Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dissidents Seeking Anonymous Web Solutions?

Posted by Cliff on from the browsing-without-regard-for-politics dept.

DocMurphy asks: "I'm working with some dissidents who are looking for ways to use the Internet from within repressive regimes. Many have in-home Internet access, but think it too risky to participate in pro-freedom activities on home PCs. Internet cafés are also available, but although fairly anonymous, every machine may be infected with keystroke loggers that give governments access to and knowledge of 'banned' sites. Dissidents not only want to remain anonymous themselves, but also wish to not compromise the sites they access. Any suggestions for products/procedures/systems out there making anonymous access & publishing a reality under repressive regime run Internet access?"

27 of 684 comments (clear)

  1. write in advance, encrypt and email it by maharg · · Score: 4, Informative

    write it in advance, take it to the cybercafe on a floppy, pgp it, email it to someone you trust (or an automated publisher)

    --

    $ strings FTP.EXE | grep Copyright
    @(#) Copyright (c) 1983 The Regents of the University of California.
    1. Re:write in advance, encrypt and email it by maharg · · Score: 2, Informative

      oops, meant pgp, then put it on the floppy

      --

      $ strings FTP.EXE | grep Copyright
      @(#) Copyright (c) 1983 The Regents of the University of California.
    2. Re:write in advance, encrypt and email it by FreezerJam · · Score: 5, Informative

      Just beefing that up a bit...

      In general keep needed software and materials off the machine, on usb key only. Ideally, use an OS with no swapping. Keep the USB key in a shielded housing when not in use to prevent locating it due to active components.

      Regularly use the machine for innocuous activities, so that there is a record of something. Regularly use an identical usb key with the system, to provide cover in the event you are seen with the device (see below), and to provide a reason for any needed drivers on the machine.

      To send...

      1) write it in advance
      2) PGP it
      3) steganographically hide it
      4) take it to the cybercafe on a floppy/usb key
      5) upload it to a public place where everyone can see, so it is hard to track receipt
      6) Afterwards, out-of-band relay to a contact where to find it. If you relay ahead of time, a compromised contact could leak where to look for you. THIS IS THE HARDEST PART. It is effectively your key-exchange process.

      For receipt...

      1) Beforehand, find out where to look for what. THIS IS THE OTHER HARDEST PART. It is effectively your key-exchange process.
      2) at cybercafe, download uninteresting materials
      3) at home, de-steg and de-crypt
      4) store only if needed on key

      Regularly upload and download un-steg (no payload) and random steg (random payload) materials to defeat traffic analysis.

      If you have any time left over after all this, you can use it to be a dissident. However, you should regularly do other things such as get a job or have a family to provide a plausible reason for your existence.

    3. Re:write in advance, encrypt and email it by Simonetta · · Score: 4, Informative

      write it in advance, take it to the cybercafe on a floppy, pgp it, email it to someone you trust (or an automated publisher)

      This wouldn't work in the People's Republics where sending and receiving encrypted messages is illegal.
      In this case, perhaps encrypting the message and putting the message inside a photograph using a stegnography program would work for a while.
      Eventually the police will learn about stegnographic programs and test all photos leaving the country on the web for any messages. There aren't that many commercial steg programs around.
      In brutal repressive regimes, the primary means of gathering information on the resistance is through informers. Eventually the police arrest everyone and offer them the deal of either spy on your neighbors and friends or rot in prison forever. The former East Germans were the masters of this. Almost everyone was forced to spy for the secret police. When the government fell the people first burned down the internal security headquarters and the files. The Israelis also use this technique to control Palestine. But they are far too heavy-handed to be effective.
      Assume that the best scientists and engineers will be working to spy on people. The police can easily arrest these people for imaginary crimes and then offer them special treatment in exchange for their willing co-operation. An excellent novel on how this works is The First Circle by Aleksandr Solzhenitsyn, writing about the slave labor camps for scientists in the Stalinist USSR.

    4. Re:write in advance, encrypt and email it by Krunch · · Score: 3, Informative

      Maybe Tinfoil Hat Linux could be useful to someone after all.

      --
      No GNU has been Hurd during the making of this comment.
  2. Onion Routing by Anonymous Coward · · Score: 3, Informative

    http://tor.eff.org/

    1. Re:Onion Routing by A8bbNjwk · · Score: 2, Informative

      Tor is not steganographic. If the regime decides that simply using Tor is reason for suspicion or surveillance, all they have to do is monitor for outgoing TCP connections on port 9001. Tor also sends packets in standard sizes. Cue thugs breaking down your door.

      I think they would say that Tor is not designed for this "threat model". This is not to say that onion routing could not be used for this purpose if it were better hidden.

      Sending an encrypted message drive-by style over an open WAP seems to pretty secure, as long is it is not near your home and you don't use it more than once.

  3. Use the Circumventor. by Silverlancer · · Score: 4, Informative

    PeaceFire distributes a free program called the Circumventor which can be used (by running it on a server in a free country) to safely and securely proxy out of a firewalled nation like China.

  4. Tor by Tack · · Score: 4, Informative
    Look at Tor. It works well.

    Jason.

    1. Re:Tor by geminidomino · · Score: 3, Informative

      If it works at all.

      Wholesale blocking of Tor nodes as they are identified has become popular because, like anything remotely useful, it's been abused by spammers, stalkers, and other general asshats.

    2. Re:Tor by elemental23 · · Score: 2, Informative

      As far as spam goes, Tor nodes will be blocked only by mail server admins who don't know how Tor works or that the default exit policy is to disallow outbound port 25.

      Details

      --
      I like my women like my coffee... pale and bitter.
  5. There is no anonymity on the internet by HighOrbit · · Score: 3, Informative

    Between IP-Addresses, MAC addresses, and dial-in-numbers, there is no anonymity on the internet. Any feeling of anonymity is an illusion. Best not to risk your life if a regime is that oppressive. Not even encryption is safe, because as you mentioned, keyloggers and silent listeners can capture passcodes and keys. If you must pass information, try it the old fashioned way - person to person or with a trusted intermediary.

  6. ssh by delirium+of+disorder · · Score: 2, Informative

    Google for free ssh connections, and chain a few of them together just to be sure. I run a free shell service myself (but its currently down for upgrading).

    --
    ------ Take away the right to say fuck and you take away the right to say fuck the government.
  7. https steganographic, encrypted proxies by js7a · · Score: 5, Informative
    From http://doc.asf.ru/Tools%20&%20Utilities.htm
    Corkscrew (Unix, Windows) : Tunnel SSH connections through an HTTP proxy.

    Curl (Unix, Windows) : Utility who permits to easily download and upload files by using different protocols: FTP, HTTP, HTTPS, Telnet, LDAP, ... Also supports proxies, cookies, authentification, resumes, ...

    DesProxy (Unix, Windows) : Tunnel TCP connections through an HTTP proxy, eventually by converting SOCKS requests.

    FizzBounce (Unix) : TCP redirector through HTTP proxies.

    HTTPort (Windows) [Closed source]: Tunnel TCP connections through the HTTP protocol, by simulating a SOCKS server, and by eventually using an intermediate server.

    HTTPTunnel (Unix, Windows) : Bidirectionnal tunnel through HTTP requests, eventually through an HTTP proxy.

    LibCurl (Unix, Windows) : Library who permits to easily download and upload files by using different protocols: FTP, HTTP, HTTPS, Telnet, LDAP, ... Also supports proxies, cookies, authentification, resumes, and lots of languages: C, C++, Perl, ...

    MultiProxy (Windows) [Closed source]: HTTP proxies tester. MultiProxy can be used as a proxy server who use a different proxy for each request.

    Numby (Unix) : Scanner for HTTP vulnerables proxies.

    Proxomitron (Windows) [Closed source]: Scanner and redirector through HTTP proxies, who can also delete or modify informations contained in HTML transferred pages. For example, this permits to easily filter automatic popups, DHTML or JavaScript.

    ProxyTools (Unix, Windows) : Set of Perl utilities, who permits to use, sort, test and search for HTTP proxies.

    TransConnect (Unix) : Transparently tunnel TCP connections through an HTTP proxy.

    Zylyx (Unix) : permits to access to files through HTTP proxy caches.

    1. Re:https steganographic, encrypted proxies by DrEldarion · · Score: 3, Informative

      Proxomitron [proxomitron.org] (Windows) [Closed source]: Scanner and redirector through HTTP proxies, who can also delete or modify informations contained in HTML transferred pages. For example, this permits to easily filter automatic popups, DHTML or JavaScript.

      I'd just like to say that this is one of the most wonderful programs of all time. Quite powerful.

  8. Dissidents, terrorists, what's the difference? by Anonymous Coward · · Score: 1, Informative

    Are YOU soft on terrorism?

  9. Re:And the entire internet is public.. by pcmanjon · · Score: 2, Informative

    Check out http://freenet.sourceforge.net/

    Its' free software which lets you publish and obtain information on the Internet without fear of censorship. To achieve this freedom, the network is entirely decentralized and publishers and consumers of information are anonymous. Without anonymity there can never be true freedom of speech, and without decentralization the network will be vulnerable to attack.

    Communications by Freenet nodes are encrypted and are "routed-through" other nodes to make it extremely difficult to determine who is requesting the information and what its content is.

    Users contribute to the network by giving bandwidth and a portion of their hard drive (called the "data store") for storing files. Unlike other peer-to-peer file sharing networks, Freenet does not let the user control what is stored in the data store. Instead, files are kept or deleted depending on how popular they are, with the least popular being discarded to make way for newer or more popular content. Files in the data store are encrypted to reduce the likelihood of prosecution by persons wishing to censor Freenet content.

  10. Re:Anything PRIVATE is also NOT safe... by Anonymous Coward · · Score: 1, Informative

    In repressive regimes, terrorizing people is the rule. They have physical access to every PC including the private ones. In Syria, and only a couple of years ago, you needed a "License" from the intelligence to use a "Fax machine" or a "Fax Modem". Only recently they started allowing non-govermnetal access to the internet.

    By the way, do you guys ever wonder how these people access the internet and use Windowz when every software license mentions Syria, N Korea and other terrorist countries as a nono?

  11. There is a way around software keylogers by deangelo · · Score: 2, Informative

    I'm supprised nobody suggested knoppix at an intenet cafe. Combine that with ssh and some free websites, never use the same place twice(website or cafe). Someone also suggested wardriving... come on, we can come up with some ideas that mitigate the risks can't we? Actually combine the leflet campaign as well, each new leaflet publication refers to a new free website, that is never accessed after initial publication... As for a hardware keyloger, they would log scan codes right? so us a non-standard layout, but that would be vulnerable to statstical attacks if there was any substantial amount of text, any suggestions here?
    codohundo

  12. Re:Freenet... not all that anonymous by Sanity · · Score: 4, Informative
    The Reg has an article that points out a soft spot in the supposed anonymity provided by Freenet.
    Yes, and the Freenet website has a response:
    A recent story in The Register claims to have exclusively discovered an "easy forensic attack" that would allow an attacker to determine what you had downloaded from Freenet. Whether raiding somone's home and gaining access to their computer can really be considered an "easy" attack is debatable, but either way this issue is not news to us, we have publicly discussed it as early as October 2003, when it was raised on our mailing list.

    The article doesn't point out that while the attack as described requires someone to have direct access to your computer, Freenet is not designed to thwart forensic analysis of your hard disk, but there are numerous tools which do that have been widely available for years. These tools can be used in conjunction with Freenet if you consider it likely that your home will be raided and your computer forensically analysed.

    Of course, even the theoretical possibility of this kind of attack is undesirable, and as the article points out, it will be addressed in the next major release of Freenet which we are working on at present.

  13. Re:And the entire internet is public.. by WhiplashII · · Score: 5, Informative

    Even better:

    1. Have a PC with a CDROM drive.
    2. Rent or borrow an SSH account outside the country.
    3. Boot PC using KNOPPIX (do not load hard drive)
    4. Open a connection through SSH that forwards a local to an anonymous proxy at the far end.
    5. Use 127.0.0.1 as your proxy address.
    6. Surf away!

    When done (or if the government busts in!), reboot your computer - no traces left. (Knoppix stores everything in RAM).

    Keyloggers do not work against you, because you are booting from known media. (On the other hand, if the NSA REALLY wants you, they will hack your bios - but no one else is probably that anal).

    --
    while (sig==sig) sig=!sig;
  14. Re:Q: by mad.frog · · Score: 4, Informative

    No, not quite.

    A dissident (my definition, anyway) expresses dissent by speaking, writing, or other nonviolent activity.

    A terrorist expresses dissent by violence, mayhem, murder, or destruction of property.

  15. Re:And the entire internet is public.. by Anonymous Coward · · Score: 5, Informative

    All you need to do is tunnel a local port over the ssh connection to a remote proxy.

    For example, you could forward local port 8888 to a remote SOCKS server (port 1080 is SOCKS) like so:

    ssh -L 8888:some-anon-proxy.com:1080 ssh-user@ssh-host

    That forwards port 8888 on your machine to some-anon-proxy.com port 1080 via the ssh tunnel.

    Then set your browser to use localhost port 8888 as the SOCKS proxy.

    Note that most SOCKS connections still do DNS from your local machine so you need to protect that by some method. To do that you either need to use SOCKS 4a (I think), use a non-SOCKS proxy (like HTTP proxy), or use a local proxy like privoxy that itself fowards to another proxy via the SSH tunnel.

    And there is always Tor.

  16. Re:And the entire internet is public.. by WhiplashII · · Score: 4, Informative

    The command is:

    ssh -L proxyport:proxyIP:proxyport sshServerIP

    for example:
    ssh -L 8000:lvsweb.lasvegasstock.com:8000 shell.frogstar.com

    Note that this is not untraceable - especially by the NSA. But other governments will have a difficult time with it.

    --
    while (sig==sig) sig=!sig;
  17. Re:Combatting keystroke loggers by bpfinn · · Score: 2, Informative

    Since keyloggers don't track mouse movements or clicks, the phisher wouldn't be able to breakdown and harvest the password from the keylogger.

    I believe the "Perfect Key Logger" from Blazing Tools takes a screenshot everytime you click the mouse. Their web page also says it captures passwords typed in fields obscured with asterisks.

  18. Re:American dissidents persecuted by Secret Police by jmorris42 · · Score: 4, Informative

    > There are many posters on fark.com who tell of farkers getting
    > intimidation visits from teh Secret Police

    Yo, cornholio. This IS Fark, right? And you believe anything written there? Yea, right. All the zaniness of the Moveon.org crowd without the maturity. And that is saying something. Hint: don't lieten to what the tinfoil hat crowd says, they ain't sane. Not saying that the Secret Service doesn't at least keep an eye on even low threat sites like Fark, but I seriously doubt they would waste their limited manpower harassing a random leftist posting "death to Bush" threats there unless they had their profile linked with accounts on more seriously dangerous sites.

    And besides, death threats against a President should be taken seriously, and shouldn't be protected by the 1st Amendment. It isn't like the odds of surviving being elected President of the US isn't already worse than being shot into space, lets not make em worse by inventing a constituitional right to make death threats against the poor bastards.

    Lets review recent history, shall we? (Warning, flamebait)

    Bush II: The Deaniacs are this >< close to launching suicide bombers against him. I'd be shocked if he makes it to the end of his term without somebody taking a shot. And depending on where that last airliner was bound and whether they knew he wasn't home at the time you could say Osama already give it a go.

    Clinton: Somebody crashed a fscking airplane INTO THE WHITE HOUSE. Of course he left a trail of blood in his own minions. (Ron Brown, et al.)

    Bush I: Ok, so nobody tried to kill him until he left office.

    Reagan: Blamo. But they just don't make crazed gunmen like they used and he didn't succeed. For which the world should give thanks, otherise half the world would still be under the darkness of Soviet Communism.

    Carter: I seem to recall a nutjob taking a run at him. Or was it Ford.

    Ford: See above.

    Nixon: Nobody tried to shoot him. Nobody even really wanted to, except some of John Kerry's more extreme friends. Which says volumes about how far public civility has sunk in the interveening time.

    Johnson: Well he probably assumed by office by assination, but that doesn't count, does it?

    Kennedy: Blamo. See above.

    --
    Democrat delenda est
  19. Re:And the entire internet is public.. by Jack+Taylor · · Score: 4, Informative

    Knoppix stores everything in RAM

    Not entirely true. Knoppix searches for and uses existing unix swap partitions. To stop it doing this you should pass the 'noswap' option at boot. Look at the Knoppix Cheat Codes page for evidence, and for other boot options.

    --
    One good turn - gets all the covers.