CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
April 6th, 2010

French Registrar Gandi.net Takes Down Anti-Google Privacy Proxy

A recently launched anonymization service suffered a setback last week when Gandi.net, a France-based registrar that bills itself as a “no bullshit company,” revoked its secure sockets layer certificate without warning.

Last week’s move against GoogleSharing caused its 30,000 users to instantly lose service, according to Moxie Marlinspike, the hacker who announced the anonymization proxy in mid January. It took him four days to get the site operational again, and by then, the vast majority of those users had stopped using the service.

In an email sent more than 24 hours later, a member of Gandi.net’s abuse department said the certificate was revoked “due to multiple and deliberate serious breaches” of the registrar’s terms of service. Specifically, the violations were incorrect information provided to Gandi.net’s Whois database, a trademark violation for the unauthorized use of “google” in the domain name and the use of the certificate for unspecified “fraudulent activities.”

GoogleSharing prevents Google from tracking searches and websites visited by specific individuals by mixing together requests from many different users so it’s impossible to tell where the queries originate. A Firefox plugin redirects Google-bound traffic to a proxy, where requests are stripped of all identifying information and replaced with the details of a different GoogleSharing user. The Google response is them proxied back to the originating user.

“GoogleSharing thrives by being totally transparent to the end user,” Marlinspike wrote in an email. “They install the addon and never have to think about it again. They don’t have to do anything special or visit any special websites. By causing a four day interruption, they’ve likely killed the majority of our user base.”

The hacker said it was true that some of information contained in the Whois database was not correct, but he insisted the service doesn’t engage in fraud and that the the inclusion of “google” in his domain name is protected by the fair use doctrine.

The revocation meant in an instant people who relied on GoogleSharing to anonymize Google search requests were unable to use the service. Because the service relies on a Firefox add-on that uses an authenticated page, their connections were killed with little explanation and no recourse.

The episode demonstrates the hazards of relying on internet companies that enforce terms of service reserving the right to play judge, jury and executioner with their customers’ websites. Gandi.net took the action with no warning and didn’t provide an explanation for more than a day. And even then, it failed to say exactly what “fraudulent activities” GoogleSharing had carried out.

So much for Gandi.net’s claims of being a “no bullshit company.”

“It’s a big claim to make,” the company’s marketing monkeys write. Among other things, it means employees “are honest about what we do; we will be straightforward in how we deal with you” and “if we’re ever hypocritical we will hold our hands up and clean up.”

Conspiracy-minded observers might be tempted to point out that over the past decade Marlinspike has regularly been a thorn in the side of companies who make big bucks issuing the certificates used to authenticate banks, online retailers, and other groups with sensitive websites. By demonstrating practical attacks that allow hackers to spoof the widely used credentials, his research calls into question the effectiveness of SSL certificates and the companies that issue and use them.

Already, eBay-owned PayPal has retaliated against the independent researcher for showing how the criminals could impersonate the online payments processor. Now, Gandi.net has followed a similar course.

But the consequences of the revocation are far from over. Whereas the service pushed an average of 4Mbps before, it was generating only about 300kbps after it came back online.

Which seems to suggest that if you’re doing anything considered remotely controversial on the net, you’re better off relying on yourself for payment and certificate services. The internet isn’t a democracy, and companies with self-serving terms of service can’t be counted on to deliver due process. Not even those that bill themselves as “no bullshit.”

Credit: The Register

Share this item with others:

More on CyberInsecure:
  • New Phishing Hits Domain Owners Accounts At eNom, NetworkSolutions
  • Google Exploit Removes Any Website From The Index
  • Hijacked High-Ranked Sites Serve Malicious, Illegal Content, Blacklisted By Google
  • Privacy Dashboard Service Launched By Google
  • Hadopi Anti-Piracy Agency Website Turned Into The Pirate Bay Due To XSS Vulnerability

    • Posted in Breaches And Incidents, Google, Privacy | Print This Post Print This Post

    This entry was posted on Tuesday, April 6th, 2010 at 11:31 am and is filed under Breaches And Incidents, Google, Privacy. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: French Registrar Gandi.net Takes Down Anti-Google Privacy Proxy

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »