How Scientists Can Protect Their Data From the Trump Administration

American scientists are under siege in the Trump administration because their work threatens to undermine Trump’s anti-science policies. As a result, some scientists have already begun trying to preserve government data they worry will be deleted, altered or removed, and many are preparing to march on Washington to protest Trump’s dangerous science denialism.

“Many scientists are concerned that we face an imminent digital dark age in which decades of taxpayer-funded observations and scientific research are deleted or buried,” Matthew Huber, a professor and climate scientist at Purdue University, told me in an encrypted email. “The main mechanisms currently used for dissemination of climate data (such as NASA, EPA or NOAA websites) tend to have single points of failure.”

If you’re an American scientist who’s worried that your data might get censored or destroyed by Trump’s radically anti-science appointees, here are some technologies that could help you preserve it, and preserve access to it.

  • You can use a file-sharing technology called BitTorrent to ensure that your data always remains available to the public, with no simple mechanism for governments to block access to it.
  • You can use Tor onion services — sometimes referred to as the dark web — to host websites containing your data, research, and discussion forums that governments can’t block access to — and that keep your web server’s physical location obscure.
  • And you can use OnionShare, an open source tool that I developed, to securely and privately send datasets to your colleagues to hold onto in case something happens to your copy, without leaving a trace.

About BitTorrent

The BitTorrent peer-to-peer file sharing protocol was invented in 2001, and people quickly began using it to illegally swap music, movies, and software – as well as legally distribute large files such as Linux operating systems. While the copyright industry waged a successful war against file sharing services like Napster, LimeWire, and KaZaA, they failed to shut down BitTorrent, which as of 2012 had an estimated quarter of a billion users, with no signs of slowing down.

Why is it that some of the world’s wealthiest corporations failed to bring down BitTorrent? Because it’s decentralized. With traditional file sharing services, one computer on the internet hosts data, and all other computers connect to that host to download the data. If a government wants to censor that data, all they have to do is bring down one host — and they have the technical, legal, and economic tools at their disposal to do this.

But with BitTorrent, data is hosted in swarms. If you want to download some data, you join the swarm and become a peer. You download pieces of the data that you need from other peers in the swarm, and in return you upload pieces of data you already have to peers who need it. Once you have all of the data, you can choose to remain in the swarm and continue sharing with peers, which makes you a seed. The more popular the data, the bigger the swarm, the faster the downloads. Traditional means of censoring access to this data become unwieldy. It’s hard to block access to every computer in a swarm (they can grow to have tens of thousands of peers), and nothing stops more peers from joining. There’s no single entity to sue or pressure financially. And swarms often consist of computers distributed around the world, so national laws can’t actually achieve the censorship they might hope to.

There is nothing illegal about using BitTorrent to share files that you’re legally allowed to share (in fact, companies like Blizzard Entertainment have adopted the technology themselves to distribute large video games they make). If you work for a university or government agency that distributes scientific datasets, BitTorrent is an excellent option to distribute them. Not only will it make the data harder to censor, it will also allow researches to download it quicker, and it will reduce your organization’s bandwidths costs because bandwidth will be shared throughout the BitTorrent swarm.

How to use BitTorrent to share your data with the public

To get started, you need to install a BitTorrent client. There are many options, and I like Transmission because it’s open source and minimalist, but you can use whichever one you like best – the instructions are similar no matter what client you use.

Open Transmission, and click File > Create Torrent File. Then browse your disk until you find the data you’d like to share (for this example, I’m sharing a folder with over five gigabytes of climate data that I downloaded from the National Oceanic and Atmospheric Administration). Then you’ll need to cut and paste some trackers, which are odd-looking URLs that help facilitate peers finding each other in a swarm. There are many public trackers out there, but I’m using the ones suggested by OpenBitTorrent to paste into the trackers box.

Click Create to make a “.torrent” file. This will create a relatively small file, basically an index of the data you’re sharing. Then, open the torrent file in Transmission. That begins the seeding process, which makes it possible for your data to be widely distributed and available. Once you’ve created and started seeding a torrent, the next step is to publicize it. Email the torrent file to your colleagues and share it on social media. To download your data, they’ll need to install their own BitTorrent client.

Until enough people download your data — and in doing so become distributors themselves – you’ll need to keep your BitTorrent client open and your computer on as much as possible, so that others can download copies of it from you. Ask colleagues in science-friendly countries if they’re willing to download your data and continue to host it, too. You can also rent servers on the internet called seedboxes to do this, so that your data will always be available to others even when your computer isn’t online.

You might also be interested in using Academic Torrents to share your research and datasets.

About Tor onion services

Tor is a decentralized network of servers, run by volunteers around the world, that help people bypass internet censorship, evade internet surveillance, and access websites anonymously. Most people use Tor to hide their identity from websites that they visit, but Tor also allows websites themselves to hide their identities from the public – or, more accurately, to hide their IP addresses, and by extension exactly where they’re hosted. These are called Tor onion services, also known as hidden services. You also might have heard this type of website referred to as the “dark web.”

