アノニマスの見解 Ep.12: 公開ブロックチェーンの落とし穴

Hello everyone, and welcome back to アノニマスの見解. It’s been a while since the last episode. My apologies for the long delay.

Unfortunately, the forces of censorship and surveillance didn’t take a break during this period, and there’s a lot to catch up on.

As you might already know, Site Blocking has taken a turn for the worse, with DoS attacks against alleged pirate sites being proposed in government run study groups. CIRO and the Directorate for Signals Intelligence haven’t gone anywhere, and there’s no shortage of new hardware AND software vulnerabilities that threaten your privacy.

But today, we’re going to talk about something different; cryptocurrencies, and how they related to the idea of financial privacy. But first, some background.

In June of this year, Coincheck, one of Japan’s largest cryptocurrency exchanges, announced that it was suspending all trading in Monero, Zcash, Dash, and Auger… all currencies that are designed around the idea of user privacy. This was after the Financial Services Agency threatened stricter regulation of cryptocurrencies in Japan, strongly implying this was a response to government pressure.

Later that same month, the National Police Agency arrested multiple website operators for putting “Coinhive” into their websites. Coinhive is a distributed program that uses the computing power of website visitors to mine for Monero. But the NPA arrested them for violating a law banning computer viruses, implying they believed Coinhive to be a virus, even though there is no official judgement that this is accurate.

Finally, just last month, the National Police Agency announced their budget for 2019, including 2.7 billion yen to fight cyber threats. In that budget was a plan to purchase a blockchain surveillance system from overseas which would allow the NPA to gain a “bird’s eye view” of all transactions on the blockchains of major cryptocurrencies, including Bitcoin and Ethereum, and possibly others. While no information on this system has been announced, there is a high possibility that this surveillance system will be “Elliptic”, one of the most well-known and popular blockchain surveillance tools.

Based on all of this news, it’s easy to understand that the Japanese government is struggling to assert control over the world of cryptocurrency in Japan. Privacy-focused cryptocurrencies like Monero are attacked, while surveillance tools to watch open blockchains are installed. The media talks about these measures as necessary to fight criminal money laundering. But as we’ve said in previous videos, empowering an authority to protect you doesn’t protect you from the authority itself. And government surveillance over individual finance can create many negative and unintended side effects.

Firstly, it’s important to remember that historically, total surveillance and central control over individual finance was not the norm. Whether through cash or barter, individuals have been able to privately exchange value for centuries. Regulations evolved over time as a means to counter abuse, but total surveillance and control over finance is a relatively recent development. However, many developed nations now favour credit or electronic payment systems over cash. Some countries, like India, have even tried to eliminate cash entirely, though often with disastrous results.

While a cashless society seems convenient, it comes with one very big problem; it takes power away from individuals and gives it to large, centralized institutions. With cash, two individuals can exchange value freely. I can invite my friend over for dinner, give him cash in exchange for something, and nobody can really interfere in our transaction. But with cashless electronic payment, the company running the system can monitor every transaction, and even deny transactions it doesn’t approve of. In a worst case scenario, it could even cut a user off from the system entirely. We saw a vivid example of this in 2010, when multiple banks and credit card companies arbitrarily and simultaneously cut Wikileaks off from donations. The power of centralized financial institutions to crush dissent is very real.

The threat of this power is two-fold; on the one hand, government pressure can have critics arbitrarily cut off from all finance. But on the other hand, the threat of being cut off also discourages dissent, and encourages self-censorship.

This is where cryptocurrencies like Bitcoin enter the picture. Being a peer-to-peer system, cryptocurrencies have no central control. Much like cash, they allow individuals to trade freely with each other. But unlike cash, cryptocurrencies allow these trades to happen at any distance. Two users in different countries can freely exchange value, as long as both are connected to the internet. Certainly there is the possibility of criminal abuse, just as with cash. But it also creates a check against the abuse of centralized power.

However, there is one massive Achille’s Heel to many cryptocurrencies; the public blockchain. The blockchain is a completely public ledger of every transaction on the network. Every detail of every transaction is recorded and shared publicly. This means your wallet address, your IP address, account balance, and every transaction are public knowledge. Not even bank accounts or credit card companies share this much information about their users.

So, while cryptocurrencies allow free exchange of value between individuals, the total panopticon of the public blockchain means the association between individuals can still be policed. Cryptocurrencies still need to be exchanged for cash via exchanges, and if the government can monitor every transaction on the blockchain, they can still order exchanges to cut off users they don’t like. If you donate Bitcoin or Ethereum to an opposition party, or a government critic, your account can be flagged by the authorities. If you use Bitcoin or Ethereum to pay for anything personal or embarassing, this can be used to blackmail you. Knowledge of perfectly legal but private activities can easily become a tool of control.

It’s worth noting, this isn’t only a problem from the government. A total public blockchain means anybody can find all of this information easily. But, with specialized surveillance tools like Elliptic, the speed and scope of government surveillance is a much bigger threat.

So what can we do about it? First, we need to understand that totally public blockchains are bad for individual users. Unfortunately, this means that using Bitcoin or Ethereum will always be a risk. We need to start using, promoting, and fighting to normalize cryptocurrencies that embed privacy into their infrastructure, like Monero, ZCash, Dash, or Augur. If you have cryptocurrency in public blockchains, consider moving some of it to more private cryptocurrencies. And finally, reject centralized corporate control and build markets and businesses that respect the privacy of their users. No one person can change the world alone, but each individual can change the way they do business. And if we all change together, then maybe the world can change with us.

This was アノニマスの見解, and until next time… 待ち受けなさい。


SignalのAndroid版: https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms

SignalのiOS版: https://itunes.apple.com/jp/app/signal-private-messenger/id874139669

SignalのPC版: https://signal.org/download/











我々はLocalization Labに参加する世界中のボランティアと再び協力し、「Signal」というメッセンジャーアプリのAndroid版、iOS版、PC版において日本語の翻訳を完了しました。






BGM: CO.AG, “Cicada 3301”, https://www.youtube.com/watch?v=b73t9SLss8k



Twitter: https://twitter.com/JapanAnon
マストドン: https://pawoo.net/@JapanAnon














アノニマスの見解 Ep.11: 著作権への理解

Hello Internet. And welcome back to ANONYMOUS NO KENKAI.

It’s been an eventful few months in Japan. Since April, the Japanese government and NTT Communications have started blocking pirate sites for manga and anime. The industry in Japan has been complaining that these sites are costing them sales, pointing to declining revenue and blaming pirate sites (although they have yet to prove a causal connection between the two).

Japan is already notoriously tight-fisted about intellectual property. Last year, JASRAC expressed a desire to extort money from music schools on the suspicion that they might be playing copyrighted music. YouTube’s troubled ContentID system is largely the result of lobbying from Japanese corporations. And it isn’t just large corporations either. Smaller creators have been at the center of IP conflicts, including the creator of Teaching Feeling and more recently, the situation with Asgar Kishidan.

But Japan is hardly the only country to have this mindset. Just recently, the EU has introduce something called “Article 13”, which could require European ISPs to demand all online platforms screen user uploaded content for copyright violations, and prevent the availability of content deemed infringing. Sound familiar? Unlike ContentID, though, Article 13 would demand all online platforms in the EU adopt these measures or face penalties.

There are a variety of reasons to oppose laws like these. Whether its site blocking, YouTube’s ContentID or the EU’s Article 13, monitoring user activity for copyright protection necessarily entails creating a surveillance infrastructure, which will inevitably be abused. Automated copyright systems also fail to understand nuance, and issue false positives that violate Fair Use and other public interest exceptions to copyright.

But as so-called “pirate sites” and “illegal file sharing” continue to spur more and more draconian laws, perhaps we need to examine the issue more deeply. Because the root of this problem might not be content piracy at all, but a lack of understanding about the purpose of copyright and the idea of “digital goods”.

The idea of copyright emerged in the 18th century, following the creation of the printing press. The ability to easily print books threatened the income of writers, and so the government created laws to protect their right to benefit financially from their work. This began with laws like the British “Statute of Anne” and the Copyright Clause in Article 1 of the US Constitution.

At the time, copyright was a temporary and limited monopoly right. This encouraged the investment of time in the creation of new works. However, after a period of time for the creator to profit, the work would enter the public domain, allowing society as a whole to benefit from it. The needs of the creator were balanced with the public good.

As time went on, however, things changed. The length of copyright was extended. Intellectual property rights came to be owned not by individual creators, but corporations. And copyright was seen less as a temporary right to publish, and more as a permanent property right. In the US in particular, the length of copyright was extended every time Mickey Mouse was about to enter the public domain. The Walt Disney Corporation wouldn’t want to lose its most valuable property, now, would it?

But as the rights of copyright holders were expanded, the public good suffered. When the right to profit from a created work is virtually infinite, there’s less incentive to create new works. Even worse, copyright has had a profoundly negative impact on the preservation of older works. Anybody who attempts to restore, remaster, or archive an old movie or song could potentially be sued for copyright infringement by a rights holder, even when the work is no longer available. This has led to books and songs literally disappearing from the world, as making archives of them is literally a crime. There’s also the “orphaned works” problem, where the original copyright owner is unknown, so their work can’t be used for fear of potential future lawsuits.

But the biggest problem with modern copyright law is the emergence of the digital age, and the ability to render creative works in digital form. Modern copyright law is still rooted in an old concept of discrete physical copies. Books are printed on paper, CDs stamped out of plastic, etc. Making illegal copies used to be difficult and costly, and was usually only done to sell the copies for profit.

But now, digital reproduction is as easy as hitting Control C and then Control V on your keyboard. Data can be sent halfway around the world in seconds, at near zero cost. Many internet users violate copyright laws in small ways every day, without realizing it. Have you ever copied a photograph from a website and messaged it to someone? Or posted it on an imageboard? Congratulations, you could be guilty of copyright infringement. If that seems unreasonable, then maybe we need to rethink how copyright law should work in the modern world.

Of course, creators should still be able to profit from their works. The reasons given 300 years ago still make sense today. But protecting intellectual property rights at the cost of other more important rights (such as communications privacy and free speech) is an insane solution. If you create a surveillance panopticon just to protect the financial interests of companies, you create a net loss to society.

If companies and creators want to thrive in the digital age, they need to accept the new reality and try to serve this new market. First, they need to accept that they can’t treat digital contents as “goods”. Information cannot be treated as a commodity because it has no scarcity; it can be reproduced and distributed at near zero cost. Additionally, digital distribution means the logistics costs are drastically lower. Considering this, the price of most digital contents are unneccesarily high. And companies that refuse to embrace digital distribution are just putting unneccesary barriers between themselves and their customers, which does nothing but reduce their sales.

In addition, they need to accept that “remix culture” is a part of the internet. From MAD videos to photoshop competitions, non-profit remixing is a natural part of how people enjoy media online. This is far from harmful to copyright holders. On the contrary, this is how many people learn about new works, and some of them go on to be paying customers.

Finally, contrary to what most companies think, users want to support creators that they like. If a creator builds goodwill with his audience, they’ll support him out of appreciation more often than not, even if they could easily copy his work for free. But if the creator is hostile to his audience, don’t be surprised if they’re hostile in return.

While many people want to treat piracy and copyright infringement as a legal problem, the fact is, it makes more sense to treat it as a marketing problem. If the price and the market model don’t reflect the demands of the market, piracy will emerge as a consequence. But if creators adjust their model to meet the demands of the market, they might find that the problem solves itself without the need for any laws at all.

Of course some companies, especially the very large and very old ones, will refuse to change. But the scribe and the buggy whip maker tried to resist the rise of the printing press and automobile respectively. And the only place either of them belong now, is in the history books.

This was ANONYMOUS NO KENKAI, and until next time…MACHIUKENASAI.

アノニマス:サイトブロッキングに対抗する措置の第1段階、「Onion Browser」

Onion Browserのダウンロード:

Hello people of Japan. We are Anonymous.

In April, we announced our campaign against Site Blocking by the Japanese government. Since then, the situation in Japan has continued to deteriorate. On April 23rd, NTT Communications agreed to cooperate in blocking websites, in violation of the Right to Communications Privacy outlined in Article 21 of the Japanese Constitution.

More interestingly, NHK and The Intercept revealed the existence of several SIGINT organizations in the Japanese government, including the Directorate for Signals Intelligence (DFS) and the Cabinet Intelligence and Research Organization (CIRO). These groups routinely collect the private communications of Japanese citizens, in deep cooperation with the American National Security Agency, proving that the Japanese government has no respect for Communications Privacy.

