Dissidents Seeking Anonymous Web Solutions? 684
DocMurphy asks: "I'm working with some dissidents who are looking for ways to use the Internet from within repressive regimes. Many have in-home Internet access, but think it too risky to participate in pro-freedom activities on home PCs. Internet cafés are also available, but although fairly anonymous, every machine may be infected with keystroke loggers that give governments access to and knowledge of 'banned' sites. Dissidents not only want to remain anonymous themselves, but also wish to not compromise the sites they access. Any suggestions for products/procedures/systems out there making anonymous access & publishing a reality under repressive regime run Internet access?"
Anything public is NOT safe... (Score:5, Interesting)
I would think that Internet Café "spies" would be more useful than keyloggers to the authorities looking for dissidents. Unless these connections are somehow routed through multiple anonymous/encrypted proxies and hopping through open WAPs I really don't believe that a public terminal is in any way "safe".
A stalker that I had earlier this year was easily located via tracking his IP and figuring out which coffee shops and libraries he was using. The libraries all went through a single county-wide proxy and narrowing his location down on a Sunday was easier than you could possibly imagine (all satellite locations in the county were closed except one).
If I could track someone down that easily imagine what the members of a Gestapo looking to do more than end some harassing emails could do, especially when they might have a network of spies watching public access locations in person.
Re:Anything public is NOT safe... (Score:5, Funny)
wait. whoops.
And the entire internet is public.. (Score:2)
Re:And the entire internet is public.. (Score:2)
2) Have them run a website that has plauslbly-reasonable ssl content (a fake store or whatnot).
3) Run an ssl over http tunnel to them.
4) Enjoy your uncensored ssl connection.
5) ?????
6) Profit!
Re:And the entire internet is public.. (Score:3, Funny)
That will garuntee 6.
Re:And the entire internet is public.. (Score:5, Informative)
1. Have a PC with a CDROM drive.
2. Rent or borrow an SSH account outside the country.
3. Boot PC using KNOPPIX (do not load hard drive)
4. Open a connection through SSH that forwards a local to an anonymous proxy at the far end.
5. Use 127.0.0.1 as your proxy address.
6. Surf away!
When done (or if the government busts in!), reboot your computer - no traces left. (Knoppix stores everything in RAM).
Keyloggers do not work against you, because you are booting from known media. (On the other hand, if the NSA REALLY wants you, they will hack your bios - but no one else is probably that anal).
Re:And the entire internet is public.. (Score:4, Interesting)
This device will happily log all your keystrokes whatever media you decide to boot from.
Re:And the entire internet is public.. (Score:5, Insightful)
RAM isn't completely recovery proof.
Now... as for the original question, isn't this what freenet was supposed to be for?
In other words, the site is published by you, but hosted on some other freenet member(s) box.That was the entire point of freenet, to allow for truly anonymous publishing of material.
Oh yea, and don't forget to check the "Post Anonymously" box
Re:And the entire internet is public.. (Score:5, Informative)
Not entirely true. Knoppix searches for and uses existing unix swap partitions. To stop it doing this you should pass the 'noswap' option at boot. Look at the Knoppix Cheat Codes page [linuxtag.org] for evidence, and for other boot options.
Re:And the entire internet is public.. (Score:3, Insightful)
I'd be extra paranoid and make sure to power off the computer, not just reboot it, to be sure all the RAM is reset. If they're super-cunning they could salvage incriminating data from it.
You could also go one step further on the keylogger protection and have your own USB keyboard that you carry around with you. Keylog that!
Re:And the entire internet is public.. (Score:3, Interesting)
On the other hand, in a regime where crypto is illegal, don't you think they could arrest you without cause anyway? Why bother with the crypto argument?
All this does is allow you to hide what you are doing within reason.
Re:And the entire internet is public.. (Score:5, Informative)
For example, you could forward local port 8888 to a remote SOCKS server (port 1080 is SOCKS) like so:
ssh -L 8888:some-anon-proxy.com:1080 ssh-user@ssh-host
That forwards port 8888 on your machine to some-anon-proxy.com port 1080 via the ssh tunnel.
Then set your browser to use localhost port 8888 as the SOCKS proxy.
Note that most SOCKS connections still do DNS from your local machine so you need to protect that by some method. To do that you either need to use SOCKS 4a (I think), use a non-SOCKS proxy (like HTTP proxy), or use a local proxy like privoxy that itself fowards to another proxy via the SSH tunnel.
And there is always Tor [eff.org].
