Privacy

Reddit Rate-Limiting VPN Users

Yesterday I started getting these annoying pop ups on Reddit.  “You’re doing that too often, please wait X minutes”.  This most often happens with new accounts that are low in Karma.  It’s a sort of trust trap that prevents spam.  My account is almost 10 years old.  I have almost 500 thousand Karma.  I don’t meet any of the new account nonsense.  This block, is very suspicious.

I’ve seen it before though.  It seems individual subs can enable something like this for accounts that post infrequently to that particular sub.  But this block seemed to span across many subs, so it was clearly site wide.   I assumed at first Reddit was blocking 3rd party apps in an effort to push people to use the shitty official app.  So I installed the official app.  And good fucking God does it suck.   The problem persisted though, so I uninstalled the app.  I also tried just using the web interface in Firefox mobile.  No go.

So I decided to try on another account.  Not only did this still happen on the other account, but the block from the first account, applied to other accounts.  So clearly the block is IP based.

Now, on mobile, when not on my home network, I use a VPN basically full time.  Why would fill a blog post on it’s own but all we need for this is to know that I use it all the time, I’ve done this for something like 5 years.  It’s not a cheap freebie VPN, I use a paid service that’s trustworthy (I am the customer, not some other advertisers).  I also use Reddit basically daily, a lot.

I disabled the VPN for a bit, the problem went away.

I re-enabled the VPN, the problem came back.

I did some searching on Reddit and Twitter and found a lot of other people having similar issues.  Reddit is rate-limiting VPN users.  It’s super annoying and super bull shit.  There are plenty of valid reasons to use a VPN, like I said, that’s a whole different blog post.  Blanked throttling VPN users is not a good solution.  I would dump using Reddit before dumping using my VPN.

Hopefully it’s just a temporary glitch that gets fixed, but for now it’s incredibly annoying.

Encryption and You…

encryption-imageThere seems to be an endless stream of stories about how the UK wants to ban the use of encryption on the Internet.  It’s hard to say what this says about the UK officials, since banning encryption is essentially impossible without completely breaking the Internet.

Well, technically it could be done, but you wouldn’t want to be on this Internet anymore for anything requiring security.

So a quick rundown on just what encryption is.  Let’s say you send data cross the Internet, an email, a tweet, e bank password, a credit card number for buying something on Amazon.  Without any sort of encryption, data is simply converted into bits, and sent from router to router to the machine on the other end.  Capturing this traffic as it flows across the Internet is actually fairly easy.

There was a very famous exploit plug in a few years ago called FireBug.  Firebug would sniff the local network for the log in cookies used by Facebook and snatch them out of the air (so to speak) and allow the user of Firebug to access the Facebook account of anyone else on the local network.  This was before Facebook encrypted the data for it’s log in information, so the cookie was just flowing across the network.  The cookie data basically is a way for Facebook to know “yes, this , but it will person has logged in and this is who they are” so you don’t have to enter your password every time.

Because Facebook switched to SSL Encryption for their log in data, these cookies are now encrypted as they pass through the internet.  You may still be able to snatch the cookie but it will be a garbled mess of gibberish.

Now imagine if your bank or Amazon didn’t use encryption.  The same methods used by Firebug could be used to pull your bank or credit card data.

This is why encryption is important and used every day.

But how does it work.  When you connect to a remote website, your computer and the website exchange keys for translating the encrypted data.  This means the data can only be read by your computer or the remote website.  An extremely simple example, Let’s say the “key” is “13” and the “algorithm” is “ROT13”.  The data would be translated by moving all of the letters in a data packet by 13, hence ROT 13 (Rotate 13).  The phrase “My name is Josh” becomes “Zl nzar vfWb fu”.  Now, this is a very very very simplified example.  Real encryption uses long long keys, complex multi faceted algorithms, often with time based mechanics, and in general, would never be human translatable.  In fact, without the key, depending on how complex the encryption is, it could take the most powerful computer in the world millions of years to break some encryption.