NTT Communications and the Japanese government say they can be trusted not to abuse power, but their actions tell another story. In order to protect the Right to Privacy enshrined in the Japanese Constitution, it is necessary for every citizen to take matters into their own hands.

Which is why we are proud to announce that the first stage in our plan to provide secure communications to the Japanese people is finally complete. In cooperation with the Localization Lab, we and other volunteers around the world have fully translated “The Onion Browser” into Japanese.
というわけで、今回の動画では、日本の人々に安全な通信を提供する我々の計画の第1段階の完了、及びその内容を発表したいと思います。ネット上に「Translation Lab」という翻訳を主にたずさわるローカライゼーション団体があります。そしてこの団体に参加する世界中のボランティアと協力し、我々は「Onion Browser」の日本語への翻訳を完了しました。

“Onion Browser” is an iOS version of the Tor browser, allowing iPhone and iPad users to easily bypass site blocking techniques used by Japanese ISPs. It also provides a layer of protection against surveillance, restoring privacy to internet users.
「Onion Browser」はiOS版のTorブラウザアプリです。このアプリで、iPhoneまたはiPadのユーザーは容易にプロバイダーのサイトブロッキングを擦り抜けることができます。そしてこのアプリを介した通信はTorネットワークを介するので、監視に対する防衛にもなります。

While Apple devices are far from anonymous, the fact remains that iPhones and iPads are quite popular in Japan. Rather than make the perfect the enemy of the good, we will provide solutions that work for the present reality, and hope that Japanese users will embrace more privacy-respecting technology in the future.

The Japanese version of Onion Browser can be download for free from the iTunes App Store right now, and if you are an iOS user we encourage you to download it as soon as possible.
日本語版のOnion Browserは今すぐにでもiTunesのアプリストアから無料ダウンロードできます。iOSユーザーにダウンロードを強くお勧めします。

But this is not the end of our efforts. This is only the beginning. We will continue to translate software, and spread knowledge to the Japanese people so that neither government agency nor company can easily violate their Constitutional rights.

We are Anonymous
We are Legion
We do not Forgive
We do not Forget
Expect us.

How to Buy アスガル騎士団’s “ROBF”

・What is it?
ROBF is an Ero Doujin battle game created by アスガル騎士団 (Asgar Kishidan).

・Where can I buy it?
On DMM (Membership Required).
on DLSite (No Membership Required).

The creator of ROBF is working to make his games available on more English platforms. He’s also looking to set up a Bitcoin tip jar for those who prefer cryptocurrency. This information will be added when available.

・I already downloaded this for free. Why the hell should I pay this guy?
The Long Version:

TL;DR: Recently, copies of ROBF started getting passed around on 8chan, causing the creator to go on a fruitless DMCA takedown spree. Attitudes towards software and the internet being very different between Japan and the West (for various reasons) this lead to misunderstanding, and hostility.

After we reached out and explained the benefits of treating foreign users as potential customers instead of pirates, he agreed to take steps to make his work easier to access for overseas fans. If the positive steps made by Asgar Kishidan are met with increased sales, it would set a positive precedent that would encourage more Doujin artists to open up to their overseas fandoms. Also, if you enjoyed the game, wouldn’t you rather he felt motivated to make more, and to cater more towards you as an audience?

・The DLSite download page is all in Japanese, how the fuck am I supposed to figure this shit out?
The creator of ROBF is working on registering his game with DLSite’s English portal. In the meantime, however, the Japanese sales page is the only one that works.

Follow this step-by-step guide:

1: Go to the DLSite link and click on カートに入れる (Add to Cart)

2: Click on the Cart Icon on the top.

3: Click on クレジットカード (Credit Card). Other payment options such as Conbini Pay and Webmoney are Japan-only.

4: Enter an e-mail address (and again to confirm). Temporary e-mail services like GuerillaMail should work fine. This was successfully tested with GuerillaMail. Then click on 取扱いに同意して確認ページへ (Agree and go to confirmation page).

5: Click on テストメール通信 (transmit test mail) to confirm your e-mail address, and check your inbox to make sure it worked.

6: You should see テストメール通信完了しました (test mail transmission complete). Now click 外部決済へ (to external payment).

7: You will be redirected to an external payment portal (www5.econ.ne.jp). Online prepaid credit cards should work, as well as regular credit cards. This has been tested with a Japanese VPreca prepaid credit card.