Re:And the entire internet is public.. (Score:5, Informative)
ssh -L proxyport:proxyIP:proxyport sshServerIP
for example:
ssh -L 8000:lvsweb.lasvegasstock.com:8000 shell.frogstar.com
Note that this is not untraceable - especially by the NSA. But other governments will have a difficult time with it.
ssh is confidential, but easily traced (Score:4, Insightful)
authentication: third parties cannot alter your communication; the party you are talking to is who you expect.
confidentiality: third parties cannot read your communication
tracability: third parties cannot determine who you are and/or with whom you are communicating (i.e. they can't map to meatspace)
The most critical factor for dissidents is tracability.
While ssh provides authentication and encryption, it does NOT, on its own, decrease tracability. Most governments (and in the US, corporations) can easily trace a basic IP connection, even if they can't read or write the traffic on it. Just follow the wire.
Remember: who you talk to can be at least as sensitive as what you say.
Re:And the entire internet is public.. (Score:2, Informative)
Its' free software which lets you publish and obtain information on the Internet without fear of censorship. To achieve this freedom, the network is entirely decentralized and publishers and consumers of information are anonymous. Without anonymity there can never be true freedom of speech, and without decentralization the network will be vulnerable to attack.
Communications by Freenet nodes are encrypted and are "routed-through" other nodes to make it extremely
Re:Fsking Democrats!!! (Score:4, Funny)
Fahrenheit, Celsius, or Kelvin?
No. Nothing 100% (Score:2)
Re:No. Nothing 100% (Score:2)
Um... unless a step (or steps) along the way are engineered specifically to route in a way that doesn't provide for that, and leave no logs of any kind. Yes, someone could watch all traffic going into and out of all paths surrounding such an anonymizer.
But that's not a free speech issue, and of course, criminals can use it, too, engaging in activities that are definately not protected by free speech principles.
Lemme guess... (Score:2, Funny)
Re:Lemme guess... (Score:3, Funny)
Re:Lemme guess... (Score:5, Funny)
Re:Lemme guess... (Score:4, Interesting)
Texas Democrats ... are Republicans anywhere else.
Re:Lemme guess... (Score:3, Interesting)
I probably lean righter than the
I got modded down for almost, but not quite breaking
Re:Lemme guess... (Score:3, Funny)
Re:Lemme guess... (Score:3, Insightful)
Re:Lemme guess... (Score:5, Funny)
Dear submitter (Score:5, Funny)
Love,
People suffering under the oppressive regimes of employers
Re:Dear submitter (Score:2)
Mod. Parent. Up.
Re:Q: (Score:4, Insightful)
A: Only your point of view.
I think the difference is bomb/no bomb, and choice of target.
Re:Q: (Score:5, Informative)
A dissident (my definition, anyway) expresses dissent by speaking, writing, or other nonviolent activity.
A terrorist expresses dissent by violence, mayhem, murder, or destruction of property.
Re:Q: (Score:3, Insightful)
wireless (Score:2, Insightful)
Re:wireless (Score:4, Insightful)
Connected to what when the government tracks everything and owns/controls all of the nations connectivity?
You may as well have suggested FDDI or gigabit ethernet would solve the problem.
Once you're inside of a 'repressive regime', it's a lot more difficult to circumvent than just pick a new network layer.
Re:wireless (Score:2)
Re:wireless (Score:5, Insightful)
A. Repressive regimes may not have a lot of unsecured open hotspots.
B. Repressive regimes may not have an abundance of wireless enabled laptops, and possessing one would draw attention.
C. Going from "inside the internet cafe" to "within 150' of the internet cafe" doesn't get you that much. Repressive regimes are pretty good with triangulation.
write in advance, encrypt and email it (Score:5, Informative)
Re:write in advance, encrypt and email it (Score:3, Informative)
Re:write in advance, encrypt and email it (Score:5, Informative)
In general keep needed software and materials off the machine, on usb key only. Ideally, use an OS with no swapping. Keep the USB key in a shielded housing when not in use to prevent locating it due to active components.
Regularly use the machine for innocuous activities, so that there is a record of something. Regularly use an identical usb key with the system, to provide cover in the event you are seen with the device (see below), and to provide a reason for any needed drivers on the machine.
To send...
1) write it in advance
2) PGP it
3) steganographically hide it
4) take it to the cybercafe on a floppy/usb key
5) upload it to a public place where everyone can see, so it is hard to track receipt
6) Afterwards, out-of-band relay to a contact where to find it. If you relay ahead of time, a compromised contact could leak where to look for you. THIS IS THE HARDEST PART. It is effectively your key-exchange process.
For receipt...
1) Beforehand, find out where to look for what. THIS IS THE OTHER HARDEST PART. It is effectively your key-exchange process.
