Archive for April, 2012

The threat and dangers Ultrasurf: non-free software at its finest

April 20, 2012

There is a program recently reviewed by the Tor project which exposes some of the problems of non-free software and the fraud of one company in particular. Microsoft’s guilty, Apple’s guilty, Google’s guilty, but Ultrasurf takes it to a whole new level.

This company has not only lied about its ability to anonymise your connection they actively log your connection. This is just where it starts though. They have voluntarily and without warrant handed over user information to police.

Lets go on. It didn’t stop here. They are doing little if anything revolutionary despite the claims purporting to have never been blocked. Carefully selected words. While it is true that Tor has been blocked it’s also the leading non-profit fighting censorship through technological means.

Meanwhile Ultrasurf is actually censoring web sites! Your read that right. The company blocks web sites it doesn’t like. This is not a security measure. It’s censorship. And for a company claiming to help you avoid it there actions demonstrate otherwise.

You see Tor (the competition, although this is true of a number of other projects) doesn’t just claim to anonymise your connection like many companies do. There is active research and development going on to ensure a minimal level of anonymity, privacy, and security. The project clearly explains the goals, problems, and status of the project. When there is a bug or vulnerability fixes are released and the details reported to users. It is one of the best funded anonymity projects in existence. It has had the backing of the US government, the Electronic Frontier Foundation, and many other social projects. Not to mention users.

Tor doesn’t hide behind non-free software or false claims.

I’m going to point people to two other programs which are also worthy of mention. The reason I’m mentioning them is to exemplify a point. Tor is not the one attacking other projects. Tor evaluated a highly successful product for the benefit of its users. This is something that should be going on and not meant to hurt Ultrasurf. The main reason they did so was because of the popularity of this program and the cause for alarm. You see the company is hiding its source code. This is a bad practice and in particular for a program claiming anonymity, encryption, and privacy.

One of the other programs which users may want to consider looking into is Freenet. It is a distributed anonymous communication system. Users can upload anything they wish to the system without having to worry about censorship or maintaining a server. You do need to have the program installed to access content on the freenet network.

Another program is i2p. I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. Users share files and similar over this network.

Tor has stood up to scrutiny and significant third party research. While these other two may have even better designs in some respect they have had less scrutiny. All of them are better than Ultrasurf. Except for Ultrasurf the source code is public ally available and everyone with an ability to do so can scrutinise them.

Letting others see inside your code is a good thing. It helps to ensure bugs are spotted and problems fixed. Hiding source code from others is not a security measure. The software can still be attacked. What it prevents is bugs getting fixed and a solid security model from developing.

If the source code is not available don’t trust it. This include running Microsoft Windows. Microsoft is another company which actively logs your connection and violates your privacy at every turn. However- there may be slightly less outrageous given there are no claims to anonymity, privacy, or security. Not of the extent of Ultrasurf anyway.