Streisand

April 6, 2017

"The Streisand effect is the phenomenon whereby an attempt to hide, remove, or censor a piece of information has the unintended consequence of publicizing the information more widely, usually facilitated by the Internet. It is an example of psychological reactance, wherein once people are aware something is being kept from them, their motivation to access and spread the information is increased.

It is named after American entertainer Barbra Streisand, whose 2003 attempt to suppress photographs of her residence in Malibu, California, inadvertently drew further public attention to it. Similar attempts have been made, for example, in cease-and-desist letters to suppress numbers, files, and websites. Instead of being suppressed, the information receives extensive publicity and media extensions such as videos and spoof songs, often being widely mirrored across the Internet or distributed on file-sharing networks.” - Wikipedia article: Streisand Effect


It’s been known for many years (particularly after the Snowden incident) that ISP’s and governments around the world have been spying on their users and citizens. For some it been a quiet acknowledgement of the inevitable, and for others it’s an “I don’t have anything to hide” attitude. Interestingly enough, there was an uproar following the US government’s vote on repealing Obama-era FCC Internet Privacy Regulations (which had not gone into effect, but will be sorely missed).

Rivaling the uproar of the SOPA battle, Americans are waking up to the realization that what they put in a search engine, doesn’t stay private. As a result many VPN companies are competing to grab up the new potential customers.


It’s fitting then, that by trying to make it legally easier for big telecommunications companies to analyze and profit off your data, that they’ve drawn more attention to it. Cue Streisand, an open source initiative to make it easy to deploy multiple VPN technologies quickly.

Streisand was made as a response to the 2014 Turkish government’s censorship of its citizens. Spearheaded by Joshua Lund, the Streisand project has been responsible for allowing people to bypass the censorship of their counties and speak out. (For more information on the back story of the project please see this article. It’s an incredible example of how technology can be used to protect innocent people and circumvent horrible regimes).

What is a VPN

You may be wondering, what’s a VPN? A VPN (Virtual Private Network) is a means of tunneling your data across the Internet (or a network) in an encrypted channel. The basic idea is to allow two, remote networks (or computers) to communicate. Imagine you run an office in Chicago, and you also have an office in New York. Using a VPN, you can have these two separate networks communicate in a private channel. It’s kind of like making your own internet.

More often, people associate VPNs with a means of protecting their browsing data. There are hundreds (if not thousands) of companies who specialize in selling VPN services. You download some software on your computer, hit go, and then all of your Internet traffic is encrypted and shipped directly to the VPN server. This has the effect of making you appear somewhere else. For example, sitting in my bedroom in Illinois while using my VPN, it appears I’m in Clifton New Jersey. In addition, it will obfuscate your traffic from your ISP, so all they will see is that you regularly use a VPN.

After the FCC regulation fiasco, many news outlets are reporting that using a VPN will save your privacy! Couple problems with that. 1. The user is probably already breaking opsec. 2. VPNs aren’t perfect. “But Nick!”, I hear you saying, “You said you use a VPN! Why would you use one if you know it isn’t perfect?”. Well my little sugar plum, I’ll tell you why.

ISPs (including Commercial VPN providers) have an immense amount of control when it comes to your Internet usage. Everything you do passes through them. If you’re upset about the fact that your ISP can see everything you do, a VPN won’t help you. It just shifts the control away from Comcast and onto another party (which typically sounds more dangerous). Everything your ISP could see, your VPN can see. What’s to stop them from profiting off your data the same way? (Hint: there is none).

I may do an article on the problems with VPNs in the future. That’s not what this article is about. I want to tell you about Streisand.

Streisand

To be very clear Streisand is not a VPN provider. It’s not a company. It’s not a VPN itself (it offers them). I’ve been using it for a while now, and I’m definitely a fan.

What makes Streisand amazing is that instead of paying a company a certain fee a month (and you should pay for a VPN. Free VPNs are shady!), you instead host the server yourself through a service like DigitalOcean or Amazon AWS. This server you setup will act as your gateway to the Internet.

It has it’s perks. For $5 a month, I can stand up a DigitalOcean droplet which will act as my Streisand server. In addition to being a VPN, I can also use it for basic testing I normally do. Streisand will configure for you L2TP/IPsec, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, a Tor bridge, and WireGuard VPN tunnels. That’s a staggering amount. In addition, installation occurs with a few key strokes.

I like it because it allows me to setup multiple VPN technologies in the event that a network I’m on blocks one of them or a particular port. After the server is setup, it will provide all the certificates and keys needed to connect all of your devices. I currently have my phone, laptop, desktop, and tablet all routing their traffic through this VPN.

Another nice thing about Streisand is that it’s designed to be shared with others. Simply give a friend the generated document and they can hop on to your VPN.

“But Nick! You’re a crazy privacy psycho (It’s true, I run a Tor relay). Why would you allow a different company the ability to see all of your Internet traffic?”. Here’s the problem, you don’t get a choice in the matter. Eventually, you will have to reach the Internet from somewhere. Do I trust DigitalOcean not to sniff my packets? Kinda? They’re a service that tries to market to businesses. In addition, they have a very robust privacy policy. That’s no guarantee however.

It’s all about threat modeling. Are you trying to make sure Comcast or Verizon doesn’t make you a cow they can sell? Then use a VPN. Are you trying to illegally pirate things? First of all, you’re a terrible person. That’s what it says, you’re a terrible person. We weren’t even testing for that. (#Portal2Quote). And second, you’re still going to get busted. If the government shows up with a warrant, the company will snitch on you. Your $5-$15 a month will not make someone go to jail for you. Now some VPNs don’t keep logs (allegedly) but we don’t have time to go down that rabbit hole. Separate article on VPNs remember?

Setting up Streisand

Streisand offers so many different VPN technologies that I’m not going to take the time to explain how to setup each (Streisand will tell you how to do this yourself. For all of your devices. It’s amazing!). However I will explain how to stand up a Streisand server.

To be clear, this WILL NOT work on a Windows computer. Streisand will run on a Linux or OS X computer. There are some ways around this, have a friend do this for you and have them give you the generated documents. Or, setup an Ubuntu DigitalOcean droplet and run the setup process there.

Another thing to clarify. When you run the Streisand setup script it will generate A NEW server to use. It will not use the system you are currently on. With all that out of the way, here are the basics to setup. For the prerequisites I recommend checking out the Streisand GitHub page

Get the up to date repository with the following command.

git clone https://github.com/jlund/streisand.git && cd streisand

To get things started type the following command

./streisand

The program will now ask for some input from you.


Choose your VPS provider (I like DigitalOcean). After that you will need to choose the data center location. I did the New York one.


Following that, choose a name for it. Give it your VPS token. For DigitalOcean, you will need to generate a new one. Be sure to give it the actual token, not the name of the token. Finally choose whichever SSH key you have registered with the service and hit go.

It usually takes between 10 and 15 minutes to setup everything. Once it’s done you will have a shiny new server with a bunch of VPN technologies all setup for you. You should have a new folder in your directory called “generated-docs”, and it will have a HTML file for you to see and explain how to connect to the server.

I would recommend Streisand to anyone who wants to take back their privacy, secure their connection the Internet, and learn a thing or two about technology.

Is Streisand perfect? No. No VPN is (not even Tor, and remember I run a Tor relay). However it makes you a tad more anonymous. You’re slightly more difficult to track and be monitored. Like I mentioned, all your ISP will see is you connecting to an encrypted VPN tunnel.

Hopefully as these big telecommunications companies continue to push to reduce privacy restrictions the Streisand Effect will be in full force and cause more people to speak out against these gross injustices.