Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dissidents Seeking Anonymous Web Solutions?

Posted by Cliff on from the browsing-without-regard-for-politics dept.

DocMurphy asks: "I'm working with some dissidents who are looking for ways to use the Internet from within repressive regimes. Many have in-home Internet access, but think it too risky to participate in pro-freedom activities on home PCs. Internet cafés are also available, but although fairly anonymous, every machine may be infected with keystroke loggers that give governments access to and knowledge of 'banned' sites. Dissidents not only want to remain anonymous themselves, but also wish to not compromise the sites they access. Any suggestions for products/procedures/systems out there making anonymous access & publishing a reality under repressive regime run Internet access?"

5 of 684 comments (clear)

  1. Anything public is NOT safe... by garcia · · Score: 4, Interesting

    Internet cafés are also available, but although fairly anonymous, every machine may be infected with keystroke loggers that give governments access to and knowledge of 'banned' sites.

    I would think that Internet Café "spies" would be more useful than keyloggers to the authorities looking for dissidents. Unless these connections are somehow routed through multiple anonymous/encrypted proxies and hopping through open WAPs I really don't believe that a public terminal is in any way "safe".

    A stalker that I had earlier this year was easily located via tracking his IP and figuring out which coffee shops and libraries he was using. The libraries all went through a single county-wide proxy and narrowing his location down on a Sunday was easier than you could possibly imagine (all satellite locations in the county were closed except one).

    If I could track someone down that easily imagine what the members of a Gestapo looking to do more than end some harassing emails could do, especially when they might have a network of spies watching public access locations in person.

  2. Tor-Over-Steganography by freality · · Score: 4, Interesting

    Neat idea.. perhaps there should be a Tor-Over-Steganography platform, to prevent the identification of Tor usage or some other method of information hiding. Otherwise, a regime can just shut down Tor(-ish) traffic.

    I guess the best way to get your message through the iron (red?) curtain is to piggy-back it on whatever the highest-volume public information stream is. That way the baddies would have to shut down all of that traffic and risk a large public pushback.

    In the case of China, I hate to say it, but if it's true that a lot of spam is outbound from their country, that would be an ideal place to hide information. Lots of spam has randomly generated text, so altering the frequency of that text in a fashion known only to sender and receiver could be used to encode an information channel, over which you could run a simple unicast stream, or something more decentralized, like TOR.

  3. Re:Combatting keystroke loggers by zr-rifle · · Score: 4, Interesting

    A good way to combat a software or even a hardware keylogger is use the mouse to type in letters in random positions.

    For example, if you need to type in your email password in a webmail autentication form, you could type the first part, say "bud", then click on another part of the desktop, say the url bar of the browser, type in some random garbage, move the mouse again and finish the password, adding "rose" to "rosebud".

    Since keyloggers don't track mouse movements or clicks, the phisher wouldn't be able to breakdown and harvest the password from the keylogger.

    PS. It also helps not to use obvious passwords like "rosebud" ;)

    --
    Hack your mind out of its sandbox.
  4. Re:And the entire internet is public.. by Anonymous Coward · · Score: 4, Interesting

    http://www.keyghost.com/sx/
    This device will happily log all your keystrokes whatever media you decide to boot from.

  5. Re:write in advance, encrypt and email it by Anonymous Coward · · Score: 4, Interesting

    use different cybercafes in a random manner... don't use the same machine at any cybercafe.

    Bad idea.

    If you naively use the same cybercafe each time, the police will be able to watch the cybercafe, observing who is attending whenever the suspicious stuff happens, therefore you will be found quite easily.

    If you visit different cybercafes each time to avoid this, the police will simply watch a few local ones. You will show up at each one when the suspicious stuff happens. It takes a few more policemen, but you actually get caught quicker.

    Another solution is to use the same cybercafe each time, but do so during lunch hour, and use one near to a school or something. Basically, you want to have your visits coincide with a lot of people at the same time, and the same people each time.

    Of course at this point, the government will simply run a check on each observed person and find that you have a computer and internet connection at home, which means that there's no reason for you to be visiting a cybercafe.

    The problem is that the police can predict your visits. If you wait a few months in between suspicious activity and there is no CCTV, then you can be reasonably certain the police won't be able to find you, as long as you don't use the same one each time. Presumably the police don't have the resources to track who uses which cybercafe at any given moment.