Enter your card number, expiry date, cardholder name, and CVV, then click 次へ (next).

8: Confirm the information and click 注文確定 (settle order).

9: You’re done. If you feel so inclined, click ダウンロード to download the official Japanese version.

Thanks for supporting improved relations between Japanese Doujin creators and overseas fans.


Hello People of Japan.

We are Anonymous.

In March 2018, Chief Cabinet Secretary Yoshihide Suga announced that, to combat the rise in manga piracy, the government was “considering all measures including site blocking”.

In early April, the Japanese government announced, in spite of the clear violation of Article 21 of the Japanese Constitution, that it would seek the cooperation of Japanese ISPs to block suspected pirate sites,

The government’s justification for this is to regard content piracy as a “present danger” under Article 37 of the Penal Code, which states “An act unavoidably performed to avert a present danger to the life, body, liberty or property of oneself or any other person is not punishable”.

Indeed, we can recognize a “present danger” here, but not in the form of manga piracy.

Government censorship, violation of Constitutional law, breach of communications privacy…these “present dangers” are right before us.

We do not speak in favor of piracy sites, nor do we defend them. That is not the reason we are speaking out on this issue.

But justifying government-ordered site blocking under Article 37 of the Penal Code is not only ludicrous, it’s also dangerous.

No matter what impact pirate sites may or may not have on the manga industry, the loss of profits can never be a considered a “present danger” in any way. Widening the definition of Penal Code Article 37 to such a ridiculous degree only invites further abuse, as other information and activities can easily be judged as more harmful than mere copyright infringement, and worth blocking.

The use of Penal Code Article 37 that allowed the blocking of child pornography sites raised concerns about a slippery slope of widening censorship. We were told that this was only a limited exception to Article 21, and there was no need for such fears. And yet now we are witnessing the slippery slope in action.

Even without a binding law, requests for voluntary cooperation to ISPs by the police or government are a form of pressure. The position of power government holds effectively coerces cooperation, making any such requests de-facto demands.

Further, asking ISPs to block access to certain sites encourages them to track the browsing habits of Japanese internet users more generally, which violates privacy of communications and expands the surveillance state.

We strongly condemn any site blocking requests from the government, and urge Japanese ISPs to refuse these requests and defend users’ Article 21 rights to privacy, and against censorship. These are actions we would expect from authoritarian countries like China and North Korea, not a Constitutional Democracy like Japan.

However, merely asking the government and ISPs to stop is not enough. It is necessary for Japanese users to secure their own privacy and freedom from censorship. To make this possible, we strongly recommend the use of Tor or a VPN. We will escalate our work to provide Tor and other VPN software in Japanese, as well as information on how to use this software to bypass site blocking.

We urge all Japanese internet users to begin using Tor and VPNs now. The more people can easily bypass site blocking, the more ineffective government censorship becomes. And as for the politicians who desire to violate their own Constitution in the name of censorship powers….

Please learn how to feel shame.

We are Anonymous.
We are Legion.
We do not forgive.
We do not forget.
Expect Us.

アノニマスの見解 Ep.10: フィッシング・バカ日記

Hello again, Internet. And welcome back to ANONYMOUS NO KENKAI.

Almost exactly one year ago, in March of 2017, we talked about surveillance and the cost of enforcement in Episode 3. At the time, the Japanese government was steamrolling through the Conspiracy Law and giving the Police worrying new powers to spy on the population.

Since then, we’ve heard very little about the Conspiracy Law, or government surveillance in Japan. But no news is not necessarily good news. Covert surveillance being what it is, we often only hear about it when it’s already too late, and rarely through mainstream channels. In fact, there’s reason to believe that the Japanese government is actively involved in monitoring its citizens right now. But as usual, to understand how, we need to look at some other news.

In October of 2017, Kaspersky Labs discovered a new breed of Android malware, which it named “SkyGoFree”. When news about SkyGoFree started appearing in early 2018, it was obvious this was a cut above your common Android trojan. Rather than serving up spam or installing crypto miners, SkyGoFree gave the attacker full control of the device. It could track location, record audio and keystrokes, and exfiltrate all data, including from the clipboard. It even had the ability to use “geofencing”; If GPS data showed the device was inside a target location, the microphone could automatically start recording and send the data to a remote server.

