
Pirate Bay Moves to The Cloud, Becomes Raid-Proof - anons2011
http://torrentfreak.com/pirate-bay-moves-to-the-cloud-becomes-raid-proof-121017/
======
dhx

      and even in the event they [cloud providers] found out
      it would be impossible for them to gather data on the users.
    

The encryption key that is providing disk encryption on the VM instances would
be accessible to the VM host. The VM host could also directly access the
memory of the VM instances to read the disk cache, etc.

~~~
chii
I think that quote was made because the writer was confused about what happens
during live operation, and what happens during the time when communication was
cut.

The host could potentially sniff the traffic during live operation by sniffing
the memory of the vm.

But when the vm's communication is cut, the whole disk is encrypted. I expect
this encryption to be done using some sort of public/private key encryption
scheme, such that without the private key, you can't actually unencrypt the
disk. THis is what is meant by gathering data on the user i suspect.

~~~
ianburrell
With whole disk encryption, the disk is always encrypted. While running, the
decryption key is stored in memory and used to decrypt/encrypt blocks. When
communication is cut, they are presumably purging the key from memory. The
password would need to be entered to produce the key.

This means that while the system is running, the key can be read by the host.
It doesn't matter is the key is later purged. Changing the key requires re-
encrypting the entire disk which is a slow operation.

~~~
chii
I guess there isn't enough detail to raelly work out what would happen - its
not clear that they meant whole disk encryption in the way you described. I
thought they encrypt the disk _only_ after loss of communications. The private
key is not on the VM anywhere. Thus, the vm once encrypted, is useless
(without the passphrase, which presumably only exist in the head of the
operator of tpb).

------
mariusmg
Isn't it enough to take down the DNS servers to make TPB unusable for sharing
(at least to add new torrents) ?

Achieving fault tolerance using a few cloud providers is nice (and expensive)
but they're still far from raid proof (all it takes is some coordination from
police in multiple countries).

~~~
fragmede
It's an increasingly technical digital game of whack-a-mole, and the mole has
completed another burrow.

There are still technical measures that could be taken with-in one country.
Eg. automated null-routing of A records for thepiratebase.se (and then do it
N-times a second).

~~~
jacquesm
All it takes is for some political body to lean heavily enough on the TLD
registry. .se and .org are no more invulnerable to this than .com

~~~
rmc
Perhaps. And that's why you have many TLDs. So .se and .org are gone, so it
moves somewhere else, then it moves again.

~~~
chii
I think somehow the MAAFIA is going to manage to get laws passed which will
null out any set of words they like in the registry without prior notice. This
would mean the end of DNS as we know it i guess. Or stipulate that DNS
services reveal those who registered and then can prosecute along those lines.

------
smogzer
They have to do it like this:

\- emule like dht.

\- keep a cache of 1000 of ips that had trustworthy content in different ip
neighbourhoods.

\- provide a pub-sub of new content + hot/top files.

\- seed one-to-download one file. Host encrypted content, freenet style to
have faster speeds on other files. Never allowing a file to go seedless.

\- the software could be provided as a chrome+firefox sandboxed addon or
something like that.

Go hackers go.

~~~
chii
basically, truly distributed DNS servers, where your domain name->ip maps are
shared and voted on iteratively and continuously. Its synonymous with bitcoin
in that sense, where the only way to break it is to have control of X% of the
computers involved in the entire cluster (and then make X a really high
percentage so that it costs prohibitively high to undermine the system).

~~~
jdangu
Check out NameCoin <http://dot-bit.org/Main_Page>

------
zllak
Something that could be "funny", if that governments, when they don't
understand something, they just call it outlaw/illegal, as they almost did for
P2P. That's not because someone make a bad use of something that the whole
thing must be considered as dangerous. How long before the "cloud" is declared
illegal by governments ? :)

~~~
antidoh
They could require licenses, so that corporations can make money while
individuals have less freedom.

------
cake
Any more info on the encrypted VMs and how they work ?

Do they use TrueCrypt volumes ? What are the alternatives ?

------
arocks
So we can expect Cloud Computing Regulations to be framed later this year?

------
Fando
Long Live The Pirate Bay - An icon of revolution and internet freedom!

------
alz
how do they manage their databases, this would be interesting if the system is
truely distributed

------
m0skit0
Nice article, I absolutely agree!

------
sgt
Unless they raid the cloud...?

~~~
rmc
(a) You have to find out what cloud provider

(b) You have to raid 2 cloud providers

(c) what if they have 4 backup cloud installs ready to go live? You take out
the 2 there, and then 2 more in a different, unknown hosting company go live.

