This article which talks about the impact of the P2P technology on Chinese media was published on Media Dgiest (Hong Kong).
P2P網絡下載技術引發數碼娛樂革命。
曾幾何時,Napster讓世界第一次認識了P2P的威力,Bit Torrent(BT)讓香港領教了P2P下載的法律後果;而今夏的世界盃,PPStream和TVants讓香港人又知道除了有線電視,他們還可以選擇P2P電視去免費享用這道四年才一次的「大餐」。
P2P名曰對等網絡(Peer To Peer,簡稱P2P),它是一種非中心化的分散式網絡技術。P2P網絡中的參與者既是資源(內容)提供者(伺服器),又是資源使用者(客戶機),資源分散在所有的節點(nodes)上,資訊的傳輸和服務的實現都直接在節點之間進行,因此提供資源線索的Index Server至關重要。早期以Napster為代表的P2P技術仍然有一個中心Index Server,所以不但效能有限,而且法院的一紙禁令就可以關閉整個網絡。現在的大部份P2P技術已經去除了這個中心Index Server,沒有中心數據庫的P2P網絡由用戶互相獲取Index資訊,這樣不但避免了傳輸負載量的瓶頸,而且也保證了整個網絡不可能被封鎖。
突破串流媒體瓶頸
我們都知道傳統的以伺服器為中心的模式中,服務質素受網絡帶寬和伺服器自身的硬體條件限制極大,同時間訪問的人數(客戶機)越多,伺服器的負荷就越重,當超過一定限額,伺服器就會癱瘓。因此,雖然網絡上的串流媒體(Streaming Media)服務發展很早,內容也很豐富,但是因為觀看效果還不盡如人意,所以並沒有形成氣候。雖然像YouTube和Google Video這些新興視頻服務借助Flash技術風靡全球,但是對於大型視頻以及直播的視頻來講,它們仍然不是好的選擇。基於P2P的串流媒體正好解決了傳統串流媒體服務的帶寬瓶頸問題,訪問某個視頻內容的人數越多,這個內容反倒會越流暢。
在中國大陸,因為知識產權保護的缺位,豐富的內容來源催生了這些P2P電視軟件。這些播放軟件雖然都是面向公眾免費使用,但都企圖針對商業團體和廣播電視台銷售他們的軟件和服務,所以並沒有像BT那樣開放製作軟件程式。這些P2P電視軟件都要依賴他們自己去製作內容及其索引,P2P的效用並沒有完全釋放出來。當用戶過多的時候,也同樣會出現傳統串流媒體經常出現的延遲緩衝播放的現象。即使如此,鑒於P2P電視已經影響了中央電視台(CCTV)的受眾群和市場收益,CCTV日前已經明令禁止各P2P電視轉播其體育頻道。
突破電信市場壟斷
與串流媒體服務一樣,基於P2P的語音服務有著同樣的特性和優異表現,這在Skype等網絡電話軟件中已經得到充份證明。中國電信市場長期以來由電信、網通和聯通等幾家大型國企壟斷經營,中國消費者不得不要比國外消費者多付幾倍、甚至幾十倍的國際長途電話費用,這些電信公司由此聚斂了巨額的壟斷財富。P2P電話軟件讓中國人以低廉的成本享受到優質通訊服務,這也難怪有些地區的電信公司會封殺Skype。
除此之外,基於P2P的電話軟件已經成為一個多媒體通訊平台,它可以讓用戶安全地打電話、開視頻會議、發送即時消息(Instant Message)和電子郵件。即使與有媒體審查的地區通訊,它也很難被監聽和審查。因此,對於媒體來說,它們已經成為記者和編輯有效而安全的辦公助手。
突破廣電媒體審查
中國政府長期以來實行嚴厲的高壓媒體審查政策,普通民眾不能閱讀境外「違禁」報刊書籍,不能收看境外衛星電視頻道,BBC、VOA等許多國外新聞電台被干擾。撇除版權等法律因素,在純技術考量下,P2P軟件可以讓用戶觀看到任何優質的國外電視廣播。譬如現在中國用戶通過有些P2P電視軟件,不但能觀看到不太敏感的Discovery、ESPN、HBO等娛樂、文化和體育類外國衛星頻道,也能看到過去一般只能在廣東地區看到的香港無扨翡翠台和亞視本港台,還可以收看到CNN、ABC、BBC等傳統管道被禁止「落地」的國外衛星電視新聞節目。
中國政府已經意識到了這個新的潛在威脅,大部份的商業P2P電視軟件都已經應政府要求,撤除了國外新聞類電視服務。傳統的串流媒體服務都有集中的伺服器提供,如果涉及敏感內容很容易被封掉。而開放的P2P電視與BT下載一樣,內容分佈在節點中,每個用戶就是一個節點,每個用戶都可以成為內容源,審查者根本無從封殺。但遺憾的是,現在的這些商業P2P電視軟體公司大部份不允許用戶自己添加、提供節目,P2P技術的優勢並沒有完全運用和釋放。
突破網絡封鎖
作為媒體審查和監控政策的一部份,中國政府封鎖了大量國外媒體的網站。眾所周知,中國以極大資源投入建立了技術複雜的「金盾工程」,以此封鎖、過濾了大量海外網站。雖然有很多人也知道透過一些海外的代理伺服器能夠繞過封鎖,但是這些代理伺服器也會被發現,從而被封。針對集中式代理服務很容易被封鎖而失效的情況,早期國外一些駭客和自由軟件組織醞釀、開發了基於P2P的動態加密的代理伺服器,譬如Freenet和早期由美國中央情報局(CIA)資助的「三角男孩」(Triangle Boy)。這種技術仍然與BT下載一樣,用戶通過加密訪問國外的節點,有些超級節點(Super Nodes)可以隨時被搜索到,而每當用戶連接成功也加入進去後,它就會也成為一個節點,成為其他人的訪問代理。同樣,這種技術也是越多人使用,訪問速度越快。現在,法輪功和自由軟件組織成為了反網絡封鎖技術的主角,這當中的有些技術也得到美國政府和德國政府的資助。正是因為P2P代理服務很難被有效地封掉,中國政府就仿造這些軟件並散佈到網上,或者他們控制的電腦也加入到P2P代理網絡進去,成為虛假的節點誘騙用戶。而不管怎樣,P2P代理服務是迄今為止最為有效的反網絡封鎖技術。
不可否認,影響P2P產業健康發展的是猖獗的盜版行為,這也可能會成為未來中國政府封掉所有P2P埠和服務的藉口。但不管怎樣,P2P技術已經顯示了其魅力和影響力。P2P引發的數碼娛樂革命是現實的,而我們關注P2P更重要的是它對資訊自由暢通傳播的貢獻。