SkyGoFree also had custom payloads that targeted specific Social Media applications, including Facebook, WhatsApp, Viber, and (of particular interest to Japanese users) LINE. It could also secretly connect to malicious wifi hotspots, even if the user had wifi deactivated, making it easier to monitor targets.

Fortunately, SkyGoFree can’t very easily install itself on a target device. The usual method for infection is to direct a target to a fake website that imitates their mobile carrier, then trick them into downloading and installing an infected APK. SkyGoFree victims were almost exclusively found in Italy, so this isn’t a worldwide phenomenon. But the capabilities of this malware suggested it wasn’t some low level criminal operation. SkyGoFree was very likely developed as a Lawful Intercept tool for government and corporate use.

Who made SkyGoFree? That remains unknown, but Kasperky’s analysis of the source code found two things. First, comments were written in Italian. Second, certificates and control servers repeatedly used the word “negg”. Most media outlets talking about SkyGoFree have been careful to avoid making any accusations…it’s good way to get in legal trouble, so that’s understandable. But the fact is, there is an Italian IT company called “Negg International”, which offers cyber-security and mobile app services.
誰がSkyGoFreeを作ったかまだ不明です。でもカスペルスキーによるソースコードの分析に基づいた2つの手掛かりがあります。まず第一に、ソースコードのコメントはイタリア語で書かれました。第二に、「negg」という名前は認証と指令管制サーバーで用いられます。法的責任を恐れ、ほとんどのニュースサイトは非常に用心してSkyGoFreeについて報告していましたが、実は「Negg International」というイタリアのITセキュリティーとモバイルアプリ企業が存在します。

Attribution in cyber-security is notoriously difficult, and while the evidence pointing at Negg is compelling, it could just as easily be a red herring to throw off investigation. However, Italy is no stranger to spyware manufacturers. The now-infamous “Hacking Team” was an Italian company, after all. And after their fall from grace, it’s hardly impossible to imagine others would try to fill the gap.
サイバーセキュリティの世界にあって、責任帰属は非常に難しい問題です。Negg Internationalを示す証拠は有力ですが、真犯人は発覚を避けるための煙幕を作ったという可能性もあります。しかしそうは言っても、イタリアはマルウェア開発企業になじみがあります。評判の悪い「Hacking Team」はイタリアの企業でした。Hacking Teamが信用を失墜した後で、他の企業が市場の隙間を埋めると思ってもおかしくはないでしょう。

Now on to our second story. In March of 2018, The Citizen Lab reported that Egyptian and Turkish ISPs were redirecting non-HTTPS traffic to phishing sites that infected them with FinFisher brand government spyware, as well as cryptomining malware. This redirection was made possible by a piece of equipment called a “middlebox”, which transforms, inspects, filters, or otherwise manipulates traffic that passes through it.
次の話に進みましょう。2018年3月に、Citizen Labという人権団体の報告によると、エジプトとトルコのプロバイダーはユーザの暗号化されていないウェブトラフィックを偽サイトまでリダイレクトし、FinFisherという政府向けスパイウェアまたは仮想通貨マイニングマルウェアを感染させたという新事実が明らかにされました。これは「ミドルボックス」というネットワーク装置によって可能となりました。プロバイダーはミドルボックスを使って通信を傍受し、リクエストに応じて変更を加えることができます。

The middleboxes in question were PacketLogic brand devices, manufactured by a Canadian company, Sandvine (which was merged with an American company, Procera Networks, in 2017). Among other things, PacketLogic middleboxes are capable of something called “deep packet inspection” or “DPI”. This lets them study the contents of user web traffic, and change, redirect, or block it as desired.
問題になっているミドルボックスは「PacketLogic」というブランド名の装置でした。メーカーは「Sandvine」というカナダの企業です(そして2017年にProcera Networksというアメリカの企業と合併されました)。他にも多数の機能がありますが、Packet Logicのミドルボックスにはディープ・パケット・インスペクション(DPI)の機能があります。DPIを利用すれば、プロバイダーが通信の内容を傍受、変更、リダイレクトが可能で、思うがままにブロックすることができます。

Using Sandvine equipment, ISPs in Turkey and Egypt would detect unencrypted web traffic and redirect it to phishing sites, most likely at the request of the government, who could use spyware infected phones to spy on their citizens, and use cryptominers to fund their own black budgets.

So why is this important? What do Italian Android spyware and Turkish ISP middleboxes have to do with surveillance in Japan?

First of all, it’s already known that the Bureau of Public Security was in the market for Italian spyware in 2014. At the time they were buying Hacking Team’s “GALILEO” software, but it’s unknown whether they actually purchased it, or whether they used any other suppliers.
先ずは、2014年に日本の警視庁公安部がイタリアのスパイウェアの購入を希望していたことは既に知られています。あの時に彼らはHacking TeamのGALILEOスパイウェアを買おうとしましたが、結局Hacking Teamまたは他の供給者のスパイウェアを買ったかどうかは知られていません。

Regardless, the fact that they want spyware makes it safe to assume they intend to use it, and that they’ll seek to keep their spyware arsenal up to date. It is well within the mandate of Public Security to monitor anti-war, anti-globalism, and other social movements. The Conspiracy Law only makes it easier for them to do so.

Secondly, the same PacketLogic devices used in Turkey and Egypt also exist in Japan. In July 2015, Procera announced that Softbank would use PacketLogic middleboxes for their LTE network. It’s unknown whether these devices are deployed on other telecom carrier networks, but it’s likely they have similar equipment.
次は、エジプトやトルコに利用されたPacket Logicミドルボックスは日本にも利用されています。2015年7月に、Procera Networksは、ソフトバンクがPacket LogicをLTEネットワークに使用すると発表しました。他のテレコム会社が使うかどうかは知られていませんが、類似の装置は利用されている可能性は少なくないでしょう。

So, to recap: Public Security is responsible for monitoring social movements. Public Security almost certainly uses spyware. At least one Japanese telecom giant uses equipment that can infect smartphone users with spyware. And the Conspiracy Law makes it legal to use spyware on civic groups. Is the Japanese government actually doing this? Maybe. But doo they have the ability to do it? Absolutely.

We said this one year ago, but it bears repeating: if you are part of any social movement in Japan, you cannot afford to assume you are not a target. Even one lapse of judgement with your smartphone can turn you into a walking wiretap. Cyber-security is everyone’s problem, and it only takes one person to compromise the security of an entire group. So if you don’t want to be the weakest link, here’s some advice for you to follow:

Always check the URL of a site you visit, especially if you need to enter passwords or other sensitive data. Phishing sites often use similar-looking URLs, so if you feel something is suspicious, check carefully. Also, make sure the site is using HTTPS. You can usually see a green lock icon next to the URL. If a site that looks like your mobile provider or internet company is pressuring you into downloading an “update” or “virus cleaner”, consider that it might be a trick and do some research first.

If possible, use different devices for your activism and your daily life. If you have a smartphone you use for casual web surfing and social media, do not use it to communicate with your activist group. You’re more likely to visit infected sites or click on links during personal web surfing, so using the same device for both increases your risk considerably. It’s easy to go to a used electronics shop and buy a seperate laptop, phone, or tablet cash and carry. For bonus points, install a non-commercial OS like Qubes, Copperhead, or at least Lineage.

Don’t use the same accounts either. Even if you have to use the same device, using personal e-mail or social media accounts for activism is dangerous for the same reasons. Ideally, you should be using non-commercial open-source services hosted outside the country for things like e-mail and cloud storage.

Using a pocket wifi device is better than using an internal SIM card, or public wifi. Personal pocket wifi gives you more control over when your device is connected or not, as well as how many people are using the connection.

Use Tor or a out-of-country VPN for all online activism. When connecting your devices to the internet, you need to remember that your ISP is probably helping to spy on you. An encrypted tunnel to an out-of-state VPN makes it harder to monitor or tamper with your traffic.

Don’t use Apple products for activism. iCloud may be safe against most criminal hacking attempts (usually), but Apple has been happy to cooperate with government spying requests in China and elsewhere. iPads and iPhones are also harder to modify and change OS on. Android is far from perfect, but at least it gives you more options.

Similarly, don’t use big name social media for activism. Find and use an open source platform that does not rely on the central control of a commercial entity. Like Apple, Facebook, Twitter, and LINE will share your information with the police if ordered to.

