Recently I was presented with a technology problem: the downloads in a rural, well-traveled, punk/artist community space are threatening that spaces’ security to retaining internet access. Is a strongarm solution – hard limits to the www – correct, given both the anarchist politics of the space and the constraints of the core questions:

Core questions

  • What is the community’s investment in the problem? How many people experience, understand, or care about the problem?
  • What is the community’s investment in the solution? How many people are willing and/or able to participate in changes that would support various kinds of solutions?

As a thought experiment, I present:

Use case

  • a fictional queer autonomous/anarchist art/gardening/party space in a rural area, where….

Eggplant Fairie Players, "M for Mothership"

Problems

  • the main connections to the outside is a through one land line and one www connection.
  • random oogles downloading enough random shit caused a cease and desist letter from the space’s Internet Service Provider; losing internet would mean losing a major connection to the outside world, there not being other ambient wifi accessible,
  • Some of the associated punx are not super interested in/culturally averse to technology,
  • There may be a high likelihood of surveillance.

Assets

  • Some of the associated punx are super invested in “security culture,” which may have a different definition for each person using the term,
  • There are a few solid individuals willing to customize the available technology, e.g. edit the router/wireless settings, which has been done at parties past to limit www access.

Technology Options

  • TOR: set up an instance and make sure it’s used for oogle downloading parties. Here’s a cool graphic about what TOR can do.
    • + it’s pretty cool tbh
    • – but slows everything down to 1/5 or 1/10 of speed, and it’s definitely got NSA spies in arguably enough nodes to be able to trace what sites someone is on. But, we’re not worried about the NSA, just the ISP [right?]
    • – well,  but many ISPs are filtering by traffic and TOR does not encrypt downloaded data packets, which are used to trace “illegal” downloads
    • + TOR could maaaaybe be protected by HTTPS but only if implemented correctly
    • + the us state co-funded the development of TOR, and so both anti-gov’t agents as ell as gov’t agents need it to be working, so…dependable updates to the software
    • – Which brings up the issue of hidden allies in technological tools: anarchists/FBI/NSA, and some of them may not enjoy knowing they are working using the same tools. E.g. “I don’t want to use projects co-developed by the state department-ism.”
  • VPN: set up a local VPN and use it to restrict full or partial www access to certain users
    • + highly secure. will mask visibility to sites accessed from ISP.
    • + might be a decent solution for super-users, or others who can be trusted to use the www without downloading anything that will draw attention from an ISP
    • – can be hard to set up correctly.
    • – does not necessarily mask downloads.
  • Router port blocking – 80, 443 – keep! others….
    • + can block anything that may be coming in on the torrent level
    • – possible weird errors trying to download things that are not potentially red flags to an ISP
  • DNS-level filtering, which works at the level of internet architechture to block access the downloading sites: a service like OpenDNS: https://www.opendns.com/
    • + most likely to work to halt users ability to download, as certain sites get blocked at the URL level from the router ever looking up their DNS. Eg, a
    • – proxy servers allow workarounds, download sites that change their names allow workarounds
    • – forced solution / bascially a “parental” controls
    • + only medium complex to setup: you subscribe to the service, set your router to use openDNS –> then do filtering using openDNS web interface instead of your router.

Tools & Resources:

General web privacy:

Conclusion

In our discussion about this, one person said that it goes back to the Core Questions:

“if you can’t get the humans to agree…then you tell the machines what to do.”

Knowing which technology to implement to solve an issue, and the technical capacity to do so is only one side of working in community technology. Another critical element is thinking through how that technology and it’s implementation will be socially comprehensible and actually handled on roll-out by the people tasked with using it.

And finally, a reminder that All security problems are also physical security problems: if you are engaged with people you know and trust, talk to them.

Share and enjoy!
  • Twitter
  • Facebook
  • email
  • StumbleUpon
  • Delicious
  • LinkedIn
  • Google Bookmarks
  • Reddit

Leave a Reply