Dissidents Seeking Anonymous Web Solutions? 684
DocMurphy asks: "I'm working with some dissidents who are looking for ways to use the Internet from within repressive regimes. Many have in-home Internet access, but think it too risky to participate in pro-freedom activities on home PCs. Internet cafés are also available, but although fairly anonymous, every machine may be infected with keystroke loggers that give governments access to and knowledge of 'banned' sites. Dissidents not only want to remain anonymous themselves, but also wish to not compromise the sites they access. Any suggestions for products/procedures/systems out there making anonymous access & publishing a reality under repressive regime run Internet access?"
write in advance, encrypt and email it (Score:5, Informative)
Onion Routing (Score:3, Informative)
Use the Circumventor. (Score:5, Informative)
Tor (Score:5, Informative)
Jason.
Re:write in advance, encrypt and email it (Score:3, Informative)
There is no anonymity on the internet (Score:4, Informative)
ssh (Score:3, Informative)
https steganographic, encrypted proxies (Score:5, Informative)
Re:Tor (Score:4, Informative)
Wholesale blocking of Tor nodes as they are identified has become popular because, like anything remotely useful, it's been abused by spammers, stalkers, and other general asshats.
Comment removed (Score:4, Informative)
Dissidents, terrorists, what's the difference? (Score:1, Informative)
Re:And the entire internet is public.. (Score:2, Informative)
Its' free software which lets you publish and obtain information on the Internet without fear of censorship. To achieve this freedom, the network is entirely decentralized and publishers and consumers of information are anonymous. Without anonymity there can never be true freedom of speech, and without decentralization the network will be vulnerable to attack.
Communications by Freenet nodes are encrypted and are "routed-through" other nodes to make it extremely difficult to determine who is requesting the information and what its content is.
Users contribute to the network by giving bandwidth and a portion of their hard drive (called the "data store") for storing files. Unlike other peer-to-peer file sharing networks, Freenet does not let the user control what is stored in the data store. Instead, files are kept or deleted depending on how popular they are, with the least popular being discarded to make way for newer or more popular content. Files in the data store are encrypted to reduce the likelihood of prosecution by persons wishing to censor Freenet content.
Re:write in advance, encrypt and email it (Score:5, Informative)
In general keep needed software and materials off the machine, on usb key only. Ideally, use an OS with no swapping. Keep the USB key in a shielded housing when not in use to prevent locating it due to active components.
Regularly use the machine for innocuous activities, so that there is a record of something. Regularly use an identical usb key with the system, to provide cover in the event you are seen with the device (see below), and to provide a reason for any needed drivers on the machine.
To send...
1) write it in advance
2) PGP it
3) steganographically hide it
4) take it to the cybercafe on a floppy/usb key
5) upload it to a public place where everyone can see, so it is hard to track receipt
6) Afterwards, out-of-band relay to a contact where to find it. If you relay ahead of time, a compromised contact could leak where to look for you. THIS IS THE HARDEST PART. It is effectively your key-exchange process.
For receipt...
1) Beforehand, find out where to look for what. THIS IS THE OTHER HARDEST PART. It is effectively your key-exchange process.
2) at cybercafe, download uninteresting materials
3) at home, de-steg and de-crypt
4) store only if needed on key
Regularly upload and download un-steg (no payload) and random steg (random payload) materials to defeat traffic analysis.
If you have any time left over after all this, you can use it to be a dissident. However, you should regularly do other things such as get a job or have a family to provide a plausible reason for your existence.
Re:write in advance, encrypt and email it (Score:5, Informative)
This wouldn't work in the People's Republics where sending and receiving encrypted messages is illegal.
In this case, perhaps encrypting the message and putting the message inside a photograph using a stegnography program would work for a while.
Eventually the police will learn about stegnographic programs and test all photos leaving the country on the web for any messages. There aren't that many commercial steg programs around.
In brutal repressive regimes, the primary means of gathering information on the resistance is through informers. Eventually the police arrest everyone and offer them the deal of either spy on your neighbors and friends or rot in prison forever. The former East Germans were the masters of this. Almost everyone was forced to spy for the secret police. When the government fell the people first burned down the internal security headquarters and the files. The Israelis also use this technique to control Palestine. But they are far too heavy-handed to be effective.
Assume that the best scientists and engineers will be working to spy on people. The police can easily arrest these people for imaginary crimes and then offer them special treatment in exchange for their willing co-operation. An excellent novel on how this works is The First Circle by Aleksandr Solzhenitsyn, writing about the slave labor camps for scientists in the Stalinist USSR.
Re:Anything PRIVATE is also NOT safe... (Score:1, Informative)
By the way, do you guys ever wonder how these people access the internet and use Windowz when every software license mentions Syria, N Korea and other terrorist countries as a nono?
