Protecting against a global adversary (theory session)

Welcome to another “Cerberus is - theoretically - wrapping her/his head around something” session Looking forward to community input here.

OK, so here is the thing: We may use Tor (or better Whonix) to anonymize. Leave alone PGP + OTR, overall encryption. We may be extremely cautious about not providing too much information (from a social perspective, think Jeremy Hammond). We may even become totally anti-social and “shut the fuck up”, do not participate in any public (or private) discussion, etc. … but, as far as I understand it so far, this doesn’t protect against a capable global adversary (with lots of time, interest + money) as the adversary is able to do timing correlation attacks. So basically, your whole anonymity + privacy setup is worthless if you just try hard enough to draw attention to you.

While this is all theoretical interest, I really can’t stop thinking about it and I currently see no other way to protect against a global adversary other than constantly moving. I mean, something along the lines of driving around in a van or something with a wifite/autopwn Wifi hacking setup (I do not advertise breaking other people’s Wifi here, just thinking about opportunities), maybe disposable prepaid (with a Guy Fawkes mask cash-paid) 3G cards. LOL. Certainly you can’t move on a global scale (with implications to the anonymity set) but it’s certainly better than sitting at the very same desk all day long, from a geolocation pinpointing perspective.

What about hacked - or somehow bought without any link to one’s identity (I know, this is almost impossible but anyways … theory) - two-way satellite internet? Do you have any papers here exploring the capabilities of a satellite internet provider - from a geolocation pinpointing perspective?

What are your thoughts on this? Any other ideas? Some benchmark of what I thought about?

I think a big problem is, that The Tor Project doesn’t have an serious competition. Well, there is i2p, but they admit that they have much less founding, development, weaker threat model. I respect they work on Free Software, certainly better than doing nothing and they may some day become a serious competition for The Tor Project. But for now, they’re not.

There are ideas for low latency anonymity networks that withstand global adversaries, see:
http://freehaven.net/anonbib/
https://mailman.stanford.edu/pipermail/liberationtech/2014-January/012702.html

Just no one is working on it. And it seems to me, The Tor Project is for a big part working on what they get sponsored for. And in ages, I’ve never seen any founding for that kind of task. I guess sponsors will change their priorities when adversaries have managed to make Tor useless.

[quote=“adrelanos, post:2, topic:66”]There are ideas for low latency anonymity networks that withstand global adversaries, see:
http://freehaven.net/anonbib/
https://mailman.stanford.edu/pipermail/liberationtech/2014-January/012702.html[/quote]
Thanks a lot for sharing this information.

There is also Jondo as a viable option in my opinion. I have tried them and they are actually very good (some people say even better than Tor).
Their paid plan is certainly much faster compared to running Tor.
It’s backed by reputable universities that research in this area.

There is no reason to protect against a “capable global adversary with lots of time, interest + money”.

Because this enemy is not born now.
The theorie is born already, thats right, but at the moment it is not possible.
And if the status is reached to make it possible, than the “time+money” will be a big problem.

But some days it will be possible, faster and cheaper and this will be the time when other organisations, like Torproject will implement security patches in there software to avoid such attacks.

Time attack can break with random stops of transfer the packages.
And maybe repack the packages, to change the size and hash of the send files.
Or send the files to 100 or 1000 receivers, so nobody can see what is the real recipient, like bitmessage.
In a few years there will be so much bandwidth, that it will not care if 99% of the send informations are bullshit.

it is debatable whether or not a technological solution itself will ever be close to 100% effective. however, this method, if implemented properly, can allow you to hide within noise if you are in an urban area and have some money to spend. basically, you find a free wifi access point somewhere in the area. then, you create an outward spiral from it using any routers you can buy where the firmware can be flashed to have them function as an open extender/repeater and disable logging. depending on the population size of the city, with the radius you cover with your wifi extended network, there is the possibility that a few million people had the opportunity to connect to it over the span of a day. randomize your computer’s mac address each time you connect, and then use tor as usual. a powerful player may be able to traceback the origin of various communications to the public wifi being used. but with no logs in your wifi infrastructure acting as a number of repeaters that funnel into a public access point, learning the true identity of a user of such a setup becomes a considerably more difficult operation.

[quote=“CoinMiner, post:5, topic:66”]There is no reason to protect against a “capable global adversary with lots of time, interest + money”.

Because this enemy is not born now.[/quote]
Did you follow up the snowden revelations? Western secret services very well fit that description.

If someone good at internet tech and without powers or laws to limit it, it can be very horrible like NSA, for now, no any person in NSA are punished by any country. Its normal for a government to surveilant their citizens for some security reasons, but the NSA surveillant EU countries is really out of my mind, making the Tor unsafe and thanks Mr. Snowden tells us the global surveillance is really exist, but I can’t do anything

“While this is all theoretical interest, I really can’t stop thinking about it and I currently see no other way to protect against a global adversary other than constantly moving. I mean, something along the lines of driving around in a van or something with a wifite/autopwn Wifi hacking setup (I do not advertise breaking other people’s Wifi here, just thinking about opportunities), maybe disposable prepaid (with a Guy Fawkes mask cash-paid) 3G cards.”

Interesting,a better fool-proof is to never had used the internet or the computer itself in the first place and stick to getting knowledge the old fashion way by reading books or going to the library.But as we all know the internet is not just used for gaining knowledge but for a number of other useful things.

I think we (and I start with myself) think too much about computers. I mean, yes, online privacy is important, but what is more important, the place where I access web and which websites I access, or the fact that I work everyday at the same place, talk to the same people, buy my stuff on the same places, etc?
I mean, we think “I am anonymous because I use Tor and GPG and I2P and whatever”. We are not and that is not even what matters the most. I think Free Software is more important than Anonymity Software, because Free Software at least takes itself as a political movement that wants to make a world change. AND STILL, Free Software only cares about that… software. I think it’s more important to sometimes think about people who are sick and hungry, think about the way we treat our family and friends, the way we handle our finances. For me, anonymity is not even a right, it’s a necessary evil. Privacy is a right, anonymity is not.
However, and to answer the OP, there is no way to fight a global adversary. Watch Steve Rambam’s speech “Privacy is Dead Get Over it”. You will understand. Think about NSA and ASIO, and you will understand.
I use the best anonymity tools to protect my PRIVACY against LOCAL adversaries. I don’t think anonymity is a given right and I don’t believe I can defeat a global adversary with unlimited people, money, infrastructures, time, etc.
I still believe that we should try to achieve the best level of security in our computing (which means more than just anonymity).

compartmentalize activities / disguises / identities online and irl & create new ones periodically
create new writing styles
switch computers and locations periodically,
minimize all software, electronics, and communications / info as much as possible (only stay in contact with people who are very adept in anonymity & security),
use only free hardware and software,
from a security perspective, consider all electronics owned. Take all security precautions
live in a remote place away from population,
don’t only rely on tor for anonymity or encryption for security, (e.x; use both application lockdown and kernel lockdown, use combination of anonymity & security tools / services.)
distribute trust by using multiple sources

The difficulty is not in the process. The difficulty is in doing it well enough consistently without slipping up

I think the difficulty is in living. We DO have families, no one will stop talking to grandma because she can’t install enigmail to run through Tor and access it remotely with OpenSSH… Really, just thinking about an old lady doing it makes me laugh out loud! xD ahahah
But really, maybe we should try to find a balance… After all, if the hackers in the 80s said “We demand free access to all information”, that means the information must be available and indexed. The problem right now is the fact that govs and companies have it and don’t share. We all should be able to know if the lady that looks over our kids has an history of beating down little kids.