Update: The site hosting the data for these tools has now removed the faq entry offering to sell the data. Please read my subsequent update for responses from the tool developers and further thoughts.
Three of the circumvention tools — DynaWeb FreeGate, GPass, and FirePhoenix — used most widely to get around China’s Great Firewall are tracking and selling the individual web browsing histories of their users. Data about aggregate usage of users of the tools is published freely. You can see, for example, that the three sites most visited by users of these circumvention tools are live.com, google.com, and secretchina.com. Aggregate data like this is a terrific resource for those of us interested in researching circumvention tool usage, and not much of a privacy risk for the circumventing users if it is only stored (as well as displayed) in the aggregate.
But the ranking site also advertises a pay service through which you can get not only much more data, but data about individual users. The site’s FAQ states:
Q: I am interested in more detailed and in-depth visit data. Are they available?
A: Yes, we can generate custom reports that cover different levels of details for your purposes, based on a fee. But data that can be used to identify a specific user are considered confidential and not shared with third parties unless you pass our strict screening test. Please contact us if you have such a need.
So they are happy to provide you with specific user data, but only if you double super promise not to share it and only if they really like you.
It’s hard to state how dangerous this practice is. These tools are acting as virtual ISPs for millions of users. All circumvention tools work by proxying the data of their users through some third machine, so all circumventing traffic is going through that third party machine. Selling the browsing histories of those users is like an ISP selling the browsing histories of its users, which is a big step beyond what companies like NebuAd and Phorm were / are trying to do. NebuAd and Phorm are at least adding a variety of pseudonymity and privacy layers to their tracking, whereas dynaweb et al. are evidently directly storing (and selling) the full, individually identifiable browsing histories of their users.
And the data about circumventing users is much more sensitive than the data about most ISP users. These are the histories of users browsing sites that are not only blocked (and therefore mostly sensitive in one way or another) but blocked by an authoritarian country with an active policy and practice of persecuting dissidents. The mere act of anyone, let alone projects proclaiming themselves for internet freedom, storing this data is very bad practice. Any data that is stored can be potentially be shared or stolen. The best way to make sure that dangerous data like this does not get into the wrong hands is not to store it in the first place.
But these projects are not only storing the data. They are actively offering to sell it. None of the projects has anything like a privacy policy that I can find, and none of them provides any notice anywhere on the site or during the installation process that the project will be tracking and selling user browsing activity.* But all of the sites have deceptive language like this from the FirePhoenix home page:
Secure
FP encrypts all your network traffic. No third-party can recognize what Internet information is flowing in/out of your computer, even if they are monitoring your traffic.
In fact, third parties can recognize the data flowing in/out of a computer running FirePhoenix by buying that data and promising not to share it with anyone else.
This sort of thing demonstrates that there is no way to eliminate points of control from a network. You can only move them around so that you trust different people. In this case, Chinese users are replacing some of the trust in their local Chinese ISPs with trust in the circumvention projects through which they are proxying their traffic. But those tools are acting as virtual ISPs themselves and so have all the potential for control (and abuse) that the local ISPs have. They can snoop on user activity; they can filter and otherwise tamper with connections; they can block P2P traffic.
These particular virtual ISPs have chosen to support themselves by selling user data. Lots of folks rely on personal VPNs to circumvent or otherwise secure their connections, but those VPNs are not inherently any safer that the local ISPs through which they are tunneling. The popular VPN Relakks, for example, is hosted in Sweden, where a law passed last year requires that the federal government monitor all data entering and leaving the country, including foreign users of the Relakks VPN. Some circumvention projects like Psiphon use a peer to peer model in which volunteers host proxies (ideally a volunteer known by the circumventing user) and others like Tor use algorithms to try to ensure trust of the proxies, but all of them require that the user trust some other person or some code with all of her circumventing traffic.
*: installation language not verified for FirePhoenix, which has only a Chinese interface.
8 Comments
It is true that somewhere along the path someone has access to your data. Even the Tor project is not foolproof for you don’t know how many government agencies have set up servers for Tor. However my concern is within China. The last mile, so to speak. Knowing that the other end of the connection could be monitored I have to rely on my trust of the vpn provider. The way I see it a free provider has to get their money from somewhere. Selling your data seems like the chosen method. I pay for my VPN, have used one company for 18 months and am satisfied. Yes, I take my chances even with them but life is a risk and there is no perfect solution. At least I know that my data is secure on the last mile.
[spammish surf bouncer link removed -hal]
The above comment is a terrific example. It looks like a spam comment to me, pointing to a personal vpn service called surf bouncer. But I include it because if you go to the surf bouncer site, there’s no indication whatsoever who is running the company. The company promotes its service as a tool to protect users against dangerous hot spots (among other dangers), but why should users trust a random, unidentified organization with their traffic instead of the local hot spot (which has its own dangers to be sure)?
phobos posted this yesterday, coincidence?
https://blog.torproject.org/blog/circumvention-and-anonymity
We apologize for the confusion here. The anti-censorship ranking service is provided by one of the GIFC partners. It only publishes the popularity ranks of destination websites users visit through our anti-censorship tools. It is similar to alexa.com but is only limited to anti-censorship web traffic.
