Terrrrrist’s 101

Everybody is watching you thank's to a chimpanzee and a sock puppet. …

I don't really have a clue what all the following is about. I read neal Stephenson's book about the internet: Cryptonomicon
But all the technical stuff leaft me standing (and gawping.)

This is where to start if you are a little concerned about foreign national governments like the USA and China and various other ne'er do wells reading your inanities:

Originally posted by Wikipedia:

An anonymous remailer is a server that receives messages with embedded instructions on where to send them. It forwards them without revealing where they originally came from.

There are Cypherpunk anonymous remailers,
Mixmaster anonymous remailers, and
NYM servers, among others,
[align centre]which differ in how they work,[/align] in the policies they adopt, and in the type of attack on anonymity of e-mail they can resist.

Remailing as discussed in this article applies to e-mails intended for particular recipients.

There are several strategies that affect the anonymity of the mail. All data on the Internet contains the addresses of the sender and recipient, so none can ever actually be anonymous.

However, if the source address is false, there will be no easy way to trace the originating node.

Some remailers change both types of address in the messages; in effect, they substitute 'fake source addresses' for the originals.

Some remailers forward their anonymized e-mail to still other remailers, and only after several such hops is the e-mail actually delivered to the intended address.

There are, more or less, four types of remailers:

A Pseudonymous remailer replaces the e-mail address of the sender, gives a pseudonym to the sender and sends a message that can be answered.

A Cypherpunk remailer strips the sender's address from the message. One can not answer a message sent via a Cypherpunk remailer. The message sent can be encrypted, the remailer will decrypt it and send it to the recipient address hidden inside the encrypted message.

Mixmaster remailers require the use of a computer program to write messages. Such programs are not supplied as a standard part of most operating systems or mail management systems.

A Mixminion remailer attempts to address the following challenges in Mixmaster remailers: replies, forward anonymity, replay prevention and key rotation, exit policies, integrated directory servers and dummy traffic.

Traceable remailers:

Some remailers establish an internal list of actual senders and invented names such that a recipient can send mail to

invented_name@some-remailer.example.con

When receiving traffic addressed to this user, the server software consults that list, and forwards the mail to the original sender, thus permitting anonymous—though traceable with access to the list—two way communication.

The famous "penet.fi" remailer in Finland did just that for several years. Because of the existence of such lists in this type of remailing server, it is possible to break the anonymity by:
Gaining access to the list(s),
Breaking into the computer,
Asking a court (or merely the police in some places) to order that the anonymity be broken, and/or
Bribing an attendant.

This happened to penet.fi as a result of some traffic passed through it about Scientology.

The Church claimed copyright infringement and sued penet.fi's operator. A court ordered the list be made available. Penet's operator shut it down after destroying its records (including the list) to retain identity confidentiality for its users; though not before being forced to supply the court with the real e-mail addresses of two of its users.

More recent remailer designs use cryptography in an attempt to provide more or less the same service, but without so much risk of loss of user confidentiality.

These are generally termed nym servers or pseudonymous remailers.

The degree to which they remain vulnerable to forced disclosure (by courts or police) is and will remain unclear, since new statutes/regulations and new cryptanalytic developments proceed apace.

Multiple anonymous forwarding among cooperating remailers in different jurisdictions may retain, but cannot guarantee, anonymity against a determined attempt by one or more governments, or civil litigators.

If users accept the loss of two-way interaction, identity anonymity can be made more secure.

By not keeping any list of users and corresponding anonymizing labels for them, a remailer can ensure that any message that has been forwarded leaves no internal information behind that can later be used to break identity confidentiality.

However, while being handled, messages remain vulnerable within the server (e.g., to Trojan software in a compromised server, to a compromised server operator, or to mis-administration of the server) and traffic analysis comparison of traffic into and out of such a server can suggest quite a lot—far more than almost any would credit.

The Mixmaster strategy is designed to defeat such attacks, or at least to increase their cost (i.e., to 'attackers') beyond feasibility.

If every message is passed through several servers (ideally in different legal and political jurisdictions) then attacks based on legal systems become considerably more difficult, if only because of 'Clausewitzian' friction amongst lawyers, courts, different statutes, organizational rivalries, legal systems, etc.

Since many different servers and server operators are involved, subversion of any (i.e., of either system or operator) becomes less effective also since no one (most likely) will be able to subvert the entire chain of remailers.