So, why does the UK government (and others) want to ban this important security tool?  It’s simple, they can’t break it.  The world has become aware of how the governments of the world are scooping up and reading all of the data across the Internet, and the world has turned to encryption to keep their privacy.  Websites big and small have started using SSL by default so all traffic is encrypted making reading the contents impossible by outsides.  More people are using things like VPN tunnels, TOR networks, and PGP keys for their emails, these are all useful encryption tools.

The claim of these spying agencies is that it makes it hard or impossible to “find the bad guys”.  This assertion is as ridiculous as claiming say, we need to ban White Vans because kidnappers always and only use White Vans.  Or maybe, we need to ban beards because “Terrorists always have beards”.

“Only bad guys encrypt their data”.

It’s basically applying a false sterotype and getting mad when it doesn’t fit.  Its also blatantly ignorant of the real world uses of encryption.  No one would every shop online since it would be trivial for hackers to harvest credit card data.  You may as well require you to speak your name, card number, card verification number etc out loud to the check clerk at the grocery store every time you want to buy something.

Identity, Privacy, Anonymity

identity I had a short conversation recently over on Reddit that got me thinking a bit about the idea of online identity and, by extension, the ideas behind privacy, and anonymity online.  Privacy is a hot button issue in general lately and there has also been a lot of people causing some fuss over the idea of anonymity online. 

It’s ridiculously easy to be anonymous online.  Ok, let’s rephrase that, it’s ridiculously easy to be mostly anonymous online.  You want to be mostly anonymous, it’s trivial to make "fake" email accounts or identities.  You can even be pseudo anonymous by using a pseudonym.  If you were doing something malicious, it wouldn’t be hard to track you down from a simple pseudonym, especially if some large corporation or government wanted to track you.  Chances are you’re pulling cookies around in your browsing, and you’re connection will have a unique, logged IP address complete with time stamps etc. 

Being actually anonymous is trickier but still pretty trivial, spoofed IPs, TOR browsing, using open WiFi access points, especially public ones, in areas where there are no cameras, etc.  I’m not really here to discuss true anonymity online though, more the idea of pseudo anonymity.  This is the sort of anonymity that many more casual users of the internet greatly dislike.  It certainly has it’s good sides and it’s bad sides.

The complaints often come because of "Trolls" who use the anonymity granted by the internet as a means to be rude or mean.  The problem is that the term troll is often greatly misused or misappropriated.  I once wrote a pretty long essay back on usenet about what a troll is but the short version comes down to a few things.  Trolls and straight bullies are not the same.  Trolls and straight assholes are not the same thing.  Being an actual troll does require some effort, just going and telling someone they are "a stupid fag" on an anonymous board doesn’t make you a troll, it mostly just makes you an idiot.  The real point of trolling someone is to speak contradictory to what is being presented, not necessarily to prove an alternate point of view but to disprove or discredit the original view being presented.  There is a point when trolling turns into idiocy and harassment.

It’s simple, people don’t like being disagreed with or having their viewpoint challenged.  If that person can’t actually defend their viewpoint, they may get called out on it, and they call the person calling them out a troll, a "coward" hiding behind anonymity. 

"You wouldn’t say that to my face in person, why do you do it online?"

This is a tricky question on many levels and isn’t really an exact parallel.  If you put masks on everyone involved to make them "faceless", put them in a room, and had the originator read their originating comment out loud, would people still say "mean things"?  What if just the trolls had masks?  Also, a lot of people do say dumb asshole comments in face to face situations.

However, yes, there is something freeing and liberating about anonymity or even pseudo anonymity.  I’m sure there is some actual psychology behind this concept.  It’s basically the same concept of "dancing naked when home alone".  People act differently when they think no one is watching.  It’s human nature.  We pick our noses, we scratch out but cracks, we dance naked, we make rude comments online.  The main difference is that picking your nose doesn’t really hurt anyone else.  Does a rude comment really hurt anyone when everyone is anonymous and everyone has the option to make rude comments? 

