Distributed Solutions for Distributed Attacks

Submitted by Jon on Mon, 10/21/2013 - 17:50

Google has been making headlines with their shiny Project Shield which wraps PageSpeed with other tools to defend sites against denial of service attacks. The history of the denial of service, however, runs deep, and underlines that no centralized response to it will ever be able to cost-effectively scale against a distributed attack.

Let's rewind back to the 90s. Denial of service was a very, very different thing then - it was a tool for free expression, not one used to mute dissenting opinions as it is today.
In the dot-com boomtimes of the late 90s, I was absolutely fascinated by the digital protests that sprung up in reaction to Mexico's treatment of the Zapatista Movement. Floodnet was an activist art project by the Electronic Disturbance Theater. Floodnet was simply a website you could visit and it would direct your browser to constantly reload pages on the website of the Mexcian government. In addition to overloading the website with thousands of requests from you and our fellow programmers, you could add in a political message with each page load, to force the government's server to fill their log files with messages like "human rights not found."

"The FloodNet application of error log spamming is conceptual Internet art. This is your chance to voice your political concerns on a targeted server. [...] The server may respond to your intentional mistake with a message like: "human_rights not found on this server." So by creatively selecting phases, you can make the server voice your concerns. It may not use the kind of resources that the constant reloading uses (FloodNet automatically does that too), but it is sassy conceptualism and it invites you to play with clever statements while the background applet is running." (via

Floodnet used DoS attacks to protest the Mexican Government
Floodnet used DoS attacks to protest the Mexican Government

This original "denial of service" attack was seen as the digital mirror of a classic "sit-in" protest. It was a way for a David to strike back at a Goliath through technology. However, this, ahem, "sassy" political activism began an arms race that today is dominated by Goliaths alone. Instead of a tool of protest, denial of service attacks are today tools of retribution and ways to mute dissenting voices. They are massively automated and distributed, and are run not by rowdy bands of dissidents, but by well-organized for-hire groups ( and even from government infrastructures.

The only defense, so far, has been equally massive, and centralized, commercial services. This is a growing industry with its own round of disruptive innovators all to itself. This current business innovation is helping to move from the monolithic services protecting online infrastructures at high costs to a more scalable model, with services that smaller websites can benefit from. Still, back-end models are the same - providing shelter from DDoS attacks by having sufficient servers and bandwidth to absorb whatever their proprietary tools and filters cannot outright block.

Open source models to fight back have been conspicuous in their absence - until now.

The Deflect Project, created by the technology collective based out of Montreal and Dublin, is responding to that gap. They focus on providing protection for activists and journalists around the world, who are subject to DDoS attacks from those who disagree with their views all the way to their own governments. Thanks to grant funding, Deflect is able to offer their services for free to independent media sites, NGOs and non-profits -- but the technology model under the hood is the real game-changer.

Social Networks (including Facebook) and Technology Transfer

Submitted by Jon on Wed, 07/29/2009 - 13:10

In Social Networks (not Facebook) and Development I covered the relevance of local social networks and social capital / trust for successful, long-term community and economic development.

Finding, engaging an empowering local social networks is the first step. I believe connecting these networks to the global communities of interest and practice on the Internet can provide a multiplier effect.

In the recent Technology Salon on Malawian health ICT systems, it was discussed how hiring recent Malawian college grads and connecting them to the global community of open source coders gave them an immense resource to draw on as they began their work; and they were soon contributing as peers and mentors to other programmers around the world.

That's power, and that's the 21st century version of technology transfer.

Packets, Please: Government monitoring and #IranElection

Submitted by Jon on Tue, 06/30/2009 - 16:30

Wired reminds us that we can rail against and complain about the intrusive, privacy-destroying and free-speech-threatening monitoring that Iran has been employing against the protestors over the past few months, but we have to remember two things. First, US and European companies provided the hardware and software to Iran for them to do this. Second - our own government does the same thing, and we should stop it.

Regarding the first problem, bipartisan Senators are proposing a ban on government contracts to companies caught selling such technology to Iran, and it's technically illegal for US companies anyhow (which might not be stopping everyone, and appears to be using Secure Computing's (now McAfee) SmartFilter according to the Open Net Initiative's testing.

Social Technology is also Social (in real life)

Submitted by Jon on Tue, 01/22/2008 - 12:52

Wired is running a story on how social networking technologies support, rather than diminish real-life networks of people:

Teens and Social Media

Submitted by Jon on Thu, 12/20/2007 - 10:57

Pew Internet and American Life Project has a new report out on Teens and Social Media; finding that girls are the leading content creators (excepting video posts), and:

Technology and personal networks

Submitted by Jon on Fri, 09/01/2006 - 12:08

User login

© Jon Camfield
Comments or Questions? Contact me
Privacy Statement | Disclaimer