Whatever you call it, onion services are perfect for hosting websites that you don’t want to be censored, such as sites that host scientific datasets, research papers, and discussion forums. It’s impossible for governments or ISPs to block access to specific onion websites – the best they can do is follow China’s lead and try to block access to the entire Tor network itself. Even then, there are ways to bypass the Great Firewall of China to connect to Tor.

Tor Browser is a web browser, like Chrome or Firefox, but all of its internet traffic goes over the Tor network. If you type in the URL bit.ly/2krKUVQ in your normal web browser, the White House will be able to see that your IP address is visiting their website. But if you type that URL into Tor Browser, an encrypted copy of your web request will bounce around the world through multiple Tor servers before finally exiting the Tor network, and the White House will only know that an anonymous Tor user visited their website.

Similarly, if you type the URL of a Tor onion service into Tor Browser, it will also bounce an encrypted copy of your request around the world, but this time through twice as many Tor servers, and your request will never exit the Tor network. Instead it will end up directly at the onion service, completely encrypted, and completely anonymous. For example, The Intercept’s SecureDrop server, which you should use if you’d like to blow the whistle on the Trump administration’s war on science, is a Tor onion service with the URL bit.ly/2ks0ctV. That URL is only accessible through Tor Browser – it’s impossible to connect to it using your normal browser. The Intercept can’t tell the real IP addresses of anyone who visits it, the public doesn’t know its real IP address either, and the government can’t tell when someone visits it, and can’t block access to it without blocking access to the entire Tor network.

Finally, no software is perfect. The FBI has successfully discovered where onion services are hosted, and who is behind them, in the past. If you’re hosting a website with scientific datasets and you’re concerned that the U.S. government might try to censor you, it’s safest to choose a hosting company, or host your website at a university, that’s physically outside of the United States.

How to host hidden websites using Tor onion services

This one’s a bit more complicated, because you need to set up a new web server first. Many scientists, of course, already have their own web servers and know how to do that, but you might need to find a friend who can do it for you. You can find instructions that systems administrators can follow for setting up and configuring a Tor onion service here. After you’ve set up your onion service, it’s a good idea to scan it with OnionScan, a tool that helps you weed out human errors you might have made that could help an attacker discover the true IP address, or other identifying information, about your website.

About OnionShare

I developed OnionShare to help journalists share sensitive documents with each other, and to help sources leak documents to journalists. Investigative journalists at The Intercept use it on a regular basis. But anyone can use it anytime to securely send files over the internet. If you have data that’s not ready to publish, or otherwise isn’t public, but you want to preserve it in case someone forces you to destroy it, OnionShare can help you send it to a trusted colleague, potentially in another country.

OnionShare works by hosting what is essentially a temporary website directly on your own computer that contains nothing but a download link to the files you’re sharing, and then it makes this website accessible as a Tor onion service, giving you a URL that looks something like bit.ly/2kRGLIC.

Your colleague loads this URL in Tor Browser — loading the website hosted directly on your computer — and downloads the file. As soon as the download finishes, OnionShare immediately shuts down the website, making that URL disappear from the dark web forever.

Because it uses Tor onion services, sending very large files could take several hours. But despite that speed, it has some benefits over traditional ways that people often send large files, such as using services like Dropbox or Google Drive. Like BitTorrent, OnionShare is decentralized. There’s no central service or third party company or anyone else that has access to any files you share. If someone is actively monitoring your or the recipient’s internet access, all they can tell is that you’re doing something on Tor — not that you’re using OnionShare to send a file.

How to use OnionShare to securely share private data with colleagues without leaving a trace

To get started, download and install Tor Browser and OnionShare onto your computer. Open Tor Browser – you need it to be open in the background so that OnionShare can use its connection to the Tor network. Then open OnionShare, and drag the data you’d like to share into the window (for this example, I’m sharing the Center for Disease Control’s 2014 National Immunization Survey dataset). Then click Start Sharing.

OnionShare will give you an onion URL to share. The next step is to send this URL to your trusted colleague. If you’re trying to do this without leaving a trace, it’s safest to talk to your colleague about this using an encrypted messaging app, like Signal – in fact, this would be a good time to use Signal’s disappearing messages features, so that your communication about preserving your data will automatically get deleted from both of your phones.

When your colleague receives your message, they need to open up Tor Browser on their own computer and go to that URL. They’ll connect directly to the website hosted on your computer. Note that if your computer isn’t on, your colleague won’t be able to load the website until you wake it up and connect to the internet again, so you need to agree on when to send your data.

As soon as your colleague finishes downloading the data, it will disappear from the internet, without anyone besides the two of you knowing that you sent this data at all.

Top photo: Equipment aboard a DC-8 jet used by NASA as a flying laboratory to study the impact of air pollution on the Arctic’s atmospheric chemistry and changing climate.

The post How Scientists Can Protect Their Data From the Trump Administration appeared first on The Intercept.

from The Intercept bit.ly/2kRNH8K

Leave a Reply

Your email address will not be published. Required fields are marked *

The CAPTCHA cannot be displayed. This may be a configuration or server problem. You may not be able to continue. Please visit our status page for more information or to contact us.

This site uses Akismet to reduce spam. Learn how your comment data is processed.