中國媒體的局勢也許很難因為一個技術創新,迅速地產生革命性的變化,但它已經促使中國媒體市場和管制現狀產生了不大不小的震盪。震盪產生的缺口也許還不是很令人矚目,但它是促使中國媒體這灘死水變革的星星之火。
Saturday, March 24, 2007
Friday, February 09, 2007
How journalists protect themselves under internet censorship and surveillance
I just finished the draft version of this report. When I have time, I'll add those images in it. I also have all of those software and tools mentioned in this report; if you need it, I might give them to you whenever possible.
We probably understand Internet censorship is just to block websites. It is true, but that is only part of it. The more important part of internet censorship is to totally block the free flow of information, and track, monitor and torture people who dare influence such goal.
As journalists, we use and exchange much information. Information security is crucial to journalists’ work. We shall talk about the issue of information security journalists are confronted with mainly from the perspectives of internet browsing, system security and security on communication of information.
1 Internet browsing
1.1 Choose safer browsers
In view of the fact that most virus and malicious programs direct at Microsoft’s Internet Explorer browser, using Firefox which is developed and maintained by a non-profit foundation might be a better choice. Besides, you should install some security extensions for Firefox at https://addons.mozilla.org.
1.2 Anonymous proxies
Remember, never use unsafe proxy servers unscrupulously, as some free proxy servers which might be baits can record your IP address and other important system information and hence track you based on those information you provided. You must choose safer anonymous proxy tools.
1.2.1 Web based proxies
There are lots of anonymous safe proxy tools you can choose. The first is web based proxies. Such proxies have Proxify, Proxyweb.net, unipeak.com, Anonymouse.org, Google language tools and so on. If you simply visit web pages, you can just use those services safely.
However, those web based proxies might have been blocked as well. Therefore, you need software based anonymous proxies. There are also lots of such tools as Hide IP Platinum, Anonymizer, Circumventor, and HTTP-Tunnel whose version of high bandwidth needs to pay. In addition, P2P based proxy programs as Freenet, Tor (better used with Proxify), JAP, and Freegate could be safer and more stable. Moreover, you should download them from official websites, because faked proxy tools are able to trace you.
