[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Innocent way to switch to anonymous talk without suspect on part of spy bodies

Suppose you have met a person in a chat or forum on a website controlled by adversary x. Both of you are non-anonymous with real ips involved. The person knows nothing about anonymity and surveillance but you want to establish an anonymous talk with that person. How will you persuade that person to install the software providing anonymity and encryption of talks?
You could send a password-protected zip file with instructions but how can you tell the password to that person? If you send the password via that site, the adversary x will get the password too.
Any ideas?

One solution to this issue could be…

If you controlled a website (HTTPS enabled of course) with server side scripting capabilities, you could message them an innocent looking link (https://example.com/page.php – or – https://123.123.123.123/page.php).

Then, on that webpage, you lay out an explanation to them of how to download, install, and use the anonymous tools. And instruct them not to mention the contents of this webpage in plaintext chat.

But you would also setup an additional key feature to this webpage that makes it special…

You make the webpage “auto self-destructing”, by recognizing that it has already been visited by your intended recipient and then dynamically changing the content of the page to show some other innocent off-topic content for every other visitor after them.

Basically, a webpage “cloacking” strategy that keeps gov from seeing the webpage content, assuming they don’t go to more extreme lengths of stealing your SSL keys and recording packets, or compromising end-points to retreive a copy of the webpage (still unlikely stuff for targeting everyday activities of normal people).

Other optional enhanced tactics to utilize with this webpage cloaking strategy might be…

  • geoip association
  • browser fingerprinting
  • javascript content encryption/obfuscation
  • data uri schemes
  • no caching headers
  • online web proxy viewers
  • self-signed ssl
  • perfect forward secrecy ssl

But the basics of this strategy would be…

  • have a simple HTTPS webpage you control
  • have 2 versions of the content (secret message / public content)
  • way to record previous visits to the page (database or text file)
  • server side script (assuming the right person is the 1st visitor, which might be a bad assumption depending)…

if ( is very 1st page visit ) {
then display secret message
} else {
display public content
}

or something more advanced and targeted like…

if ( is very 1st page visit using Firefox browser coming from IP in California ) {
then display secret message
} else {
display public content
}

From that secret page, you get them to transition to anonymous encrypted channels, and everybody else who visits the webpage sees some innocent meaningless content instead.

Zip file transfer over clearnet would be a more “messy” approach for anonymity purposes, imo.

Data transfer could be done after they establish a private anonymous encrypted channel with you first.

All you need is to get them an inital private message that effectively explains everything to them, but at the same time looks like some random innocent meaningless content to anybody else.

A webpage strategy like this also helps give you a format to explain things properly. Like…

  • that the page will auto delete itself after they leave it so pay close attention
  • that they should not mention this page to others or on clearnet
  • any education they need about how anonymous/encrypted comm tools work or why they are important/necessary
  • how to go about downloading/installing the right ones, and how to initiate contact with you through these tools.

Also an added benefit of being able to see the traffic to this special webpage is that it might potentially allow you to be further tipped off to any people/gov/orgs who are trying to personally monitor you or your contact.

Hope this cloaked webpage idea helps you out!

Thanks for your contribution. The idea is good but hard to implement for a general user who cannot write scripts and does not have own website. Also the website hosting itself should be a trustworthy one without any affiliations to the adversary x… Or you need to keep the site on your own PC which is probably better but requires knowledge of apachi or other webservers, etc. Also the webserver can be attacked.

I hope clever guys will make some day an easy solution for us to fool the surveying bodies.

There is http://0bin.net/ site with the read message self-destruction capabilities but no one knows if it trustworthy or affiliated with the Big Brother.

Forget about hiding it. If a state actor is targeting you, it’s likely they’re going to know that your talk is now encrypted. Since we’re talking USA, switching to encrypted will raise interest, but provides no evidence against you.

Without getting into too much theory, let me just suggest something and you tell me if it works…

I’m assuming you have a way to communicate with this person that, though surveilled, does indeed move messages between you and him (for example, email).

What I did with my family and friends:
Send them an (unecrypted, surveilled) message telling them to install Threema*, confirm their email address with that service, and send me a message.

*You can use whatever service/app/wutever you want, as long as you trust it (Threema is multiplatform but closed source) and it’s user friendly enough for your friend. TextSecure is open source (android only, crossplatform in progress). GPG Email would be ideal if your friend were savvy with computers.

The point here is that the service only allows one person to authenticate as your friend (via email authentication, or simply the fact that the adversary x can’t pretend to be the same person/ID number as your friend at the same time your friend is talking to you).

Assuming the adversary x doesn’t kill your friend and take over his life the moment after you send the first instructions over email, sending surveilled instructions only leaks your form of communication (which a determined adversary would have figured out anyway).

Yeah, I hear you on the technical requirements for average users.