2) at cybercafe, download uninteresting materials
3) at home, de-steg and de-crypt
4) store only if needed on key
Regularly upload and download un-steg (no payload) and random steg (random payload) materials to defeat traffic analysis.
If you have any time left over after all this, you can use it to be a dissident. However, you should regularly do other things such as get a job or have a family to provide a plausible reason for your existence.
Re:write in advance, encrypt and email it (Score:4, Insightful)
also, try using one of those secure usb key's (lexar has one). and always do boring, mundane stuff while you're at the cafes, even when you go for the main purpose, start up a normal browsing session before you upload anything and flip back to it during the transfer.
Re:write in advance, encrypt and email it (Score:4, Interesting)
use different cybercafes in a random manner... don't use the same machine at any cybercafe.
Bad idea.
If you naively use the same cybercafe each time, the police will be able to watch the cybercafe, observing who is attending whenever the suspicious stuff happens, therefore you will be found quite easily.
If you visit different cybercafes each time to avoid this, the police will simply watch a few local ones. You will show up at each one when the suspicious stuff happens. It takes a few more policemen, but you actually get caught quicker.
Another solution is to use the same cybercafe each time, but do so during lunch hour, and use one near to a school or something. Basically, you want to have your visits coincide with a lot of people at the same time, and the same people each time.
Of course at this point, the government will simply run a check on each observed person and find that you have a computer and internet connection at home, which means that there's no reason for you to be visiting a cybercafe.
The problem is that the police can predict your visits. If you wait a few months in between suspicious activity and there is no CCTV, then you can be reasonably certain the police won't be able to find you, as long as you don't use the same one each time. Presumably the police don't have the resources to track who uses which cybercafe at any given moment.
Re:write in advance, encrypt and email it (Score:4, Insightful)
Hide it in an image (Score:3, Interesting)
So, your scheme would be to send an image, and then, some random time later, to send some information using this image. Double encrypting might work too. As long as you aren't already under suspicion, I doubt anyone has the time to check for people sending duplicate graphics file
Re:write in advance, encrypt and email it (Score:2, Interesting)
Re:write in advance, encrypt and email it (Score:5, Informative)
This wouldn't work in the People's Republics where sending and receiving encrypted messages is illegal.
In this case, perhaps encrypting the message and putting the message inside a photograph using a stegnography program would work for a while.
Eventually the police will learn about stegnographic programs and test all photos leaving the country on the web for any messages. There aren't that many commercial steg programs around.
In brutal repressive regimes, the primary means of gathering information on the resistance is through informers. Eventually the police arrest everyone and offer them the deal of either spy on your neighbors and friends or rot in prison forever. The former East Germans were the masters of this. Almost everyone was forced to spy for the secret police. When the government fell the people first burned down the internal security headquarters and the files. The Israelis also use this technique to control Palestine. But they are far too heavy-handed to be effective.
Assume that the best scientists and engineers will be working to spy on people. The police can easily arrest these people for imaginary crimes and then offer them special treatment in exchange for their willing co-operation. An excellent novel on how this works is The First Circle by Aleksandr Solzhenitsyn, writing about the slave labor camps for scientists in the Stalinist USSR.
Re:write in advance, encrypt and email it (Score:4, Informative)
Onion Routing (Score:3, Informative)
Could this be mis-used? (Score:2, Funny)
Chekov: Excuse me I'm looking for the nuclear wessels
Chekov: Nuclear wessels.
I do not know if this is valid... (Score:2)
(I'm not even entirely sure if its for real, but hey!)
Freenet (Score:3, Insightful)
http://freenet.sourceforge.net/ [sourceforge.net]
Re:Freenet... not all that anonymous (Score:5, Informative)
Use the Circumventor. (Score:5, Informative)
Re:Use the Circumventor. (Score:4, Interesting)
I'm curious about this --- if in a nation like China all of the packets are routed through government owned machines, how would sending a proxy to a foreign machine circumvent them? All of your data still passes over the network in the country. The IPs of your foreign host could be blocked.
I'm not dissing you, I'm just not 100% sure of how easy it is to bypass that. On the surface, depending on how they implemented it, I should think that's kinda like bypassing the phone system in my country so I can use another --- I still need the phone system I'm wired into, no?
Re:Use the Circumventor. (Score:4, Insightful)
You pretty much have hit on the problem.
Even if they can not read your data they will know it is encrypted. That could cause them to notice you.
If you are in a totalitarian country you can not be safe and a dissident. I do wish them luck.
Tor (Score:5, Informative)
Jason.