1.2.3 VPN service
If your corporation has VPN (Virtual Public Network) service, it will be very convenient and safe for you to use the internet when you work in censored countries. Even if your corporation does not have such service, you still can use some free VPN service like secureix.com, iPIG which can encrypt all the Internet communications including WiFi, and HotSpotVPN which needs to pay. Besides, if you have an additional computer on hand, you could install OpenVPN service or SoftEther on this computer before you leave. In that case, both you and the friends who you correspond with will be safe over the internet.
1.3 Beware of viruses, phishers and hackers
More and more spyware, adware and Trojan Horse programs are concealed in the web pages. That means if you visit a website containing those programs; your computer would be infected. More fatally, anti-virus programs usually do not help at this time.
To prevent that from happening, you should keep a good habit not to download illegal software, MP3 files, or visit unknown websites. A good remedy is to use McAfee Site-advisor (siteadvisor.com), which gives hints and suggestions on many websites. If you are not sure whether or not you could visit some websites you searched, to follow advisor’s advice.
1.4 Cache and cookies
Some programs like Web Cache Illuminator can find what websites you ever visited by analyzing your cache. Therefore, be sure to delete the cache completely. Cookies are some files that record user’s system and web accessing information. It is usually safe and useful, but it could be exploited by hackers and censors. Therefore, you either turn off cookies in the browser, or delete them after browsing every time.
2 Computer system security
2.1 Password protection
It is the easiest way to protest you to set up strong passwords which are as long and complex enough as possible for your system, and BIOS. Moreover, you should set up startup, supervisor and hard disk passwords respectively in the BIOS configuration. What is more important, even if your hard disk is taken away by other people, they cannot see the contents in your hard disk with hard disk password. However, not all computers support hard disk password protection. In this regard, you can use some special software as PGP (pretty Good Privacy) elaborated in the below to lock your hard disk.
2.2 Encrypt hard disks and files
You must have your own ways to protect your documents, such as to encrypt them with Winrar, sending them to your E-mail accounts and etc. They are not safe enough actually, because simple encryption could be decrypted, and E-mail account could be intruded. PGP which has been commercialized, OpenPGP and True Crypt both of which are free software, are the best solutions every since. They can encrypt your hard disks, removable disks, flash memory and documents with algorithms as high as 4096 bit. Except you, nobody could open your hard disk and documents under such circumstances.
2.3 Delete files completely
You can delete files on the computer easily using your mouse. However, they can also be recovered easily, even if you have formatted or re-partitionized your hard disk. Finadata, Easy Recovery, Disk Genius and such tools are data recovery experts. Therefore, if you do not want your files to be recovered by other people, you should encrypt them with tools mentioned above, or use some tools as PGP, Eraser and Shredder which can truly delete files completely.
2.4 Firewall, anti-virus and anti-malicious-programs tools
2.4.1 BlackIce and
If you do not install a firewall on your computer, that means you do not have a door in your house. The firewall as BlackIce is very important to protect your computer from intruding. You should configure it carefully. In addition, anti-virus software is also very important without doubt. You can choose software which you trust.
2.4.2 Microsoft Windows defender, Spybot- search &Destroy, System repair engineer
If you are suspicious that your computer might have been infected by some spyware and ad-ware, you should use some specialized tools as Microsoft’s Windows Defender, Spybot- search &Destroy to detect and clean them. Besides, System Repair Engineer can recover your registry, browser and system configurations to be normal.
2.5 Beware of loopholes of system
2.5.1 Turn off unnecessary services
Service in the Windows is very crucial to the normal operation of system. However, there are still many services that ordinary people seldom use. Moreover, they might become the loopholes that hackers exploit. Therefore, you need to turn off some services like “Server”, “Remote Registry”, “Terminal Services” and etc. in the service configuration. You thereby can save precious memory, and decrease the chance to be attacked.
2.5.2 Update patches
As we all know, Windows has many bugs and loopholes. So we should update patches as we update virus definitions frequently. If possible, the best way is to let Windows update automatically (turn on “Automatic Updates” in the Service mentioned above). Otherwise, you can install Microsoft Baseline Security Analyzer, and scan your computer frequently.
2.5.3 Shadow systems or virtual machines
If you need to visit many dangerous websites and test many programs for the working purpose, you can install shadow system like Power Shadow. With them, all the viruses will disappear and that everything will be recovered to be normal after you restart your system. Otherwise, you can install virtual machines like Microsoft Virtual PC, Parallels Workstation and VMWare. Even if the virtual system is damaged by viruses, or intruded by hackers, you can delete this system as you delete a document on you computer.
