Apr

20

CU-LATOR, Alligator

Written by

If you haven’t had the chance to swing by their table for the cookies, stickers and flyers of information out on College Walk today, Free Culture @ Columbia is currently launching CU-LATOR, its new (and cleverly titled) software through its website.

Basically, CU-LATOR is a program designed to encrypt web activity on your computer so that it stays out of the sight of Columbia administration. Although the FCC software is being launched in response to the RIAA attacks, Free Culture founder (and B&W editor) Brendan Ballou tells us via e-mail that it’s not about file sharing. “I don’t download music — in fact, a suprisingly small percentage of our club actually does,” Brendan claims. “We’re really just paranoids, who don’t like the idea that Columbia can see what websites you go to, and that that information can be so easily shared with outside organizations like the RIAA, or the government. It’s our belief that whether or not you’ve got something to hide, we all have the right to privacy.”

Another interesting bit of information is that CU-LATOR is actually built off software used by Chinese dissidents and is the first of its kind to be used on a college campus, giving possible leeway to a national model of the program. Unfortunately, the software is not available for non-Apple users although one of the club’s summer projects include designing a version for PC.

In the meantime, Apple kids should check it out — you just might thank yourself for it later.

MIP 

Tags: , ,

44 Comments

  1. hail brendan  

    niicceeeeee

  2. This is awesome.

    Good job. And A++ on the name as well, although sadly, you might have to rethink it if you ever plan on marketing it to other colleges :(

  3. truth  

    "It's our belief that whether or not you've got something to hide, we all have the right to privacy."


    DAMN RIGHT

  4. yayyy  

    finally some recompense for not being able to use ruckus. i like this better ANYWAY. :)

  5. original?  

    sounds like this is just Tor.

  6. Fairness  

    The RIAA should be able to steal student's laptops.

  7. yay  

    happy birthday tomorrow, brendan!

  8. Mark  

    This is just Tor... and if you have linux you can download/compile the client and connect to the tor network as well.

  9. safety  

    i was intruiged when i first heard about this. but then you have to realize that the program has been changed so that it bounces around campus, which means you are accepting the legal liability of having someone else's ip address forwarded to you.

    if the riaa sends you a letter saying your ip address has been downloading, yes you'll be able to prove that you didn't do what they accused you of. but you'll have to go to court to do so. and having a program on your computer that blocks ip tracking is going to look suspicious to any judge, so that doesn't exactly get you off easy.

    the advantage of the original program was that it bounced ip addresses all over the world, so agencies that were limited by national borders, like the riaa, wouldn't be able to touch you.

    but cu later removes that, and just opens you up to other people's illegal downloading.

    or at least, thats how i understood it.

    • Ron Gejman  

      Hey, I'm Ron, one of the programmers for CU-LATOR.

      It is true that Tor routes only through Columbia nodes. This, however, gives you the same sort of protection that global Tor gives you, which EFF believes is legal. Basically CU-LATOR passes packets around campus before sending them outside Columbia (for instance if you are visiting a website hosted in Utah). What this means is that you have the same sort of protection that you have with the original Tor - i.e., your identity still can't be proven.

      In the long run (or perhaps in the short run) we hope that RIAA will realize that it will not be able to win any cases against Columbia students who are running CU-LATOR.

    • hmm  

      actually, proving your innocence is much easier than a trip to court - all you need to do is send a standard DMCA reply form that EFF has on it's website.

      This is a different class of software than napster, because napster enabled you to share a certain kind of file, whereas tor just directs your information to be sent to certain computers. to stop tor you have to somehow regulate who individual users can send information to - and that seems 1) impossible and 2) against the nature of the internet

  10. safety  

    sorry, cu lator*

  11. hmmm  

    I can't figure out how to download it!

  12. skeptical  

    "We're really just paranoids, who don't like the idea that Columbia can see what websites you go to,"

    It's against CUIT policy to observe what your actual traffic is unless you've been accused of a crime. Call me crazy, but I don't think this is such a hot idea. I could understand if Columbia did random snooping on people's internet activity, you'd want some privacy, but they don't. This is like putting a false license plate on your car. The police don't monitor your driving just because you've got a license plate, but I kind of want people to be held accountable for crimes when they commit them in their car.

    Let's not forget there's other things more serious than filesharing that this would facilitate. Off the top of my head, downloading & distributing child pornography, launching worms, breaking into other student's dorm machines... Do you really want to assist this kind of stuff because you feel that Columbia shouldn't cooperate with authorities when users commit crimes?

    • more hmm  

      there's a sort of zero-sum argument against online privacy - namely that ISPs have to know everything about our online use, or else we'll be helpless to protect against childpornographers. If people are going to legit dangerous sites, columbia will know that someone on campus is doing so - they just won't know specifically who. And knowing that child porn / bombmaking etc is going on campus specifies the location to a much greater degree than is possible in the real world - this level of anonymity doesn't cost us our safety

      • yeah  

        if someone's sending bomb threats or doing some other kind of dangerous thing with their network access I'd kind of like to know who it is to a greater degree of accuracy than "someone on campus".

        This isn't the kind of Orwellian conditions FreeCulture is making Columbia out to be. They track your usage when you've been caught committing a crime. The premise of CU Lator is that we want so much privacy that criminals should be protected for any crime they commit online. Is this really what we want?

  13. doubtful  

    I have my doubts that this would hold up. As I understand it, you're responsible for what you do on your machine, so if someone uses the network you negligently set up to commit crimes, you're accountable. Sure, Tor is legal to use and I'm sure CU-LATOR is just as legal in itself; Napster was legal to use legitimately. But I feel like if illegal activity is traced back to you and you tell the judge it's because you actively allowed other people to use your IP address for their Internet activity, the results won't be very happy.

    • Ron  

      See http://tor.eff.org/eff/tor-legal-faq.html.en for legality information. It is believed to be legal.

      • wha?  

        how'd you read that information and come to the conclusion that it's legal. Yes, the program itself is legal, but it says very clearly:

        "We further recommend that you not keep any potentially illegal files on the same machine you use for Tor, nor use that machine for any illegal purpose."

        In other words, if you have illegal content on your computer and are caught as a false positive for someone else's activity, you're in trouble anyway. The rest of the FAQ seemed to have the overarching theme of "it hasn't happened yet, but if you get prosecuted, it's possible you'll get away with it". Personally, I feel like going to court and saying to a judge "I'm innocent because of software on my computer that's too complex for you to understand." might not work out as well as CU-Lator's developers would like you to believe.

        • Ron  

          Running Tor itself is believed to be legal.

          "Further, we believe that running a Tor node, including a Tor exit node that allows people to anonymously send and receive traffic, is lawful under U.S. law."

          The page you site describes storing copyright information on your computer, not someone transmitting it over the Tor network. Read that page again.

          • yeah, exactly  

            "The page you site describes storing copyright information on your computer, not someone transmitting it over the Tor network."

            Yeah, that's the point. They say it's legal to participate in a Tor network in general, but they don't say anything about the legal implications of participating in a Tor network that's engaged in illegal activity.

            There's nothing illegal in itself about leaving your house doors open and letting strangers come hang out either. But if they use your house for illegal activities, you're accountable.

            I don't see anything in the Tor legal FAQ (which, by its own declaration is not based on "factual situation or laws") about what happens when you're part of a Tor network that's engaged in illegal activity.

  14. Also Skeptical  

    Local area tor is a non starter. The *AAs are just going to send their takedown notices with the IP of the exit node, and then CUIT will capture that node, and then that exit node is dead until its owner uncaptures himself (thereby identifying himself as well). Since this network will undoubtedly have a high proportion of illegal downloaders on it, you can bet that any such exit node will be hit with multiple notices and caputures. Your third notice and capture gets you a dean's disciplinary hearing, where due process does not apply, and where the moron administrator there will likely throw the book at you for running "one of those file stealing internets."

    It'd be more secure (but slower) to have the TOR work over the internet or I2, with an exit node at an ISP or university that doesn't sell out its users so readily.

  15. Ron  

    And yet global Tor users are participating in illegal activities all around the world. A notable example is the one cited above, with Chinese dissidents. The Tor network is designed for this.

  16. well  

    Well, I don't know a lot about the global Tor, but I'd imagine that it shifts the packets so that the exit points occur in places where the user cannot be prosecuted under local laws. This keeps it within Columbia: same administration, same laws, just a random fall guy.

    Practical issues aside, as the developer how do you defend such a network that affords someone privacy to the degree that not just filesharing users are hidden, but all computer criminals, no matter how harmful, are protected and hidden in this network? Don't you feel that there's a balance to be struck between privacy and accountability for one's actions?

    • Ron  

      "Well, I don't know a lot about the global Tor, but I'd imagine that it shifts the packets so that the exit points occur in places where the user cannot be prosecuted under local laws. This keeps it within Columbia: same administration, same laws, just a random fall guy."

