Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dissidents Seeking Anonymous Web Solutions?

Posted by Cliff on from the browsing-without-regard-for-politics dept.

DocMurphy asks: "I'm working with some dissidents who are looking for ways to use the Internet from within repressive regimes. Many have in-home Internet access, but think it too risky to participate in pro-freedom activities on home PCs. Internet cafés are also available, but although fairly anonymous, every machine may be infected with keystroke loggers that give governments access to and knowledge of 'banned' sites. Dissidents not only want to remain anonymous themselves, but also wish to not compromise the sites they access. Any suggestions for products/procedures/systems out there making anonymous access & publishing a reality under repressive regime run Internet access?"

8 of 684 comments (clear)

  1. Dear submitter by Anonymous Coward · · Score: 5, Funny

    Your parents' basement is not an oppressive regime.

    Love,
    People suffering under the oppressive regimes of employers

  2. https steganographic, encrypted proxies by js7a · · Score: 5, Informative
    From http://doc.asf.ru/Tools%20&%20Utilities.htm
    Corkscrew (Unix, Windows) : Tunnel SSH connections through an HTTP proxy.

    Curl (Unix, Windows) : Utility who permits to easily download and upload files by using different protocols: FTP, HTTP, HTTPS, Telnet, LDAP, ... Also supports proxies, cookies, authentification, resumes, ...

    DesProxy (Unix, Windows) : Tunnel TCP connections through an HTTP proxy, eventually by converting SOCKS requests.

    FizzBounce (Unix) : TCP redirector through HTTP proxies.

    HTTPort (Windows) [Closed source]: Tunnel TCP connections through the HTTP protocol, by simulating a SOCKS server, and by eventually using an intermediate server.

    HTTPTunnel (Unix, Windows) : Bidirectionnal tunnel through HTTP requests, eventually through an HTTP proxy.

    LibCurl (Unix, Windows) : Library who permits to easily download and upload files by using different protocols: FTP, HTTP, HTTPS, Telnet, LDAP, ... Also supports proxies, cookies, authentification, resumes, and lots of languages: C, C++, Perl, ...

    MultiProxy (Windows) [Closed source]: HTTP proxies tester. MultiProxy can be used as a proxy server who use a different proxy for each request.

    Numby (Unix) : Scanner for HTTP vulnerables proxies.

    Proxomitron (Windows) [Closed source]: Scanner and redirector through HTTP proxies, who can also delete or modify informations contained in HTML transferred pages. For example, this permits to easily filter automatic popups, DHTML or JavaScript.

    ProxyTools (Unix, Windows) : Set of Perl utilities, who permits to use, sort, test and search for HTTP proxies.

    TransConnect (Unix) : Transparently tunnel TCP connections through an HTTP proxy.

    Zylyx (Unix) : permits to access to files through HTTP proxy caches.

  3. Dissidence isn't supposed to be convenient. by Rude+Turnip · · Score: 5, Insightful

    If you've gotten to the point where you're really worried about being caught and persecuted, perhaps the internet is not your safest bet, due to every reason being posted here, ie: keyloggers, etc. As much as you'd like to change your world, the "system" isn't going to make things easy for you to overthrow it. And the internet is very much a part of the "system." Unless you're ready to string up your own network and create a rebellion intranet, you're out of luck.

    Just do what they do on the Sopranos: keep it low tech, use payphones, meet in person. If your cause it that important and you need to spread information, may I suggest a major leaflet campaign?

    --
    Bill Clinton: Pimp we can believe in. - The Shirt!!!
  4. Re:Anything public is NOT safe... by blake213 · · Score: 5, Funny
    You know, that shirt you're wearing right now is kinda tacky.

    wait. whoops.

    --
    mund freud.
  5. Re:wireless by kouhoutek · · Score: 5, Insightful

    Beacuse:
    A. Repressive regimes may not have a lot of unsecured open hotspots.
    B. Repressive regimes may not have an abundance of wireless enabled laptops, and possessing one would draw attention.
    C. Going from "inside the internet cafe" to "within 150' of the internet cafe" doesn't get you that much. Repressive regimes are pretty good with triangulation.

  6. Re:write in advance, encrypt and email it by FreezerJam · · Score: 5, Informative

    Just beefing that up a bit...

    In general keep needed software and materials off the machine, on usb key only. Ideally, use an OS with no swapping. Keep the USB key in a shielded housing when not in use to prevent locating it due to active components.

    Regularly use the machine for innocuous activities, so that there is a record of something. Regularly use an identical usb key with the system, to provide cover in the event you are seen with the device (see below), and to provide a reason for any needed drivers on the machine.

    To send...

    1) write it in advance
    2) PGP it
    3) steganographically hide it
    4) take it to the cybercafe on a floppy/usb key
    5) upload it to a public place where everyone can see, so it is hard to track receipt
    6) Afterwards, out-of-band relay to a contact where to find it. If you relay ahead of time, a compromised contact could leak where to look for you. THIS IS THE HARDEST PART. It is effectively your key-exchange process.

    For receipt...

    1) Beforehand, find out where to look for what. THIS IS THE OTHER HARDEST PART. It is effectively your key-exchange process.
    2) at cybercafe, download uninteresting materials
    3) at home, de-steg and de-crypt
    4) store only if needed on key

    Regularly upload and download un-steg (no payload) and random steg (random payload) materials to defeat traffic analysis.

    If you have any time left over after all this, you can use it to be a dissident. However, you should regularly do other things such as get a job or have a family to provide a plausible reason for your existence.

  7. Re:And the entire internet is public.. by WhiplashII · · Score: 5, Informative

    Even better:

    1. Have a PC with a CDROM drive.
    2. Rent or borrow an SSH account outside the country.
    3. Boot PC using KNOPPIX (do not load hard drive)
    4. Open a connection through SSH that forwards a local to an anonymous proxy at the far end.
    5. Use 127.0.0.1 as your proxy address.
    6. Surf away!

    When done (or if the government busts in!), reboot your computer - no traces left. (Knoppix stores everything in RAM).

    Keyloggers do not work against you, because you are booting from known media. (On the other hand, if the NSA REALLY wants you, they will hack your bios - but no one else is probably that anal).

    --
    while (sig==sig) sig=!sig;
  8. Re:And the entire internet is public.. by Anonymous Coward · · Score: 5, Informative

    All you need to do is tunnel a local port over the ssh connection to a remote proxy.

    For example, you could forward local port 8888 to a remote SOCKS server (port 1080 is SOCKS) like so:

    ssh -L 8888:some-anon-proxy.com:1080 ssh-user@ssh-host

    That forwards port 8888 on your machine to some-anon-proxy.com port 1080 via the ssh tunnel.

    Then set your browser to use localhost port 8888 as the SOCKS proxy.

    Note that most SOCKS connections still do DNS from your local machine so you need to protect that by some method. To do that you either need to use SOCKS 4a (I think), use a non-SOCKS proxy (like HTTP proxy), or use a local proxy like privoxy that itself fowards to another proxy via the SSH tunnel.

    And there is always Tor.