Dissidents Seeking Anonymous Web Solutions? 684
DocMurphy asks: "I'm working with some dissidents who are looking for ways to use the Internet from within repressive regimes. Many have in-home Internet access, but think it too risky to participate in pro-freedom activities on home PCs. Internet cafés are also available, but although fairly anonymous, every machine may be infected with keystroke loggers that give governments access to and knowledge of 'banned' sites. Dissidents not only want to remain anonymous themselves, but also wish to not compromise the sites they access. Any suggestions for products/procedures/systems out there making anonymous access & publishing a reality under repressive regime run Internet access?"
Anything public is NOT safe... (Score:5, Interesting)
I would think that Internet Café "spies" would be more useful than keyloggers to the authorities looking for dissidents. Unless these connections are somehow routed through multiple anonymous/encrypted proxies and hopping through open WAPs I really don't believe that a public terminal is in any way "safe".
A stalker that I had earlier this year was easily located via tracking his IP and figuring out which coffee shops and libraries he was using. The libraries all went through a single county-wide proxy and narrowing his location down on a Sunday was easier than you could possibly imagine (all satellite locations in the county were closed except one).
If I could track someone down that easily imagine what the members of a Gestapo looking to do more than end some harassing emails could do, especially when they might have a network of spies watching public access locations in person.
Re:Use the Circumventor. (Score:4, Interesting)
I'm curious about this --- if in a nation like China all of the packets are routed through government owned machines, how would sending a proxy to a foreign machine circumvent them? All of your data still passes over the network in the country. The IPs of your foreign host could be blocked.
I'm not dissing you, I'm just not 100% sure of how easy it is to bypass that. On the surface, depending on how they implemented it, I should think that's kinda like bypassing the phone system in my country so I can use another --- I still need the phone system I'm wired into, no?
Re:write in advance, encrypt and email it (Score:2, Interesting)
Tor-Over-Steganography (Score:5, Interesting)
I guess the best way to get your message through the iron (red?) curtain is to piggy-back it on whatever the highest-volume public information stream is. That way the baddies would have to shut down all of that traffic and risk a large public pushback.
In the case of China, I hate to say it, but if it's true that a lot of spam is outbound from their country, that would be an ideal place to hide information. Lots of spam has randomly generated text, so altering the frequency of that text in a fashion known only to sender and receiver could be used to encode an information channel, over which you could run a simple unicast stream, or something more decentralized, like TOR.
American dissidents persecuted by Secret Police (Score:2, Interesting)
For example, the other day in Russia (Georgia, actually) someone supposedly threw a gernade in Bush's direction. THe grenade never went off, but some people posted saying stuff like they hoped it, or something like that. The Fark admins posted in the thread saying that they had personal knowledge of Secret Police requests for such posters' IP numbers.
So the terrorists hate u for our freedoms, huh?
LOL!
Re:Lemme guess... (Score:4, Interesting)
Texas Democrats ... are Republicans anywhere else.
Re:Combatting keystroke loggers (Score:5, Interesting)
For example, if you need to type in your email password in a webmail autentication form, you could type the first part, say "bud", then click on another part of the desktop, say the url bar of the browser, type in some random garbage, move the mouse again and finish the password, adding "rose" to "rosebud".
Since keyloggers don't track mouse movements or clicks, the phisher wouldn't be able to breakdown and harvest the password from the keylogger.
PS. It also helps not to use obvious passwords like "rosebud"
Re:I do not know if this is valid... (Score:1, Interesting)
It is a network of VPNs built on top of the plain ol' internet. Routing is done via BGP (the framework has been laid to do cost based routing -- but that is not there yet). We have web servers, ftp, irc, news (with one node donating an anon feed (read only for now) from the "real" Usenet with VERY large retention on binaries), IM (via jabber), AFS (this the the primary method of storing files), streaming media, email, dns (with special Metanet TLDs), a nice search engine...
Basically we rebuilt the internet from the ground up
We like people that join to have a basic understanding of internet protocols (we are NOT looking for leechs) but we make exceptions for people that would LIKE to learn.