3 Communication security
3.1 E-mail
E-mail is probably the most popular application people use. As a journalist, you might need to contact a person inside a country censored, or you are doing interview in that country. Beware of your E-mail communication, as it might make you or your interviewees in the very dangerous situation.
3.1.1 Free and anonymous e-mail services
First of all, you should choose safe E-mail services. Generally speaking, Gmail and Hotmail have been safe enough to use. However, if you are not sure, you can use Hushmail. It uses Java technology and very high level encryption algorithms, so that nobody including Hushmail itself is able to crack your E-mails.
If you send you E-mails, yet do not want other people to see your address, you need anonymous E-mail accounts. MyTrashMail provides such service, which let you receive mails normally while leaving fake E-mail accounts publicly. AnonymousSpeech.com is able to let people send secure E-mails totally anonymously. Besides, some remailers as Cypherpunk, Mixmaster and Mixminion allow anyone to post to a newsgroup or send an E-mail while remaining anonymous.
3.1.2 Encryption
As such, you should use PGP, or OpenPGP (www.gpg4win.org) to encrypt every important E-mail message. They can make your messages to be seen only by people who you informed the decryption keys. Even if the encrypted emails are intercepted and accessed, its contents are meaningless without the decryption key.
3.1.3 Strong passwords and change frequently.
Password for your E-mail account should be strong enough (as long and complex as you can remember) and change frequently. Comparatively speaking, using client E-mail tools is safer than to check mails on the web, because some Trojan Horse programs can record and steal your web based E-mail account information. Furthermore, seeing that Outlook is usually the target of attack, you might as well use alternative E-mail client tools as Thunderbird developed by the same organization as Firefox and Sylpheed-Claws which has been well integrated with OpenPGP.
3.1.4 Un-identified and phishing mails
Some E-mails you received could steal your important system information as IP address. This could be a start of premeditated attack. Therefore, you had better refuse to receive HTML mails and not let E-mails including images display automatically.
3.2 Instant messaging applications
We might know instant messaging applications as MSN, IM, ICQ and etc. can be wiretapped. You should be aware of encrypting your communication in your IM communications.
3.2.1 Encryption
There are some tools as MSNshell can encrypt communication on MSN. With such programs, even if your communication has been wiretapped, they are not able to understand what you imputed.
3.3 Martus-Human Rights Bulletin System
At the end of this part, I would like to introduce a publication system named Martus which renders people to publish high confidential information safely. For example, your source providers who are in the censored countries can report stories via this system to your organization very safely. When users wish to store information, they create a bulletin which, by default, is kept secret and available only to the group who generated that Martus account. The Martus software automatically records information in the bulletin. The user then types in a subject, keywords, the date of the incident, a short summary and a more extended description. This data is then saved as a bulletin which can be updated. Martus automatically copies and backs up bulletins that have been saved to a designated Martus Server.
3.3.1 Un-identified invitations
Besides, you should refuse any un-identified invitations in the instant messagers. If they are malicious hackers, your IP address will be exposed to them after you accept them. And then you will be vulnerable to attack.
3.4 VOIP (Voice over Internet Protocol)
VOIP applications like Skype actually have been very safe as opposed to traditional telephone communication. However, some evidences have shown VOIP communication can also be intercepted and wiretapped. PGP and Zfone created by the inventor of PGP can encrypt VOIP communication. It would be much safer than before.
3.5 Smart cell phones
Smart phones are actually a kind of mini computer, which can run lots of software program including viruses. Therefore, you need to install some protective tools to keep your mobile communication safe.
3.5.1 Pointsec for Symbian
The biggest threat is that your mobile communication could be listened in. Some equipment can wiretap cell phone communication within certain distance, and even listen in to your background sound around your cell phone. Therefore, you had better cut your cell phone’s power off when you talk about important things. Do not just press the button of “power off”, while you should take the battery out. Besides, you can install some encryption software like Pointsec.
3.5.2 Anti-viruses and firewalls
As such, you should also install some tools of anti-viruses and firewalls as you do on the computer. McAfee has rolled out its anti-viruses and firewall products for mobile platform.
As journalists, we might have got used to different kind of threats, and yet information security could be usually ignored. Therefore, in order to protect ourselves, good habits and consciousness are more important than those tools we introduced. Moreover, technology is always in the paradox, which means that there is no absolute security even if you have equipped all those tools. We are aware there is a threat, and the wisest way is to keep the threat as minimal as possible.
Subscribe to:
Posts (Atom)