Random padding of messages, random delays before forwarding and encryption of forwarding information between forwarding remailers, increases the degree of difficulty for attackers still further as message size and timing can be largely eliminated as traffic analysis clues and lack of easily readable forwarding information renders ineffective simple automated traffic analysis algorithms.

There are also web services that allow users to send anonymous e-mail messages. These services do not provide the anonymity of real remailers, but they are easier to use.

When using a web-based anonymous e-mail or anonymous remailer service, its reputation should first be analyzed, since the service stands between senders and recipients. Some of the aforementioned web services log the users I.P. addresses to ensure they do not break the law; others offer superior anonymity with attachment functionality by choosing to trust that the users will not breach the websites Terms of Service (TOS).

If the object is identity anonymity, nothing sent via a remailer can ever include identifying information in content available to an outside observer. Thus:
"From: anon@remailer.net

Hey dude, send me that new comic to
123 Maple Street,
Wherever,
Country,
Postal Code.

Thanx"

…is evidently entirely unsecure.

Encrypting such a message with an adequately secure cryptosystem would help, and some remailers are set up to do so. In general clear-text messages are likely to include such information even if inadvertently, and user anonymity when sending clear-text messages is accordingly likely to be lost.

Less obviously, some software (e.g., recent versions of Microsoft Office components — Microsoft Word, Microsoft Excel, etc.) includes (ordinarily invisible) identifying information in each formatted file it saves.

The information might be:
name / organization / e-mail address (collected at 'product registration' and retained internally),

or product copy serial number,
or computer ID (e.g., CPU serial number,
or interface hardware address (e.g., Ethernet MAC address, a unique in the world ID),
or … One software program that claims to remove such information from files notes that there are about 30 different kinds in Word format files.

Those interested in anonymity should limit themselves to plain text messages (ASCII text only) produced by plain text editors (e.g., vi, emacs, Notepad, Gedit etc,…) as they don't include such hidden information.

Alternatively, users should take great care to inspect files (e.g., text, images, sound files, …) to ensure they contain no identifying information. Note however, that even byte-by-byte inspection will not necessarily uncover such information since it can be easily concealed by encryption, steganography, or simple unfamiliarity.

Anonymity, once lost, can almost never be regained as those interested in breaching it will often keep (and have often kept) records of such discoveries.

Such records have typically had very long lives, particularly if those keeping them have long planning horizons (e.g., governments, or groups with social or political interests).

For some opinions or speech, this may have, or come to have, serious consequences.

Not all anonymous remailers are identical, even when all work as intended. Close attention to operational standards and intent, locations, and reliability records is needed before choosing one. Among the criteria that should be considered are:

Class:
(two-way or one-way, encrypted message content or cleartext only, mixmaster style or one hop forwarding, …)

Location:
Some offshore jurisdictions permit seizure of equipment, data, or operating records)

Geographical Mapping:
http://riot.eu.org/anon/remap.html

History:
Operators who maintain and administer hardware and software in better condition than others; paying particular attention to security configuration issues

Security:
Some operating systems have worse security histories than others, even when properly configured, maintained, and administered

Operator:
At worst, a remailer run by some infamous Secret Police Department. An operator may be ominously inattentive

Privacy and operating policies:
If stated, better than not stated. If stated, sensible and observed, better still. However, recourse (legal or otherwise) has almost never been available against operators, software developers, operating system suppliers, especially in cases of loss of anonymity and/or consequent damages, regardless of operating policies

[who ya gonna sue, how and why?]

Software:
Some remailer software is widely used (and live tested), some is not.

Record and reputation:
Consult remailer statistics sites, and check (Google search, news group postings, blogs …

There is no way to ensure that a particular remailer server will never cause problems for its users (loss of identity or confidentiality). A remailer system not under one's own (expert level) control will always remain unknown.