Re:Combatting keystroke loggers (Score:2, Interesting)
Infranet: surreptitious web browsing (Score:2, Interesting)
Technical paper (pdf) [mit.edu]
An increasing number of countries and companies routinely block or monitor access to parts of the Internet. To counteract these measures, we propose Infranet, a system that enables clients to surreptitiously retrieve sensitive content via cooperating Web servers distributed across the global Internet. These Infranet servers provide clients access to censored sites while continuing to host normal uncensored content. Infranet uses a tunnel protocol that provides a covert communication channel between its clients and servers, modulated over standard HTTP transactions that resemble innocuous Web browsing. In the upstream direction, Infranet clients send covert messages to Infranet servers by associating meaning to the sequence of HTTP requests being made. In the downstream direction, Infranet servers return content by hiding censored data in uncensored images using steganographic techniques. We describe the design, a prototype implementation, security properties, and performance of Infranet. Our security analysis shows that Infranet can successfully circumvent several sophisticated censoring techniques.
Re:And the entire internet is public.. (Score:4, Interesting)
This device will happily log all your keystrokes whatever media you decide to boot from.
Re:And the entire internet is public.. (Score:3, Interesting)
On the other hand, in a regime where crypto is illegal, don't you think they could arrest you without cause anyway? Why bother with the crypto argument?
All this does is allow you to hide what you are doing within reason.
Re:American dissidents persecuted by Secret Police (Score:3, Interesting)
Re:And the entire internet is public.. (Score:2, Interesting)
Something similar to this: KeyGhost [keyghost.com]
Hide it in an image (Score:3, Interesting)
So, your scheme would be to send an image, and then, some random time later, to send some information using this image. Double encrypting might work too. As long as you aren't already under suspicion, I doubt anyone has the time to check for people sending duplicate graphics files.
Re:Dissidence isn't supposed to be convenient. (Score:4, Interesting)
Couldn't agree more. As nerds, it's easy to recommend gimmick after technological gimmick. It's not so easy to imagine ourselves in a repressive regime. Consider that the very possession of cryptographic software, or even a computer, in some countries marks a person, if not as guilty, at least as under deep suspicion. I have heard that in North Korea, probably at this point the most repressive regime on the planet, radios are forbidden to all but a select few for fear that the populace might hear Voice of America or something. With restrictions like this, arguments on whether the dissident should use FreeNet or Tor suddenly sound pretty stupid.
As the parent poster quoth, movies about the Mob show an excellent example of information security. The top people only talk to a few guys, who talk to a few more. In "The Godfather" (the book), Don Corleone won't even use a telephone because he's afraid the FBI will be able to splice together tape to frame him even if he reveals nothing over the phone. Now that's paranoid.
The best way not to get busted is not to fall under suspicion (in a truly repressive country, once you're suspected, you're already tried, convicted, and headed for prison or worse). And if you get caught, the next best thing is not to know your fellow dissidents, so the authorities can't make you sing.
Re:And the entire internet is public.. (Score:2, Interesting)
At least that's the idea. As far as I can see, the most obvious result of their current course of development will probably be that the vast majority of people, even those in "free" countries, will not be able to use freenet at all.
Re:write in advance, encrypt and email it (Score:4, Interesting)
use different cybercafes in a random manner... don't use the same machine at any cybercafe.
Bad idea.
If you naively use the same cybercafe each time, the police will be able to watch the cybercafe, observing who is attending whenever the suspicious stuff happens, therefore you will be found quite easily.
If you visit different cybercafes each time to avoid this, the police will simply watch a few local ones. You will show up at each one when the suspicious stuff happens. It takes a few more policemen, but you actually get caught quicker.
Another solution is to use the same cybercafe each time, but do so during lunch hour, and use one near to a school or something. Basically, you want to have your visits coincide with a lot of people at the same time, and the same people each time.
Of course at this point, the government will simply run a check on each observed person and find that you have a computer and internet connection at home, which means that there's no reason for you to be visiting a cybercafe.
The problem is that the police can predict your visits. If you wait a few months in between suspicious activity and there is no CCTV, then you can be reasonably certain the police won't be able to find you, as long as you don't use the same one each time. Presumably the police don't have the resources to track who uses which cybercafe at any given moment.
Re:And the entire internet is public.. (Score:2, Interesting)
Re:Q: (Score:1, Interesting)
Re:Tor-Over-Steganography (Score:3, Interesting)
Re:Anything Posted Here is Compromised (Score:2, Interesting)
It is my hope that the best ideas found here will give me a starting point to develop a better answer.
Re:Lemme guess... (Score:3, Interesting)
I probably lean righter than the
I got modded down for almost, but not quite breaking