~~~
Achshar
Also they don't get any useful data as all data on cloud providers is
encrypted. So providers won't even know they are hosting piratebay.

~~~
peterwwillis
Who told you that? Any cloud provider can at any time inspect what's running
inside a guest, so they'll definitely know it's piratebay (not to mention the
metric fuckton of obscure network traffic that make torrents easy to spot).

As far as data, cloud providers usually have functions to administrate guest
VMs, which would allow a law enforcement agency to peer into the box as well,
nullifying any benefit of data encryption while the box was online.

~~~
mayneack
I may be misinterpreting your comment, but the massive amounts of data
associated with torrents don't actually go through the trackers. The trackers
just manage peers while the data goes directly from one user to another.

(or at least that's how I understood it)

~~~
jlgreco
TPB doesn't even run trackers anymore. My impression is that these servers
only serve up magnet links (not even torrent files) and textual descriptions
of them.

Provided they spread it out even a little, nothing about that traffic should
appear out of the ordinary.

~~~
rmc
They serve torrent files for some torrents. If a file has very few peers,
they'll offer a .torrent download.

------
maeon3
It's like robin hood taking from the rich and giving to the poor, his motives
are pure, depending on how you look at it, and robin hood can continue this as
long as the governing body who wants him dead is inept at catching him. The
pirate bay, like robin hood, cannot live forever. SOME of us will only be
stronger than ALL of us for brief moments in history. The only way TPB is to
survive is for it to make good on its invisibility promise and make both the
users and and distributors invisible to those who want it dead. There needs to
be a creative mechanism to render the service invisible to those who disagree
with its existence, and to render it visible to those who crave data.

It won't matter that TPB is distributed, clouded, encrypted, PTP, or whatever.
When the governments are successful in getting SOPA, ACTA or whatever through
congress, the ISP's and companies like Google and Apple are going to be made
responsible for cooking into their devices preventions for unauthorized
copying and unauthorized distribution of 3d schematics for weapons that pass
through their ISP's or their hardware. As elite as TPB thinks they are, a few
elite hackers can't fight an army of mediocre hackers.

An important factor in TPB living forever is preserving its image in the
hearts and minds of ALL hackers everywhere, worldwide, collectively we can
outsmart those who wish to catch us, a small group of us will eventually be
defeated, as all robin hoods must be. We have to have the hackers on the
ground floor who wish TPB to live forever inside Google, Comcast, Apple, HP,
MPAA, RIAA, and everywhere else. The battle for control what you can think,
what you can do inside the comfort of your own mind is under attack. The
battle begins here, with the ownership of what can take place in your
computer. Soon these computers will be our minds, and the governments will
rule over the thoughts that take place inside them. We will wake up as
directive following slaves on the land our fathers conquered. We have to have
a 10 and a 50 year plan.

~~~
smiler
"It's like robin hood taking from the rich and giving to the poor"

No, really, it's not. For the most part it is encouraging people to consume
something for free they should have paid for.

I really don't get the love for TPB and copyright infringement in general on
HN when most are dreaming of starting businesses where you need people to hand
over money.

~~~
tatsuke95
>For the most part it is encouraging people to consume something for free they
should have paid for.

So, the Robin Hood analogy works perfectly then.

The movie and music companies aren't suffering, artists aren't suffering (in
fact, in can be argued that artists embracing the new media world are
flourishing), software companies and developers aren't suffering. There is
more music, movies and software than ever before.

The whole piracy issue is overblown.

~~~
at-fates-hands
"The movie and music companies aren't suffering, artists aren't suffering (in
fact, in can be argued that artists embracing the new media world are
flourishing), software companies and developers aren't suffering. There is
more music, movies and software than ever before.

The whole piracy issue is overblown."

In real world economics, you argument actually supports the exact opposite.
When supply increases and demand decreases, the ability for an artist to sell
enough music to live on gets exponentially harder.

When a few people buy the music, then spread it by piracy means its not just
the artist and music companies who are losing money. It's the producers, the
mixers and dozens of other technical people not making a million dollars when
Jay-Z's new album sells 10K copies in the first week.

The piracy issue is overblown only to those who have never experienced it
first hand. It's not just the artist and the big music companies you're
hurting, there's a ton of lower level people who work in the industry who are
suffering because of piracy.

~~~
smokeyj
> The piracy issue is overblown only to those who have never experienced it
> first hand. It's not just the artist and the big music companies you're
> hurting, there's a ton of lower level people who work in the industry who
> are suffering because of piracy.

The argument seems to be that file-sharing is bad because "potential" jobs are
destroyed. This doesn't seem like an argument formed in principle because the
internet has destroyed many "potential" jobs (see blockbuster, b&n).
Innovation kills jobs (and creates them) and I'm okay with this. But I'm not
okay with killing innovation by means of legislation.