"You wouldn’t say that to my face in person?"  Maybe they would.  But what if you could punch back.

So let’s take a site like 4chan (the website not the "1337 hax0r duud"), where everyone is anonymous.  Yeah, it can fall into a cesspool of filth but it also can lead to a lot of good discussion.  Much of the worst is confined to /b/, and 4chan is much more than just /b/.  Even discussion of places like /v/ (Video Games) and /toy/ (Toys) can be more interesting when people feel more free to dislike what they dislike and speak their minds.  You also don’t have to deal with people trying to be some sort of crazy internet celebrity in their area of interest.  Identity is frowned upon in general, so you just get pure discussion.  No one trying to be pretentious about who they are and what they want people to think of them as, just pure discussion.

Does it lead to arguments and shit slinging?  Of course it does.  Does it lead to idiotic arguments that make no sense?  Yep.  It also leads to acceptance.  Acceptance of ideas, because maybe you actually lose an argument, but because you aren’t saddled with the pride of your identity, you are free to accept defeat, even if it just means quitting the argument in disgust.

Then there is the idea of Psudo anonymity.  Your online handle or username if you will.  You still end up with some level of reputation but it’s one step removed from your private life and personal identity.  Its also pretty easy to manage multiple online online "personas".  Chances are if you are managing multiple identities on any one website that website could easily cross connect them to each other but for basic outward facing use, it can serve a purpose.

Take Reddit.  While similar in nature to 4chan, since it’s full of user generated content that lives and dies by how much support it gets, Reddit has an identity system.  Reddit also has an archive, everything on 4chan drops off eventually sometimes in minutes, sometimes in days, but it eventually dies.  Reddit has an archive, and an identity and everything you post is easily attributed to you.  More importantly, Reddit has the "Karma system" where users can up and downvote good and bad posts.  Granted that a lot of people know that Karma is "useless fake internet points" and there are even people who try to get negative karma instead of positive karma, but it does help by giving a tangible indicator to "how good" a person is.  It’s not perfect of course, some people may be good at things that aren’t relevant.  Someone who posts to Gonewild and has 4000 karma as a result isn’t necessarily going to mean anything when it comes to political discussion. 

Hence, "meaningless fake internet points."

Then there is Facebook.  Facebook is where you connect to friends and family.  People you will know for long periods of time, possibly your entire life.  Many of these people will know you better than you know yourself.  They will know when you’re being fake and call you out when you’re being an idiot.  These are most likely the people you want to know and want to be judged by.  There is also a lot of push for having a "real identity" on Facebook.

Facebook is a place where people go to "be real." 

All of these places have elements of each other, and it’s a very tiny sampling of the endless array of websites on the internet.  Each exemplifies a major component of online identity.  A board like  4chan is all about being anonymous, but you can choose to fill in that name field, and there is even a system in place to keep your identity verified.  Reddit gives you a name and points, encouraging you to behave for the most part, but it’s not required and can one can easily start over if there is a major screw up.  Sites like Facebook, want you to be "the real you" but really, nothing is stopping anyone from making multiple Facebook profiles and fake identities.  Hell I have a Facebook Page for my cat that I rarely post to.

The point is, the closer you get to your true identity, the less publicly open you tend to be, at least about your real feelings.  There is a fear of being judged or shamed.  A fear of upsetting the lifetime friends and family we have.  Anonymity still has a place though.  It’s like a confessional, or the comment drop box.  It’s a way to voice opinion without feat of retaliation.  There are often many reasons to fear retaliation.  Assholishness and trolling aside, opinions are often formed that are negative towards people with power.  People with power often have very strong methods of retaliation at their disposal.  There needs to be a means for people to speak out against real injustices.  The side effect is that sometimes you end up with "trolls" and assholes.

Some people just need to accept that sometimes a difference of opinion is a good thing.