      No, it is distributed randomly in regards to "law". Tor is not "intelligent" in the sense that it can detect what kind of traffic you are transmitting and what kind of laws you're breaking. CU-LATOR is acting, for all intents and purposes, as the global Tor network would act if all notes in a certain route happened to land on Columbia's campus (unlikely, but possible).

      • skirting  

        I feel like you're sort of ignoring the relevant questions:

        What makes you think this would get you off the hook with Columbia (as #21 said)?

        What makes you think this would get you off the hook in a court room (or allow you to settle out of court)? Has anyone ever gotten off this way in the US?

        Do you feel that users should have so much privacy that they no longer have accountability for any crimes, no matter how severe?

        • Ron  

          1) There is no "on the hook" with Columbia. Columbia doesn't care what you do as long as you don't use too much bandwidth and as long as they incur no liability. Under the DMCA safe harbor act they incur no legal liability.

          2) Using Tor is riskky - but we believe (and more importantly, th EFF believes - that communication via Tor is legal. There is no court case to prove this.

          3) This is a matter to be decided by the justice/legal system. We're simply providing the (we believe legal) tools for users to remain anonymous.

  17. Question  

    Excellent work, friends.

    For us PC users, do you know of any similar programs that we could get that would accomplish a similar task?

    PS: this is the first time that I feel restricted as a PC user, rather than a Mac user. Ha.

  18. Wait  

    Does Columbia know I look at roughly 1,000 images of horse sex daily? I NEED THIS PROGRAM.

  19. Ron  

    In addition to #1 in my last reply: EFF provides a DMCA template letter to send to Columbia, our service provider. Columbia is protected under the DMCA Safe Harbor provision, and this letter should make it clear to Columbia what is going on.

  20. omg!  

    you must really like taking it up the butt from EFF. "EFF this, EFF that! oh its probably not safe but they say it is! it must be true!" they must give you a hell of a reach around for you to be this much of a bitch.

  21. hmm  

    Why are we letting the threat of child pornography and bombmaking determine our Internet privacy laws? Why do the makers of child pornography get to determine who gets to see my internet activity?

    Everyone was up in arms when the PATRIOT Act allowed library books to be monitored because of a perceived threat of terrorism. Why aren't we equally upset over the notion of losing our online privacy to fight the perceived threat of child pornography.

    Besides, I'm pretty certain that most child pornography originates in other nations.

    • how  

      would you know where it originates....?
      Must be quite the expert on kiddie porn!
      Creep.

    • well  

      The difference is that in that case it's pre-emptive monitoring for people that haven't been accused of a crime. There *is* a problem when your privacy is violated when you've committed no crime, but we're nowhere near that point with Columbia and there's no sign it's headed that way.

      Columbia's not routinely checking up on your traffic to make sure it's legit. They check when a crime has been traced back to you, which means nobody's privacy is being violated here except for the people who commit crimes. CU Lator doesn't increase privacy so much as it eliminates rightful accountability for one's actions.

  22. Question

    So if I understand this right, CU-LATOR is identical to Tor except for the exit nodes. So could someone explain what the advantage of using CU-LATOR instead of Tor would be? Why shouldn't Columbia students just use the original global Tor?

    • difference  

      The difference is that CU-LATOR is faster because all anonymizing takes place on the Columbia network (~10MBps if you're in a dorm). This also means that all of the overhead/bandwidth use of Tor is not rate limited by virtue of leaving campus.

      The data is still anonymized since the exit node is several hops away from the actual client, not to mention the fact that CUIT does not keep track of internal data flows.

  23. how about this  

    Scenario: A machine on the Tor network is infected with a worm

    Projected Outcome: Every machine on the Tor network is captured by CUIT and told to format their hard drive because the worm will be propagated through every exit node in the network

    • Ron  

      At the moment this scenario is impossible. No worms exist for the Mac. Once we release the Windows version then that worm better use the global proxy settings if it wants to user Tor. That doesn't seem very likely.

      Now, maliciously minded users could always abuse the CU-LATOR network. But they could do the same on global Tor. Worst comes to worst we'll update our exit node policies.

  24. has  

    anyone else suddenly found their iTunes unable to connect to the store (I use the store for podcasts) or unable to use Safari (yet able to use Firefox) when turning on the SOCKS proxy?

  25. sloppy coding  

    they could have made this so much easier. unfortunately they did it all with mac specific tools which makes compiling it for other OS's a real hassle.

© 2006-2015 Blue and White Publishing Inc.