In most cases, remailers are owned and operated by individuals, and are not as stable as they might ideally be. In fact, remailers can, and have, gone down without warning. It is important to use up-to-date statistics when choosing remailers.

http://en.wikipedia.org/wiki/Anonymous_remailer

Advertisements

5 thoughts on “Terrrrrist’s 101

  1. I can't say I have ever been tempted to use any of this sort of thing.If I wanted to do something ill conceived, I'd want to know the people I was dealing with and speak face to face so I could get live feedback.If I was going to be talking about bombing Parliament I would make sure nobody I was dealing with was ever going to go near the Internet with such things in mind as looking for further instructions.However if I was in a terrorist group and wanted to arrange a convention there would be no harm in catching a bus to another city, finding a cybercafe it#r they still exist these days and posting a code word such as meat me at Jin's on Friday.(Knowing that everyone reading it would suspect a meeting at Jim's on Friday even though there was no Jim.)(Those of us in the know would all have met at the pub around the corner from Fred's the day before.:cool: )I don't know how many geniuses from GCHQ would be sent to the right pub but it wouldn't take much effort to photo everyone there and see who turns up when we go across the road.After that we could all pass secret messages to one another in our packets of Rizzlas -taking them outside to read and inwardly ingest.

  2. André Bacard's Anonymous Remailer F.A.Q:This FAQ, first published in 1995, offers a nontechnical overview of "remailers" to help you decide whether to use these computer services.When I first wrote this FAQ, remailers were an esoteric subject. Today, millions use them. Links at Bacard's Privacy Page will connect you with specific remailers. I have written this FAQ for law abiding persons who value irony. You may distribute this (unaltered) FAQ for non-commercial purposes. Thanks to the many pro-privacy sites around the world which link to this FAQ. Copyleft 2012 by André Bacard].http://www.andrebacard.com/remail.html

  3. Looking at all the way they are looking at you I wonder what the spooks are playing at.Nobody seems concerned that thye can look at you e-mails undetected and undisturbed. Few seem to mind that your mobile telephone is a self tapper. Any national secret police force can follow you anywhere if you hacve a battery fitted to your device.I am not even sure it has to be switched on. I know you don't have to be using it.Noiw there are cars that tell your makers everything about it's journeys and how it is behaving and in some cases how it is being driven.Only now is the fact that all this data about you is being gathered by people you know nothing about (and you really don't want them to know anything about you) coming into question.And the question isn't why or when or where are they gathering the data but who ownds it.If it is data put out about your machine then it must belong to you. When your car reports where you are going and how fast etc., it isn't anyone's business but yours.So why is it going to someone else?And if the data from the car is yours, why is the data from the phone not yours?And if the data from the phone is yours, why isn't data you are sending over the net yours and yours alone?Why aren't governments falling over themselves to ensure that alien agencies such as the secret police and amateur scammers and all the rest of the nosey parkers on this planet behaving themselves with deecncy?Obviously the answer to that is because the governments want to control us their general public AKA the nobodies, the untermenchen.I am not being paranoid. If you ask yourself why the governments of every country on the planet have invited themselves to your feast unasked, you can only come up with the right answer.But have you ever thought how you are involved in the dirty, little, sneaky, creeping up backsides that is going on?There is nothing anyone can do about it. It is worth bearing in mind though. That wherever you live, you are dominated by careless, bullying, perverts. And you thought it was just China?Really?

  4. Originally posted by Slashdot:

    "The Metropolitan Police have rolled out a mobile device data extraction system to allow officers to extract data 'within minutes' from suspects' phones while they are in custody. 'Ostensibly, the system has been deployed to target phones that are suspected of having actually been used in criminal activity, although data privacy campaigners may focus on potentially wider use.'

    http://mobile.slashdot.org/story/12/05/16/2357251/uk-police-roll-out-on-the-spot-mobile-data-extraction-systemFor:"deployed to target phones that are suspected of having actually been used in criminal activity"Read:"Used recently by people".

  5. Another slashdotter; one about the Canadian Sheeple getting shafted:Originally posted by Slashdot:

    "Despite a recent story claiming that Canada's Bill C-30, covering internet surveillance, has died a 'lonely' death, the minister responsible claims otherwise. 'Public Safety Minister Vic Toews is denying reports that the Harper government intends to quietly shelve its controversial online surveillance bill, C-30.' Speaking to reporters on Wednesday morning, Toews insisted the legislation was moving ahead. He has previously stated this is the bill that you either support, 'or you stand with the child pornographers.'"

    Originally posted by Canadian minister:

    Trust me I'm not a kiddie porner.

    Or should that be:Originally posted by Canadian minister:

    Trust me unless you are a kiddie porner.

    Can you imagine anyone not thinking of the children?(Not counting child abusers that is?)I hope this legislation to spy on all of Canada goes through without any hitches or questions or anything.I'd hate to think the largest country in the world to be named after a small boat is filled with child molesters.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s