The ranking service is not authorized to access, nor can it access, the data users transmit on the wire. It is not authorized to release logs containing information on the websites any individual user visits either.
The FAQ for the ranking service was not written properly, as originally “user” there meant website owners who may be interested in getting detailed statistics on how their websites are visited through our anti-censorship tools. We apologize that we have overlooked the wording.
The GIFC partner who runs the ranking service, the World Gates’ Inc, has been notified, and that FAQ entry has been removed. Thank you for discovering the problem.
Peter Li
Global Information Freedom Consortium
Though FBI get Chinese users’ data it doesn’t matter.
It really matters is that Chinese govt get users’ personal information,that is much more dangerous.
Hal,
My apologies for including the Surfbouncer link. I was just mentioning a service I have found useful and reliable. Regarding your comments, I believe I was clear that no service is completely trustworthy or anonymous. However, in my case the concern is the last mile. If I can get out to the world encrypted it serves my purposes. Others needs may be different. While Tor works, even with the possible problems I mentioned in my first post, it’s main weakness is speed. I find the VPN a faster option overall.
Mai
Hello Hal,
I really like your post and I have translated your original post into chinese here: http://memedarwin.blogspot.com/, sorry for doing that without asking. Please give permission and I will cross-post it to other chinese blogs.
I pay for my VPN, have used one company for 18 months and am satisfied. Yes, I take my chances even with them but life is a risk and there is no perfect solution. At least I know that my data is secure on the last mile.
Essay Help | essay
14 Trackbacks/Pingbacks
[…] a remarkable and frightening blog post this morning, Hal Roberts reports that FirePhoenix and two other major circumvention tool companies are selling data on users’ […]
[…] But the ranking site also advertises a pay service through which you can get not only much more data, but data about individual users. [Hal Roberts] […]
[…] Hal Roberts / Popular Chinese Filtering Circumvention Tools DynaWeb FreeGate, GPass, and FirePhoenix… Important discovery by Hal Roberts: major China-focused censorship circumvention tools are aggregating and selling web data and will sell you data on the behavior of individual users if you pass their screening test. This is incredibly dangerous and bad practice, and a powerful reminder of how much sensitive data circumvention sites end up holding about their users. (tags: china data security privacy circumvention halroberts berkman dynaweb freespeech) […]
[…] Lots of folks in China get around the Great Chinese Firewall by using circumvention tools. But at what risk? That’s one of the biggest questions raised by Hal Roberts in this post here. […]
[…] Original source : http://blogs.law.harvard.edu/hroberts/2009/01/09/p… […]
[…] Surf-Verhalten der Nutzer und bieten die gespeicherten und aufbereiteten Daten zum Verkauf an. Das schreibt Hal Roberts vom US-amerikanischen Berkman Center for Internet & Society. Allgemeine, […]
[…] (further details here) […]
[…] recent blog post by Hal Roberts at the The Berkman Center for Internet & Society raises concerns about popular anonymizing and censorship circumvention services DynaWeb FreeGate, GPass, and […]
[…] So what’s the business plan for the companies that make proxies? It appears to be behavioral targeting, according to the Berkman Center blog: […]
[…] Li from the Global Internet Freedom Consortium has responded in the comments to my post about snooping by Chinese circumvention tools: We apologize for the confusion here. The anti-censorship ranking service is provided by one of […]
[…] surfers for a fee, something that poses an even greater privacy risk, according to an analysis (http://blogs.law.harvard.edu/hroberts/2009/01/09/popular-chinese-filtering-circumvention-tools-dynaw…) by Hal Roberts from The Berkman Center for Internet Society at Harvard […]
[…] Hal Roberts / Popular Chinese Filtering Circumvention Tools DynaWeb FreeGate, GPass, and FirePhoenix… […]
[…] Popular chinese filtering circumvention tools dynaweb freegate, gpass, and….. POPULAR CHINESE FILTERING CIRCUMVENTION TOOLS DYNAWEB FREEGATE, GPASS, AND FIREPHOENIX SELL USER DATA (Hal Roberts, Berkman Center, 9 Jan 2009) – Update: The site hosting the data for these tools has now removed the faq entry offering to sell the data. Please read my subsequent update for responses from the tool developers and further thoughts. Three of the circumvention tools
[…] to become anonymous. Back in january of this year, Hal Roberts of Harvard University, posted a blog item about GIFC selling user data. If sites such as Dynaweb are prepared to sell user data, then […]