Re:Tor (Score:4, Informative)
Wholesale blocking of Tor nodes as they are identified has become popular because, like anything remotely useful, it's been abused by spammers, stalkers, and other general asshats.
Re:Tor (Score:2)
Re:Tor (Score:3, Insightful)
Re:Tor (Score:3, Informative)
Details [noreply.org]
Tor-Over-Steganography (Score:5, Interesting)
I guess the best way to get your message through the iron (red?) curtain is to piggy-back it on whatever the highest-volume public information stream is. That way the baddies would have to shut down all of that traffic and risk a large public pushback.
In the case of China, I hate to say it, but if it's true that a lot of spam is outbound from their country, that would be an ideal place to hide information. Lots of spam has randomly generated text, so altering the frequency of that text in a fashion known only to sender and receiver could be used to encode an information channel, over which you could run a simple unicast stream, or something more decentralized, like TOR.
Re:Tor-Over-Steganography (Score:3, Interesting)
Congratulations (Score:2)
Congratulations, Carnivore just found a new snack.
There is no anonymity on the internet (Score:4, Informative)
Re:There is no anonymity on the internet (Score:5, Insightful)
That's an excellent time to risk your life. Rolling over and "playing nice" is exactly what lets oppressive regimes exist.
I just bought shares of Alcoa... (Score:5, Funny)
Ever hear of Carnivore? (Score:2)
Try reading the book "Persepolis." Easy graphic novel, about a young woman from Iran -- you'll finish it in a night. It's absurd, you're right, but not that funny.
Re:I just bought shares of Alcoa... (Score:2)
ssh (Score:3, Informative)
https steganographic, encrypted proxies (Score:5, Informative)
Comment removed (Score:4, Informative)
Easy solution (Score:2)
Then simply connect to this server using an encrypted connection such as SSH, X over SSH, Windows Remote Desktop, or whatever.
Use the remote box for all your activities.
Dissidence isn't supposed to be convenient. (Score:5, Insightful)
Just do what they do on the Sopranos: keep it low tech, use payphones, meet in person. If your cause it that important and you need to spread information, may I suggest a major leaflet campaign?
Re:Dissidence isn't supposed to be convenient. (Score:4, Interesting)
Couldn't agree more. As nerds, it's easy to recommend gimmick after technological gimmick. It's not so easy to imagine ourselves in a repressive regime. Consider that the very possession of cryptographic software, or even a computer, in some countries marks a person, if not as guilty, at least as under deep suspicion. I have heard that in North Korea, probably at this point the most repressive regime on the planet, radios are forbidden to all but a select few for fear that the populace might hear Voice of America or something. With restrictions like this, arguments on whether the dissident should use FreeNet or Tor suddenly sound pretty stupid.
As the parent poster quoth, movies about the Mob show an excellent example of information security. The top people only talk to a few guys, who talk to a few more. In "The Godfather" (the book), Don Corleone won't even use a telephone because he's afraid the FBI will be able to splice together tape to frame him even if he reveals nothing over the phone. Now that's paranoid.
The best way not to get busted is not to fall under suspicion (in a truly repressive country, once you're suspected, you're already tried, convicted, and headed for prison or worse). And if you get caught, the next best thing is not to know your fellow dissidents, so the authorities can't make you sing.
Can't be too repressive... (Score:2)
I'm surprised that repressive regimes allow Internet. Or wait, am I thinking of oppressive regimes. Or surpressive regimes... Damn I always get my regimes mixed up.
Anyways, tell them to play EverQuest - that will make them forget about the regimes. Although then they'll have to worry about repressive clans and PK'ers.
Re:Can't be too repressive... (Score:2)
Actually, that may not be such a bad idea. Anyone trying to be inconspicuous watching will see you are playing a MMORPG. All the IP logs will also show it. However, it's who you contact while playing that is the key. So, provided the "friends" are also online, then they can be contacted.
OK, so it's a bit of security through obscurity, but it may work.
Impossible based on requirement (Score:3, Insightful)
Screw using the internet... (Score:5, Funny)
Next Time (Score:2, Insightful)
Re:Next Time (Score:2, Funny)
Igpay Atinlay (Score:5, Funny)
Under a repressive regime... (Score:4, Funny)
Which oppressive regime, the RIAA or MPAA?
Steganography (Score:2)
I'm surprised I haven't seen a mention of steganography yet in this discussion.
Properly implemented, stego can be used quite effectively to communicate secretly on the Internet.
Re:Steganography (Score:2)
Here's another exanple of a secure communications channel on the Internet.
SpamMimic [spammimic.com]
There is no point (Score:2, Insightful)
Re:There is no point (Score:5, Insightful)
Spoken like a true Westerner I'm thinking.
