Thursday, March 19, 2009

BBC iPlayer, Channel 4OD and ITV Programme Streaming Overseas - an update

I previously stated that I believed my streaming of BBC programmes using Tor, Privoxy/FoxyProxy and Firefox plugin IETab had failed. Well, I did a complete reinstall of Tor and the Vidalia bundle last week and found I could once more stream BBC programming.

However, when I attempted to stream the Ben Goldacre/Norman Lamb interview on ITV about the MMR vaccine and EDM 754, despite using Privoxy and UK Tor Exitnodes, it recognised my IP address as being overseas. I then tried Channel 4's streaming (as I would really like to see Jaime in Caroline Irby's Home from Home documentary scheduled for next week). Same thing. Strange I thought ...

Then I found this paper on discovering IP address location in spite of using Tor and a proxy server. Rather technical, the coding examples are rather beyond me, but it seems that a website using Java coding, FlashPlayer etc can tunnel back through Tor servers to find the originating IP address and hence location. Disabling ActiveX, Java etc would probably disable Channel 4, ITV streaming, although I haven't tried this yet.

Clearly, ITV and Channel 4 are using one or more of these techniques to discover your geo-location ... but it is a mystery why the BBC is just using a simple geo-IP look-up and not one of these more sophisticated techniques?

Of even more concern, is that in countries that censor access to websites and where users are dependent on Tor and proxies, it would seem to be easy for governments to monitor Tor traffic and trace users. If the "hostile" government setup a website on an overseas server e.g. if the Chinese government set up a pro-Tibetan independence website on an overseas server, using such coding, it could trace pro-Tibetan dissidents resident in China using Tor and a proxy server to connect to such a site. Conversely, a western intelligegnce service could create a "spoof" jihadi website and an unwitting Muslim extremist Tor user could still be traced.

As an aside, it is interesting to note that the US Department of Defense originally developed the technology behind Tor, put it in the public domain since to be taken up by the Electronic Freedom Foundation (EFF) - if the EFF is serious about Internet anonymity, then it must come up with something technologically more rigorous than Tor.

What is going on?

No comments: