Slashdot Mirror
Dissidents Seeking Anonymous Web Solutions?
DocMurphy asks: "I'm working with some dissidents who are looking for ways to use the Internet from within repressive regimes. Many have in-home Internet access, but think it too risky to participate in pro-freedom activities on home PCs. Internet cafés are also available, but although fairly anonymous, every machine may be infected with keystroke loggers that give governments access to and knowledge of 'banned' sites. Dissidents not only want to remain anonymous themselves, but also wish to not compromise the sites they access. Any suggestions for products/procedures/systems out there making anonymous access & publishing a reality under repressive regime run Internet access?"
Internet cafés are also available, but although fairly anonymous, every machine may be infected with keystroke loggers that give governments access to and knowledge of 'banned' sites.
I would think that Internet Café "spies" would be more useful than keyloggers to the authorities looking for dissidents. Unless these connections are somehow routed through multiple anonymous/encrypted proxies and hopping through open WAPs I really don't believe that a public terminal is in any way "safe".
A stalker that I had earlier this year was easily located via tracking his IP and figuring out which coffee shops and libraries he was using. The libraries all went through a single county-wide proxy and narrowing his location down on a Sunday was easier than you could possibly imagine (all satellite locations in the county were closed except one).
If I could track someone down that easily imagine what the members of a Gestapo looking to do more than end some harassing emails could do, especially when they might have a network of spies watching public access locations in person.
Your parents' basement is not an oppressive regime.
Love,
People suffering under the oppressive regimes of employers
write it in advance, take it to the cybercafe on a floppy, pgp it, email it to someone you trust (or an automated publisher)
$ strings FTP.EXE | grep Copyright
@(#) Copyright (c) 1983 The Regents of the University of California.
http://tor.eff.org/
Freenet is the only solution I can think of, although it seems much slower than the common internet, and I'm not up to date on what content's available, but this is what freenet was made for.
http://freenet.sourceforge.net/
PeaceFire distributes a free program called the Circumventor which can be used (by running it on a server in a free country) to safely and securely proxy out of a firewalled nation like China.
Jason.
Connected to what when the government tracks everything and owns/controls all of the nations connectivity?
You may as well have suggested FDDI or gigabit ethernet would solve the problem.
Once you're inside of a 'repressive regime', it's a lot more difficult to circumvent than just pick a new network layer.
Lost at C:>. Found at C.
Between IP-Addresses, MAC addresses, and dial-in-numbers, there is no anonymity on the internet. Any feeling of anonymity is an illusion. Best not to risk your life if a regime is that oppressive. Not even encryption is safe, because as you mentioned, keyloggers and silent listeners can capture passcodes and keys. If you must pass information, try it the old fashioned way - person to person or with a trusted intermediary.
...cause there isn't enough tinfoil in the world for guys like this.
There are 01 kinds of cars in the world. The General Lee, and everything else.
Google for free ssh connections, and chain a few of them together just to be sure. I run a free shell service myself (but its currently down for upgrading).
------ Take away the right to say fuck and you take away the right to say fuck the government.
If you've gotten to the point where you're really worried about being caught and persecuted, perhaps the internet is not your safest bet, due to every reason being posted here, ie: keyloggers, etc. As much as you'd like to change your world, the "system" isn't going to make things easy for you to overthrow it. And the internet is very much a part of the "system." Unless you're ready to string up your own network and create a rebellion intranet, you're out of luck.
Just do what they do on the Sopranos: keep it low tech, use payphones, meet in person. If your cause it that important and you need to spread information, may I suggest a major leaflet campaign?
Bill Clinton: Pimp we can believe in. - The Shirt!!!
If you assume that any "public" PC is infected with a key logger, then you can NOT guarantee any level of protection, as they can always find the names of sites you type in, etc. You must have some level of trust on the PC before you can consider any solution. Beyond that, you would want to make use of an encrypted connection to a proxy or vpn outside the control of the regime, then access the content from there.
If you want to communicate with your fellow dissidents in secret, just broadcast it through a UPN affiliate. I guarantee NO ONE will ever see what you're up to.
Dear DocMurphy, Next time, please submit stories as AC. Posting your email address on the front page of slashdot is a poor way of achieving anonymity.
Olvesay the oblempray.
"It's a wonderful idea. But it doesn't work." -- Tad Danielewski
Beacuse:
A. Repressive regimes may not have a lot of unsecured open hotspots.
B. Repressive regimes may not have an abundance of wireless enabled laptops, and possessing one would draw attention.
C. Going from "inside the internet cafe" to "within 150' of the internet cafe" doesn't get you that much. Repressive regimes are pretty good with triangulation.
Any suggestions for products/procedures/systems out there making anonymous access & publishing a reality under repressive regime...
Which oppressive regime, the RIAA or MPAA?
-- If god wanted me to have a sig, he'd have given me a sense of humor.
There is no point in being a dissident if you choose to remain anonymous. How is anyone supposed to know what your motives are if they don't know who you are. And if you really care about the things you say, then you should be willing to take a stand for it. Any anonymous "dissention" is on par with raving on usenet and somewhere beneath private grumblings. Anonymous action, yes, can produce results. But anonymous words aren't worth the electrons they're displayed with.
How can one make sure that a perfect system will not be used by terrorists and human smugglers, child pornographers to hide their activities. This may be classified as "choose between the two devils"
geoaxis
5)Friend turns paid informant to the opressive government.
That will garuntee 6.
I still have more fans than freaks. WTF is wrong with you people?
DocMurphy you are an idiot. You are talking about working with people to commit treason against oppressive regimes. Maybe you don't understand what an oppressive regime actually is or something but here is a hint: they don't have and problems killing people. You are not only proposing to work with these people across international lines but then you post a question to slashdot about how to help them. Assuming you think you are serious and not just posting the question to generate responses, do you even have a fucking clues how something like this would actually work. You are not going up against your high school typing teacher here. Not only do virtually all regimes have computers they also have people that know how to use them. If you don't know this stuff you are going to get these people killed and really run the risk of getting yourself killed in the process (or imprisoned depending on US geopolitical concerns. If you have to ask slashdot and expect a bunch of pasty teenages reading the anarchist cookbook to give you advice on assisting an insurgency you have no business doing this. You don't think that suggesting they use some sort of encryption from their internet cafes isnt going to get them killed. Wouldn't an oppresive regime monitor communications coming out of an internet cafe? Please do not continue to try this. Giving any advice like this is akin to leading a children's crusade and every baron along the way is going to fuck you in the ass and all your children are going to get killed. You really need to learn how things work first in international smuggling of goods and information and being a technical advisor to an insurgency you are not part of is no fucking place for some stupid idealistic kid. You will, in all likely hood, end up in jail for this if you are lucky. Really, they will probably just kill you.
Check out http://freenet.sourceforge.net/
Its' free software which lets you publish and obtain information on the Internet without fear of censorship. To achieve this freedom, the network is entirely decentralized and publishers and consumers of information are anonymous. Without anonymity there can never be true freedom of speech, and without decentralization the network will be vulnerable to attack.
Communications by Freenet nodes are encrypted and are "routed-through" other nodes to make it extremely difficult to determine who is requesting the information and what its content is.
Users contribute to the network by giving bandwidth and a portion of their hard drive (called the "data store") for storing files. Unlike other peer-to-peer file sharing networks, Freenet does not let the user control what is stored in the data store. Instead, files are kept or deleted depending on how popular they are, with the least popular being discarded to make way for newer or more popular content. Files in the data store are encrypted to reduce the likelihood of prosecution by persons wishing to censor Freenet content.
Neat idea.. perhaps there should be a Tor-Over-Steganography platform, to prevent the identification of Tor usage or some other method of information hiding. Otherwise, a regime can just shut down Tor(-ish) traffic.
I guess the best way to get your message through the iron (red?) curtain is to piggy-back it on whatever the highest-volume public information stream is. That way the baddies would have to shut down all of that traffic and risk a large public pushback.
In the case of China, I hate to say it, but if it's true that a lot of spam is outbound from their country, that would be an ideal place to hide information. Lots of spam has randomly generated text, so altering the frequency of that text in a fashion known only to sender and receiver could be used to encode an information channel, over which you could run a simple unicast stream, or something more decentralized, like TOR.
You really need at least two external servers. Here's why:
Suppose the authorities notice dissident activity from the first external server. If they then determine that I've been making connections to that dissident server, I'll be put under investigation. Yes my data may have been encrypted, but the connection alone is enough to raise suspicion.
However, if I have two external servers, I use the first as a proxy to the second, and use the second to conduct dissident work. Since both servers are beyond the regime's control, they have no way of discovering the connection between them and attributing the dissident activity to me.
However, even this will leave you open to IP tracing (should a stream of encrypted traffic raise any flags), as well as wandering busybodies/spies/anyone willing to report your ass for a reward. Just a thought.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Make sure to speak in italics to ensure that the message is received.
Oh, wait.
I currently have no clever signature witicism to add here.
I don't care what you think. The US and its present president is not a repressive regime! I wish you damned democrats would just get over yourselves already. If you can post on Slashdot, you're not repressed. Obsessed maybe, possessed possibly, but not repressed!
There are many posters on fark.com who tell of farkers getting intimidation visits from teh Secret Police (AKA the Secret Service) simply because they happened to make offhand comments about news stories involving assassination attempts on the President.
For example, the other day in Russia (Georgia, actually) someone supposedly threw a gernade in Bush's direction. THe grenade never went off, but some people posted saying stuff like they hoped it, or something like that. The Fark admins posted in the thread saying that they had personal knowledge of Secret Police requests for such posters' IP numbers.
So the terrorists hate u for our freedoms, huh?
LOL!
eat shiat and bark at the moon
I'm supprised nobody suggested knoppix at an intenet cafe. Combine that with ssh and some free websites, never use the same place twice(website or cafe). Someone also suggested wardriving... come on, we can come up with some ideas that mitigate the risks can't we? Actually combine the leflet campaign as well, each new leaflet publication refers to a new free website, that is never accessed after initial publication... As for a hardware keyloger, they would log scan codes right? so us a non-standard layout, but that would be vulnerable to statstical attacks if there was any substantial amount of text, any suggestions here?
codohundo
Even better:
1. Have a PC with a CDROM drive.
2. Rent or borrow an SSH account outside the country.
3. Boot PC using KNOPPIX (do not load hard drive)
4. Open a connection through SSH that forwards a local to an anonymous proxy at the far end.
5. Use 127.0.0.1 as your proxy address.
6. Surf away!
When done (or if the government busts in!), reboot your computer - no traces left. (Knoppix stores everything in RAM).
Keyloggers do not work against you, because you are booting from known media. (On the other hand, if the NSA REALLY wants you, they will hack your bios - but no one else is probably that anal).
while (sig==sig) sig=!sig;
Guess what, if you live in a repressive reigime, the only crime they have to charge you with is illegal use of a cryptographic device (or something along those lines).
They understand the power of crypto, they will outlaw it. That's why the writeup for the article mentioned avoiding the use of personal PCs.
http://nms.csail.mit.edu/projects/infranet/
Technical paper (pdf)
An increasing number of countries and companies routinely block or monitor access to parts of the Internet. To counteract these measures, we propose Infranet, a system that enables clients to surreptitiously retrieve sensitive content via cooperating Web servers distributed across the global Internet. These Infranet servers provide clients access to censored sites while continuing to host normal uncensored content. Infranet uses a tunnel protocol that provides a covert communication channel between its clients and servers, modulated over standard HTTP transactions that resemble innocuous Web browsing. In the upstream direction, Infranet clients send covert messages to Infranet servers by associating meaning to the sequence of HTTP requests being made. In the downstream direction, Infranet servers return content by hiding censored data in uncensored images using steganographic techniques. We describe the design, a prototype implementation, security properties, and performance of Infranet. Our security analysis shows that Infranet can successfully circumvent several sophisticated censoring techniques.
KIM asks: "I'm working for a repressive regime which is looking for ways to control the use of Internet in its country. Many have in-home Internet access, but, luckily, think it too risky to participate in pro-freedom activities on home PCs. Internet cafés are also available, but although fairly anonymous, every machine is infected with keystroke loggers that give us access to and knowledge of 'banned' sites. Obviously, not only we want to identify the dissidents themselves, but also the sites they access. Any suggestions for products/procedures/systems out there making overwatching access & publishing a reality under our own run Internet access?"
Q: What's the difference between a dissident and a terrorist?
A: Only your point of view.
No Comment.
http://www.keyghost.com/sx/
This device will happily log all your keystrokes whatever media you decide to boot from.
Most places, having a copy of Knoppix is pretty explainable - and won't get you arrested by itself.
On the other hand, in a regime where crypto is illegal, don't you think they could arrest you without cause anyway? Why bother with the crypto argument?
All this does is allow you to hide what you are doing within reason.
while (sig==sig) sig=!sig;
RAM isn't completely recovery proof.
Now... as for the original question, isn't this what freenet was supposed to be for?
In other words, the site is published by you, but hosted on some other freenet member(s) box.That was the entire point of freenet, to allow for truly anonymous publishing of material.
Oh yea, and don't forget to check the "Post Anonymously" box
[Fuck Beta]
o0t!
"key loggers in the keyboard"
Something similar to this: KeyGhost
All you need to do is tunnel a local port over the ssh connection to a remote proxy.
For example, you could forward local port 8888 to a remote SOCKS server (port 1080 is SOCKS) like so:
ssh -L 8888:some-anon-proxy.com:1080 ssh-user@ssh-host
That forwards port 8888 on your machine to some-anon-proxy.com port 1080 via the ssh tunnel.
Then set your browser to use localhost port 8888 as the SOCKS proxy.
Note that most SOCKS connections still do DNS from your local machine so you need to protect that by some method. To do that you either need to use SOCKS 4a (I think), use a non-SOCKS proxy (like HTTP proxy), or use a local proxy like privoxy that itself fowards to another proxy via the SSH tunnel.
And there is always Tor.
The command is:
ssh -L proxyport:proxyIP:proxyport sshServerIP
for example:
ssh -L 8000:lvsweb.lasvegasstock.com:8000 shell.frogstar.com
Note that this is not untraceable - especially by the NSA. But other governments will have a difficult time with it.
while (sig==sig) sig=!sig;
I have large facility with many good computers and access to evil western sites. Please, if so kinds, forward names and addresses of dissidents to me so I may contact them for their helps.
I might know what I'm talkin' about, but then again, this is Slashdot...
I remember some software that could hide messages in graphics files, by subtly editing the values of some pixels. Then, if the other side has a copy of the image, they can subtract them to find the difference, and decode the image.
So, your scheme would be to send an image, and then, some random time later, to send some information using this image. Double encrypting might work too. As long as you aren't already under suspicion, I doubt anyone has the time to check for people sending duplicate graphics files.
They (the freenet devs) are currently working on making it possible to run freenet as a large-scale darknet. That means it will be very hard to impossible to find out whether a given host is a node or not or even get an incomplete list of nodes.
At least that's the idea. As far as I can see, the most obvious result of their current course of development will probably be that the vast majority of people, even those in "free" countries, will not be able to use freenet at all.
If it's so secret, then how come I've never heard of it?
1.) Boot Computer 2.) Print blank piece of paper 3.) Write message on paper 4.) Place message in envelope 5.) Use trained pidgeons 6.) Profit!
The only trouble with freenet is that a very large portion of its userbase uses it for what most thinking-people consider distribution of immoral material. Unlike the Internet at large, by virtue of participating in the freenet you help propgate this material -- whether or not you choose to ignore it. If you are, say, a dissident with religious convictions, much of the material on freenet will offend you greatly.
Knoppix stores everything in RAM
Not entirely true. Knoppix searches for and uses existing unix swap partitions. To stop it doing this you should pass the 'noswap' option at boot. Look at the Knoppix Cheat Codes page for evidence, and for other boot options.
One good turn - gets all the covers.
When done (or if the government busts in!), reboot your computer - no traces left.
:D Or even just buying a keyboard that you can't take apart might work. Have a look at this and this for ideas.
I'd be extra paranoid and make sure to power off the computer, not just reboot it, to be sure all the RAM is reset. If they're super-cunning they could salvage incriminating data from it.
You could also go one step further on the keylogger protection and have your own USB keyboard that you carry around with you. Keylog that!
One good turn - gets all the covers.
I understand this. however your idea is flawed. Many OSS encryption programs exists, but they are not useless simply because they are OSS. They are less likely to have flaws because of peer review.
It is my hope that the best ideas found here will give me a starting point to develop a better answer.
Do not confuse authentication, confidentiality, and tracability.
authentication: third parties cannot alter your communication; the party you are talking to is who you expect.
confidentiality: third parties cannot read your communication
tracability: third parties cannot determine who you are and/or with whom you are communicating (i.e. they can't map to meatspace)
The most critical factor for dissidents is tracability.
While ssh provides authentication and encryption, it does NOT, on its own, decrease tracability. Most governments (and in the US, corporations) can easily trace a basic IP connection, even if they can't read or write the traffic on it. Just follow the wire.
Remember: who you talk to can be at least as sensitive as what you say.