Encrypt. Everything. Always. Never ask yourself if it’s necessary. It’s always necessary. It costs you nothing but time, and a little effort in the short term can save you a lot of trouble later on.

And finally, encourage all your members to share the same security practices. You can have the best security in your group, but if everybody else is infected with spyware, it doesn’t matter.

As the world spins deeper and deeper into dystopia, cyber self-defense becomes more and more a crucial life skill. If you get lazy about your security now, you might find it’s far too late when you come to regret it.

This was ANONYMOUS NO KENKAI, and until next time… MACHIUKENASAI.

アノニマスの見解 Ep.9: 「私の安全に対して誰が責任を持っているのか?」

Hello internet. And happy birthday to ANONYMOUS NO KENKAI, which is now one year old.

Sadly the series has lagged behind “once a month” like I had originally planned, but I’d rather focus on quality over quantity, so every two months might be more realistic. My apologies.

We spent a lot of time over 2017 talking about the Why and How of personal privacy and anti-surveillance. We talked about the dangers of the filter bubble and the skinner box, we talked about the dangers of government surveillance power, and we also talked about the tools you can use to protect yourself from both. But there is one more issue that needs addressing. What if these anonymity and privacy tools are abused?

As much as some try to paint the question as concern trolling, it is a valid one and it needs to be addressed. Encryption tools like Tor and PGP are free and available to all, which means they’re available to criminal groups as well. Crimes can be planned in encrypted chat. Harassment and abuse can hide behind Tor or a VPN. Private information can be anonymously leaked to the internet. The so-called Dark Web is home to a lot of morally questionable, even outright criminal onion sites.

To be clear, these are all terrible things. And they need to be opposed, and victims protected. But every time a bad actor earns the spotlight by doing these things, people point to their abuse and claim this is the reason why privacy tools should be kept out of common hands. But is this really fair?

It would be cliche to talk about how any tool can be abused; knives can cook dinner or slit throats, trucks can delivery goods or ram into crowds, etc. It would also be cliche to talk about how everybody has curtains on their windows and locks on their doors. These arguments, while valid, don’t really get to the heart of the matter. To understand this issue, the question we need to ask ourselves is, “Who is responsible for my safety?”

Safety is important, of course. It ranks second in Maslow’s hierarchy after physiological needs. But not everybody will see eye to eye on best way to maintain it, especially on the societal level. In our modern world, the standard is to entrust the government and police with our safety. And to a certain degree, that works. But it comes with a price.

When you outsource your security, you’re taking power out of your own hands and giving it to someone else. This opens you up to considerable risk. Sure, the police can protect you from criminals. Maybe. But if the police become corrupt, who’s going to protect you from them? If you give up the ability to defend yourself, or make self-defense illegal in the name of “public safety”, all you’re doing is exposing yourself to more danger in the long run. There are more than a few countries who put all of their trust in the State and ended up regretting it. Power does corrupt, after all. Even if you like and trust the police now, things can easily change in the future.

Ask yourself this: which would you prefer, having multiple weaker enemies and the ability to defend yourself, or being completely helpless against one powerful enemy?

Chinese people gave their government total control of the internet. Now the Communist Party of China monitors every citizen, and controls every word. North Korea is even worse. The Americans gave in to fear, and now look at the surveillance police state they live in.

Modern Japan is largely a safe country. The police do their job reasonably well… though when they make mistakes or go too far, the consequences can still be terrible. But in the online world, things are a bit different. As we’ve already talked about before, police and governments around the world seem to think that a Total Surveillance Panopticon is a good solution to policing the Internet. We, of course, disagree.

We feel that individuals on the Net are best served by having access to the tools and the knowledge to defend themselves. Yes, bad actors will take and use these tools too. But there are bad actors everywhere in life, and the only way to be completely safe at all times is to live in prison. The police will still investigate and arrest criminals, as they should, but everybody should also have the right…and the responsibility…to learn the basics of online security, and make their own choices about what risks they want to take. Anyone who tries to take that right away from you could potentially end up a bigger threat than any criminal.

And as for these bad actors themselves, the ones using privacy and anonymity tools for harmful ends, there’s really only one thing to say to them…

This was ANONYMOUS NO KENKAI. And until next time…MACHIUKENASAI.

分散的動画サイト「SPKOUT」 :日本語のユーザーガイド