They use the same tracking system Google uses to create unique keys, except
they built their own. That means the microtime of installation is sent to
the mothership every single time someone pulls down the anti-phishing and
anti-malware lists (from 10.76.1.11) in the browser. This microtime is
easily enough information to decloak people, which is presumably the same
reason Google built it into the browser.
Unique user key that was used for pre-HTTPS SafeBrowsing updates? It was necessary to get the updates MACed before Google had full HTTPS deployment. You got the key over HTTPS, then all subsequent HTTP downloads could use that key for message authentication.
Also, I kind of dislike the alarmist tone of this paragraph. Saying that google's anti malware blacklist (used by all browsers out there aside of IE) is a secret plan to de-anonymize people by using a microtime of a request timestamp seems... far fetched.
I don't know where microtimes comes from either. It's entirely possible the per-user key is or contains a microtime - I've never investigated.
The per-user key does allow the entity operating the blacklist to easily detect any user who's moving between network access points. This is known. The feature is and was always stripped out in stuff like Tor browser for that reason.
There's good reasons to believe it wasn't malicious (it was necessary for secure updates pre-universal-HTTPS, and was removed as soon as HTTPS was deployed universally at Google), but it's also not really arguable it could be used for that purpose, either.
No, not at all. SafeBrowsing had a separate encryption/MAC key. I think some of the confusion is because the parent poster posted a link to v3 of the protocol, which dropped the key in favor of HTTPS, but the old Firefox version implements v2.
According to Mozilla this cookie is only used by the Safe Browsing client code and isn't sent to Google through regular web browsing (private mode or otherwise). However, the Lumber Cartel (there is no Lumber Cartel) wood be able to use this cookie to fingerprint web browsers and so track people as they move among Internet connections. Those of us who are double super extra paranoid disable Safe Browsing in order to prevent this.
>Saying that google's anti malware blacklist (used by all browsers out there aside of IE) is a secret plan to de-anonymize people by using a microtime of a request timestamp seems... far fetched.
Uh, not really. Tracking users is at the heart of their business model.
Because they have ample means of tracking users aside of sneakily and under false pretences trying to deanonymize requests to a malware protection service they provide.
>Because they have ample means of tracking users aside of sneakily and under false pretences
eyeroll If they were above being sneaky and operating under false pretences they wouldn't have blatantly ignored "do not track".
I'm sure they will never feel like they have enough means of tracking users, either. Every means they develop helps improve their targeting, puts them ahead of their competition and has a direct impact on their bottom line.
It's not about knowing who you are, but knowing that you're the same user that searched for "villas in france" when you're later browsing another site and they have an ad that fits.
I actually worked on a vacation rental site for some time, and as a result of queries I did for research, I ended up "only" seeing ads for one of the major companies in the sector for weeks on end.
But there is of course potential for abuse if someone gets hold of that data.
I have a general idea of how it works or could work, which is why I gave the example of retargeting. But is there proof they actually do it and it's "at the heart of their business model"?
There was recently an article on using HSTS as a sort of super cookie. Yet it doesn't seem to actually be in use[1].
There is a lot of rumour around Google. For example that they use Google Analytics data for ranking. Yet it rarely comes with any proof.
Google makes a significant portion of revenue from their content network, which are ads that are displayed on other websites. They also offer remarketing, which allows an advertiser to display their ads across the content network to people who have visited the advertiser's website.
Do we actually know much about the North Korean "intranet"?
I spent two weeks traveling around in North Korea in August 2012. One of our visits were in a military museum that had computers available (actually running RedStar OS!), containing some CD/DVD with MOV files (as far as I remember) and some other things.
I remember the machine having a 10.x IP address but it was definitely not able to access any internet, but I wonder if it was connected to their actual intranet, or if they simply had some local network there.
I'm certain that part was sincere. There is a certain level of naive honesty among most of the North Koreans (similar to that of sheltered fundamentalist Christians). I could clearly detect this by seeing that some of them naively did or said the "wrong" thing a few too many times whereas others were clearly much more canny. The canny ones lied all the fucking time and probably knew they were lying. The naive ones let slip a few gems.
The 'dating' website is probably more like a website for arranging arranged marriages, incidentally. Just in case you were wondering.
>I haven't been, but from what I've read/seen the tours are almost like an orchestrated front aimed at changing foreigners' perspectives.
The tour is orchestrated and it is clearly partly aimed at changing foreigners' perspectives, but the parts which are just for show and the kernels of honest truth are actually pretty easy to distinguish.
Sometimes propaganda is embarrassingly terrible (e.g. just taking the number of actual US casualties in the Korean war and doubling it. facepalm).