However, for yourself, things that are challenging now can become easy a mere year from now. Then, you have upgraded capabilities for the indefinite future of your life.

The thing about this strategy is that the technical challeneges are at least one sided, so your contact person can be an average user. Sometimes getting them to unzip a file, let alone an encrypted one can be a challenge. Viewing a webpage is at least easier for them to do.

The fundamental security challenges I see are…

  • Trust
  • Transport
  • Install Base

Trust…

As you mentioned, using third party intermediaries are inherently not trustworthy.

That goes double for any consumer web services.

They have direct internal access to any comms & files. They can be bribed, threatened, or legally compelled by others. And you’re just a small number to them in a large pool of users or customers.

Putting an encrypted file on their servers and sending links for it to others is less innocent and more suspicous than something like routine web browsing.

Transport…

Person to person transport of encrypted bits via public clearnet services is more suspicious looking, escpecially if being targeted.

And, there is also the issue of getting a key into the average users hands to unlock the encrypted file.

Sending cleartext is not automatically suspicious, but then you can’t say anything private or securely instruct them to use better encrypted tools without risk of oversight at this phase.

Problem is that your original identities from the communication are being associated to whatever you transport between each other.

Install Base…

Any solution to this problem has to work with the software average users already have on their devices.

You could send them an encrypted zip file, as already mentioned, but then you are transporting more suspicious bits over the clearnet or through third party services, which are linked to your original identities.

The only other standard widespread install base that I can think of is the internet browser with HTTPS.

As discussed, this allows for an encrypted initiation message to be sent and it can be made to look like innocent web browsing to some random content.

Any solution needs to work with an existing install base of software, remove trust from intermediaries, be careful of suspicious transport and identity associations, generally appear innocent overall, and not be easily recoverable.

I can’t imagine another solution to achieve this, other than a cloaked HTTPS webpage.

But if someone else can come up with one that can still avoid all of the pitfalls involved, then that would be pretty impressive.

In a lot of cases, this is a reasonable compromise to make. Just openly suggest that you move to another private communication medium.

However, what this leaks is two-fold…

  1. The fact that a conversation/relationship is continuing between you and the other party.

  2. The communication medium that it is continuing to.

If you want your interaction to appear ephemeral, as if you did not continue on interacting with the other party, then the HTTPS webpage cloaking strategy is all that I can think of as a more robust method.

Just depends upon the how valuable each degree of anonymity/secrecy is, on a case-by-case scenario.

I believe you’ve accidentally chosen “FBI” as an arbitrary example. Most likely, it was an arbitrary choice. Who that does not do anything illegal would want to circumvent the state police of a Free Country ™. Just in case, discussing circumventing the FBI isn’t allowed in this forum. I am hope you’re rather interested to defeat a theoretic adversary sponsored by a Non-Free Country ™ or didn’t want to reveal, which rogue state you’re up against.

Yes, Yes… I’m sure the post was a purely arbitrary academic discussion of theory, which is fully permitted by law of said Free Country ™. :wink:

I don’t think there are free or non-free countries. Spying is everywhere but punishment is different.
Big Brother is everywhere and of course it may take different shapes and names.

[quote=“anonuser, post:9, topic:94”]I don’t think there are free or non-free countries. Spying is everywhere but punishment is different.
Big Brother is everywhere and of course it may take different shapes and names.[/quote]

Hense the trademark… ™, since “authority” (legally protected use of force/violence) has the power to get away with doing what it wants and simultaneously declare itself as morally righteous and just in whatever it does.

Most people who politically control or have an power stake in some entity (government, commercial, or otherwise) is going to want to brand their “team” as being the “good guys”.

Like… Ohhhh we’re the “free and proper country” and those other foreign people are not free and live in suspicious ways.

You are right in your assessment anonuser. We’re just having fun with the subjective relativity in it being used as a devicive political brand.

But, yeah, wise to keep things more abstract and not call out specific people or entities in such positions, especially in topics of opposition.

Suppose you have met a person in a chat or forum on a website controlled by adversary x. Both of you are non-anonymous with real ips involved. The person knows nothing about anonymity and surveillance but you want to establish an anonymous talk with that person. How will you persuade that person to install the software providing anonymity and encryption of talks?

I use and recommend
mumble: open source direct P2P (no intermediary server) encrypted SIP voicechat + typechat + filesharing
– available in both linux and Windows versions
– works from behind a firewall / NAT router
– easy install, easy setup+connect
– very good sound quality & excellent noise suppression


http://mumble.sourceforge.net/

[b]How[/b] will you persuade that person to install the software providing anonymity and encryption of talks?
How? Refuse to communicate with 'em via any other means (IRC, Pidgin, GoogleTalk, WebRTC routed via peering server, etc)
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]