There is a way around software keylogers (Score:2, Informative)
codohundo
Re:Freenet... not all that anonymous (Score:5, Informative)
Re:Onion Routing (Score:2, Informative)
I think they would say that Tor is not designed for this "threat model". This is not to say that onion routing could not be used for this purpose if it were better hidden.
Sending an encrypted message drive-by style over an open WAP seems to pretty secure, as long is it is not near your home and you don't use it more than once.
Re:And the entire internet is public.. (Score:5, Informative)
1. Have a PC with a CDROM drive.
2. Rent or borrow an SSH account outside the country.
3. Boot PC using KNOPPIX (do not load hard drive)
4. Open a connection through SSH that forwards a local to an anonymous proxy at the far end.
5. Use 127.0.0.1 as your proxy address.
6. Surf away!
When done (or if the government busts in!), reboot your computer - no traces left. (Knoppix stores everything in RAM).
Keyloggers do not work against you, because you are booting from known media. (On the other hand, if the NSA REALLY wants you, they will hack your bios - but no one else is probably that anal).
Re:write in advance, encrypt and email it (Score:4, Informative)
Re:Q: (Score:5, Informative)
A dissident (my definition, anyway) expresses dissent by speaking, writing, or other nonviolent activity.
A terrorist expresses dissent by violence, mayhem, murder, or destruction of property.
Re:And the entire internet is public.. (Score:5, Informative)
For example, you could forward local port 8888 to a remote SOCKS server (port 1080 is SOCKS) like so:
ssh -L 8888:some-anon-proxy.com:1080 ssh-user@ssh-host
That forwards port 8888 on your machine to some-anon-proxy.com port 1080 via the ssh tunnel.
Then set your browser to use localhost port 8888 as the SOCKS proxy.
Note that most SOCKS connections still do DNS from your local machine so you need to protect that by some method. To do that you either need to use SOCKS 4a (I think), use a non-SOCKS proxy (like HTTP proxy), or use a local proxy like privoxy that itself fowards to another proxy via the SSH tunnel.
And there is always Tor [eff.org].
Re:And the entire internet is public.. (Score:5, Informative)
ssh -L proxyport:proxyIP:proxyport sshServerIP
for example:
ssh -L 8000:lvsweb.lasvegasstock.com:8000 shell.frogstar.com
Note that this is not untraceable - especially by the NSA. But other governments will have a difficult time with it.
Re:Combatting keystroke loggers (Score:2, Informative)
I believe the "Perfect Key Logger" from Blazing Tools [blazingtools.com] takes a screenshot everytime you click the mouse. Their web page also says it captures passwords typed in fields obscured with asterisks.
Re:American dissidents persecuted by Secret Police (Score:5, Informative)
> intimidation visits from teh Secret Police
Yo, cornholio. This IS Fark, right? And you believe anything written there? Yea, right. All the zaniness of the Moveon.org crowd without the maturity. And that is saying something. Hint: don't lieten to what the tinfoil hat crowd says, they ain't sane. Not saying that the Secret Service doesn't at least keep an eye on even low threat sites like Fark, but I seriously doubt they would waste their limited manpower harassing a random leftist posting "death to Bush" threats there unless they had their profile linked with accounts on more seriously dangerous sites.
And besides, death threats against a President should be taken seriously, and shouldn't be protected by the 1st Amendment. It isn't like the odds of surviving being elected President of the US isn't already worse than being shot into space, lets not make em worse by inventing a constituitional right to make death threats against the poor bastards.
Lets review recent history, shall we? (Warning, flamebait)
Bush II: The Deaniacs are this >< close to launching suicide bombers against him. I'd be shocked if he makes it to the end of his term without somebody taking a shot. And depending on where that last airliner was bound and whether they knew he wasn't home at the time you could say Osama already give it a go.
Clinton: Somebody crashed a fscking airplane INTO THE WHITE HOUSE. Of course he left a trail of blood in his own minions. (Ron Brown, et al.)
Bush I: Ok, so nobody tried to kill him until he left office.
Reagan: Blamo. But they just don't make crazed gunmen like they used and he didn't succeed. For which the world should give thanks, otherise half the world would still be under the darkness of Soviet Communism.
Carter: I seem to recall a nutjob taking a run at him. Or was it Ford.
Ford: See above.
Nixon: Nobody tried to shoot him. Nobody even really wanted to, except some of John Kerry's more extreme friends. Which says volumes about how far public civility has sunk in the interveening time.
Johnson: Well he probably assumed by office by assination, but that doesn't count, does it?
Kennedy: Blamo. See above.
Re:Tor (Score:3, Informative)
Details [noreply.org]
Re:And the entire internet is public.. (Score:5, Informative)
Not entirely true. Knoppix searches for and uses existing unix swap partitions. To stop it doing this you should pass the 'noswap' option at boot. Look at the Knoppix Cheat Codes page [linuxtag.org] for evidence, and for other boot options.