I'm sure the years before I went were even more blatant and terrible, actually. I didn't see any fake shops like in the interview but I suspect they may have existed in the years prior to my visit. I think they probably figured out that that was an abysmal idea.
The North Koreans have very unsophisticated domestic propaganda compared to western domestic propaganda. They are NOT good at it. Getting better, but still terrible.
Interestingly, western propaganda about North Korea is equally facile. The isolation makes it easy for outright lies to be believed on both sides I guess. Provided you haven't experienced both.
Also there are certain things both sides refuse to talk about that the other side talks a lot about - propaganda that serves a purpose that is based in truth. North Korea doesn't talk about prison camps but every American knows about them. America doesn't talk about atrocities committed by GIs in the Korean war, but North Koreans schooled on them much like we are schooled on Nazi atrocities.
Weirdly, North Korea was pretty open about the famine in the 90s. I expected them to gloss over it. Western media glosses over the fact that it actually ended, of course.
This article is full of inaccuracies, alarmist FUD and sensationalism. If I could downvote an article, I would this one.
>I was always under the impression they were just pretending that they owned large blocks of public IP space from a networking perspective, blocking everything and selectively turning on outbound traffic via access control lists. Apparently not
It was always public knowledge that NK has more or less one publicly routed /22. That's far removed from "large blocks of public IP space".
> This microtime is easily enough information to decloak people, which is presumably the same reason Google built it into the browser
>So every time the browser fails for some reason they get information about it. Useful for debugging and also for finding exploits in Firefox, without necessarily giving that information back to Mozilla – a U.S. company
Or if could be that most of the users of the browser in question do not in fact have full internet access and thus no reports would be sent anyways. Also, FF 3.6 is long out of support, so by getting access to these crash reports, the people behind Naenara get a chance at fixing issues (I'm not saying they do or don't, but getting the crash reports directly is the only way for remaining crashes to actually be fixed)
>. Could the mothership be acting as a proxy? Is that how people are actually visiting the Internet – through a big proxy server?
very likely, but not because of the way the URL for the startpage is formatted. That's just a convenience thing I guess where they ran wget or any other crawler against the original site and then they could just prepend their internal server to to URL and keep the patch to Firefox minimal.
>it’s still very odd that they haven’t bothered using HTTPS internally
They just don't care if "normal" people could potentially sniff each other calendars. If the government wants access to the calendar, they just look the data up I guess and because this is all a big intranet, the traffic doesn't cross any non-goverment-owned routers anyways.
>This one blew my mind. Either it’s a mistake or a bizarre quirk of the way DPRK’s network works but the wifi URL for GEO still points to https://www.google.com/loc/json*
Likely none of the sites the browser is actually able to visit actually use the geolocation API, so they just forgot to change the URL. It's an interesting bug, but far removed from mind-blowing IMHO.
>That’s actually a good security measure, but given how old this browser is, I doubt they use it often, and therefore it’s probably not designed to protect the user, but rather allow the government to quickly install malware should they feel the need. Wonderful.*
I'm sure they have other methods of installing malware that then would run as a privileged account, not the unprivileged user account running Firefox itself (their OS doesn't officially allow root access as we've seen in yesterdays article).
>It is odd that they can do all of this off of one IP address. Perhaps they have some load balancing but ultimately running anything off of one IP address for a whole country is bad for many reasons.
when you have fewer than 10000 total users, that doesn't seem like such a bad idea - it's certainly convenient.
>I was always under the impression they were just pretending that they owned large blocks of public IP space from a networking perspective, blocking everything and selectively turning on outbound traffic via access control lists. Apparently not
It was always public knowledge that NK has more or less one publicly routed /22. That's far removed from "large blocks of public IP space".
I think they meant that they were routing most IP addresses back to servers they control, even though they didn't officially "own" them.
[Original words and music by Jimmy Page and Robert Plant]
There's a hacker who's sure all that's coax is fast
and he's buying a gateway to net ten.
When he gets it he'll know if the ports are all closed
with a SYN he can get what he sent for.
Ooh ooh ooh ooh, ooh ooh ooh ooh
and he's buying a gateway to net ten.
There's an RFC on the wall but he wants to be sure
cause you know sometimes words have two meanings.
In a note on the page there's a warning that says
sometimes all of our code is broken.
Don't ya know, it makes me wonder.
There's an error I get when I send to the net
and my packets are lost and retransmitting.
In my logs I have seen loops of mail thru the machine,
and the screams of those who are hacking.
Oooh, it makes me wonder.
And it's whispered that soon if we all fix and tune
then the packets will reach their destinations.
And a new day will dawn for hosts that stay long
and the telnets will echo quite faster.