In countries where you can stand up and say your government is a bunch of idiots, there is no harm in not being anonymous.
But if this can lead to prison, death, torture, disappearance, or all sorts of ahem inconvenience cough, then anonymity is what you want.
What good is saying "if you have anything of value to say, be public about it" if everyone is eventually dead and too afraid to say anything?
Sometimes just making sure someone hears the words is important. As is making sure those who need to say 'em are alive to keep saying 'em. Deciding that anything that can't be said out in the open isn't worth saying is probably a real disservice to peoples who absolutely cannot do that.
One Man's Villan is Another's Man's Hero (Score:2, Insightful)
i2p (Score:2)
Once it is done though you will be able to do everything on the internet anonymously, like download television torrents [slashdot.org]
So to speed things up some of you Java developers should volunteer.
A Few ideas..... (Score:2)
Seriously (Score:2, Insightful)
Annonymous (Score:2)
Use steganography (Score:2)
Hey, Joe what's up? I'm walking my dog in the park tomorrow at noon...
Re:Use steganography (Score:3, Funny)
Oh, wait.
Combatting keystroke loggers (Score:3, Insightful)
However, even this will leave you open to IP tracing (should a stream of encrypted traffic raise any flags), as well as wandering busybodies/spies/anyone willing to report your ass for a reward. Just a thought.
Re:Combatting keystroke loggers (Score:5, Interesting)
For example, if you need to type in your email password in a webmail autentication form, you could type the first part, say "bud", then click on another part of the desktop, say the url bar of the browser, type in some random garbage, move the mouse again and finish the password, adding "rose" to "rosebud".
Since keyloggers don't track mouse movements or clicks, the phisher wouldn't be able to breakdown and harvest the password from the keylogger.
PS. It also helps not to use obvious passwords like "rosebud"
Ask Slashdot (Score:3, Insightful)
I can help very much (Score:3, Funny)
Re:Apparently you are in the US-and are safe. (Score:2)
Re:AK-47 (Score:2)
But wouldn't the first thing an oppresive regime do is enact gun control to keep people from owning guns? If the people can not own guns, the people can not overthrow the government.
1 million people walking past parliament is a protest. 1 million (with guns) walking past is a revolution. (Thanks to Witty Quotes)
Re:American dissidents persecuted by Secret Police (Score:3, Interesting)
Re:American dissidents persecuted by Secret Police (Score:3, Insightful)
Disliking the president is one thing. Hoping for his literal death is something else altogether.
How long would such a person last in Saddam's Iraq, or KJI's North Korea? A 'request' to Fark for their email address? No. A threat to 'our beloved leader' would end up quite a bit nastier than that.
Re:American dissidents persecuted by Secret Police (Score:5, Informative)
> intimidation visits from teh Secret Police
Yo, cornholio. This IS Fark, right? And you believe anything written there? Yea, right. All the zaniness of the Moveon.org crowd without the maturity. And that is saying something. Hint: don't lieten to what the tinfoil hat crowd says, they ain't sane. Not saying that the Secret Service doesn't at least keep an eye on even low threat sites like Fark, but I seriously doubt they would waste their limited manpower harassing a random leftist posting "death to Bush" threats there unless they had their profile linked with accounts on more seriously dangerous sites.
And besides, death threats against a President should be taken seriously, and shouldn't be protected by the 1st Amendment. It isn't like the odds of surviving being elected President of the US isn't already worse than being shot into space, lets not make em worse by inventing a constituitional right to make death threats against the poor bastards.
Lets review recent history, shall we? (Warning, flamebait)
Bush II: The Deaniacs are this >< close to launching suicide bombers against him. I'd be shocked if he makes it to the end of his term without somebody taking a shot. And depending on where that last airliner was bound and whether they knew he wasn't home at the time you could say Osama already give it a go.
Clinton: Somebody crashed a fscking airplane INTO THE WHITE HOUSE. Of course he left a trail of blood in his own minions. (Ron Brown, et al.)
Bush I: Ok, so nobody tried to kill him until he left office.
Reagan: Blamo. But they just don't make crazed gunmen like they used and he didn't succeed. For which the world should give thanks, otherise half the world would still be under the darkness of Soviet Communism.
Carter: I seem to recall a nutjob taking a run at him. Or was it Ford.
Ford: See above.
Nixon: Nobody tried to shoot him. Nobody even really wanted to, except some of John Kerry's more extreme friends. Which says volumes about how far public civility has sunk in the interveening time.
Johnson: Well he probably assumed by office by assination, but that doesn't count, does it?
Kennedy: Blamo. See above.