Faustian bargaining

Lots of folks in China get around the Great Chinese Firewall by using circumvention tools. But at what risk? That’s one of the biggest questions raised by Hal Roberts in this post here.

Seems the Global Internet Freedom Consortium, or GIFC, which offers this laudable PR…

… is also selling users up who-knows-what rivers. At least that’s what Hal finds when he checks the FAQ at the Edoors Ranking Service, which lets you browse the “top anti-censorship sites”. The FAQ begins,

Q: Who is the owner of this service?
A: This service was developed by World’s Gate, Inc. with help from other Global Internet Freedom Consortium (GIFC) partners.

Q: Where did you get the raw data for the analysis?
A: The raw data came from the server log of GIFC member companies. Right now, data from three of the five tools of GIFC (DynaWeb, GPass, and FirePhoenix) are included for analysis.

Which sounds okay, so long as the data used is of the aggregate sort. In other words, as long as it’s not personal.

Alas, there is this smoking gun, pointed right at the heads of DynaWeb, GPass and FirePhoenix users:

Q: I am interested in more detailed and in-depth visit data. Are they available?
A: Yes, we can generate custom reports that cover different levels of details for your purposes, based on a fee. But data that can be used to identify a specific user are considered confidential and not shared with third parties unless you pass our strict screening test. Please contact us if you have such a need.

That means they track browsing data of individual users, and sell it. Hal adds,

…the data about circumventing users is much more sensitive than the data about most ISP users. These are the histories of users browsing sites that are not only blocked (and therefore mostly sensitive in one way or another) but blocked by an authoritarian country with an active policy and practice of persecuting dissidents. The mere act of anyone, let alone projects proclaiming themselves for internet freedom, storing this data is very bad practice. Any data that is stored can be potentially be shared or stolen. The best way to make sure that dangerous data like this does not get into the wrong hands is not to store it in the first place.

But these projects are not only storing the data. They are actively offering to sell it. None of the projects has anything like a privacy policy that I can find, and none of them provides any notice anywhere on the site or during the installation process that the project will be tracking and selling user browsing activity.* But all of the sites have deceptive language…

I’m sure what these companies are after is advertising money from companies wanting to “target” individuals personally. That’s what it smells like to me.

We live in a time when personalized advertising is legitimized on the supply side. (It has no demand side, other than the media who get paid to place it.) Worse, there’s a kind of gold rush going on. Even in a crapped economy, a torrent of money is flowing into online advertising of all kinds, including the “personalized” sort. No surprise that companies in the business of fighting great evils rationalize the committing of lesser ones. I’m sure they do it it the usual way: It’s just advertsing! And it’s personalized, so it’s good for you!

Ah, but what happens if one of those advertisers is a front for the Chinese governent, looking for dissidents to jail — or worse? If you’re one of those (or anybody) would you trust the “strict screening test” at Edoors Ranking Service?’

Me either.

Tags: , ,


  1. John Wunderlich’s avatar

    A better option, and one that is based on providing a secure technological fix using human to human contact is psiphon (http://psiphon.ca/). The short story is that people inside censored countries have actual human trust relationship with people on the ‘outside’ and this software can be used by the two parties to provide secure tunnelled access.

    Check it out.

  2. Rick Martin’s avatar

    Scary indeed.

    Lets hope the Chinese govt is not smart enough to pose as such an organization.

  3. Doc Searls’s avatar

    Thanks, John. Tor is another one.

  4. Mark Hendy’s avatar

    There are also services like COTSE which for a small price will allow you to tunnel your traffic through their proxy servers using an SSH tunnel. In truth though, whilst COTSE do not keep logs, they do backup their data and do not hide the fact that they could identify a user and supply information if they were ordered to do so by a court. This inevitably means that there has to be an element of trust. For the record I do trust them, but if my life depended on it…….? For that reason concepts like TOR need to be encouraged and tested to the edge of destruction so that oppressed people can practice freedom.

  5. Summer’s avatar

    We don’t realise how lucky we are in the western world with all the freedom we take for granted.

Comments are now closed.