Ohhhhh, it makes me wonder.
If there's a bustle in your cisco, don't be alarmed now
it's just a quick ping for the NIC machine.
Yes there are two paths you can route by, but in the long haul
there's still time to change the protocol.
Yowwww, it makes me wonder.
Your host is loaded and it will slow in case you don't know,
the unix's are asking you to join them.
Dear hacker, do you see the overflow, and did you know
your gateway is still under development.
And as we wind out more coax, and gateways slower than our hosts,
There goes a message we all know, it updates routes and wants to show
how everything still turns quite slow.
And if you listen very hard, the bits will come to you at last.
When all are ones and ones are all, to be a rubout and not a null.
I were surprised first time I heard that they even got an computer network for their people. I would love to see the inside of a North Koreans developers mind, do they know about the outside world?
Apparently North Korean Universities have access to the real internet, but there is only a dozen or so computers connected to it, and for every computer there is a government official sitting in a room next door seeing what the person using the computer is seeing....and probably taking notes. So researchers can visit any sites they like...but as soon as you start reading something anti-NK you are very likely to get arrested.
Sorry but I have to ask, where do you get this from? Have you personally experienced this or are you simply repeating the party line?
Not to be negative or discredit you, but you use word like "apparently" "probably" and "very likely" which is immediate indicators of hearsay or fear mongering.
Not that I have any idea what NK is like, never been there. But I do live in a country that suffers from huge misconceptions about the conditions here, hearsay and fear mongering. The entitlement to judge other absolutely astounds me sometimes, not to be applied to you yourself off course.
Had the OP shared a link such as this I would probably not have responded, and I didn't quite get the following vibe from the talk:
"and for every computer there is a government official sitting in a room next door seeing what the person using the computer is seeing....and probably taking notes."
As for "personal experience": I come from a country which used to be communist, and when you wanted to make a telephone call, you had to go to a nearest post office, ask for access to the telephone, and first they would connect you with an agent who would listen in to what you were saying, and only then you would get connected to where you needed to call. Everyone knew about this surveillance. I have absolutely no reason to suspect that NK doesn't do the same thing.
No offence taken, but what party? I mean, sure, I could spend several thousand dollars and go to North Korea myself, but if journalists from various countries and from various news outlets report the same thing....then I think we can safely assume it's true? I wonder, what kind of journalistic evidence do you support then? And the country is Poland.
I don't really care to continue this line of debate too much longer, and it may have already gone too far, as HN is not a political debating forum.
But I am very skeptical of anything reported in any of the big media outlets[1]. Off course you have to get your news somewhere, I am just very sensitive to the background narrative, be it Western, Russian or Korean.
So the "party" line I am speaking about is how certain countries are always branded as the "bad/corrupt/terrorist" countries, but from first hand experience many of these countries are inhabited by people just going their own way. And the Western / Russian / whatever media very quickly forgets their own transgressions and that of their countries.
Well, it's very convenient to start a discussion and then say you are not interested any longer. We are having a civilised discussion - so let's discuss. And North Korea is interesting because going there is really not an option for 99.99% of us - so we have to rely on reports. And like I've said - things like food shortages or media censorship are reported by literally every journalist who has been to North Korea - doesn't matter if they are Polish, British, German, American or Russian. If you are starting from the point of view that CIA controls media worldwide, then there is literally no point in reading any news what so ever. But at the moment I do not even know what sort of point you are trying to make - that NK does not have censorship, or that computers connected to the Internet are not monitored by government agents? We have several sources that say they are - and what is your counter argument? That we cannot trust these sources? That would be a very interesting allegation to make, but unless you provide some rationale for your argument that's all they are going to remain - allegations.
Also - you are linking an article that uses RT as its only source? RT being so pro-Russian and pro-Russian propaganda it's not even funny - and that's the only source?
Most likely they do. Beyond TV/radio etc, at least grad students get internet access in North Korea, so perhaps developers have some level of access too.
yep most younger ppl(atleast in the cities) grew up on listening to chinese/south korean radio, there is a big underground market for cds and usb drives with all sorts of stuff on them. Access to internet is also not that uncommon among the elite.
This one blew my mind. Either it’s a mistake or a bizarre quirk of the way DPRK’s network works but the wifi URL for GEO still points to https://www.google.com/loc/json*
Does anyone have a sample User Agent? I'd be very curious if anyone has tried doing some regex's on some request logs to see if they got any page hits from North Korea :)
There are the IP's from North Korea available as well, it was discussed couple of time ago on HN[0]. I think checking by IP is more reliable than checking the browser: Red Star OS is not the only OS in North Korea and someone could use Naenara Browser from the outside as well...
