Re: Usenet - How to protect free speech?

From: Barry Keeney (barryk_at_shimi.swcp.com)
Date: 09/11/03 

Date: Thu, 11 Sep 2003 16:02:00 +0000 (UTC)

In alt.computer.security Doug <doug@na.com> wrote:
: --
: There are a set of people P = {p1, p2, p3, ... , pN}. These
: people want to have a conversation on the usenet networks.

: However, there is an Evil Government Agency EGA that will arrest
: these people because they talk about things with certain key words
: in them.
: --
: All posts are then public-key encrypted and can only be read by
: people with the private key.

  Encryption is a good start, but sooner or later someone will
figure out how to break whatever system you use. The EGA might
already know how to break it now!

: Then EGA can see that data is being posted but cannot access
: what the data being posted IS, and therefore, the posters are
: protected.

  The fact that you're using encryption might make the EGA
a look at you and want to know why you're using it.

  One of the best ways I can think of is hiding your traffic
by making it look completely normal to the point of being
boring. Everyone goes to places like google, if you could
hide your messages in something that google would return
from a simple search, it's possible that no one will notice.

  Basicly hide in plain sight. People see the crazy guy
who talks to himself on the street, but they don't give a
second look at the garbage man picking up the trash cans.

: Now, I've been challenged: If the set P is willing to add new
: members from the set of people who NOT in P, it becomes a trust
: issue.

: Any BAD new member added to P makes the private key available
: to general use and the entire group is compromised.

  People are always a possible weak link. Can you always trust
everyone in a group 100%? Are there things you've NEVER told
anyone? Why not? you trust your wife/husband/SO/friends
right?

  Also there are other ways to get access to the encrypted data.
One of the less fun ways for the members of the group is "Rubber
Hose" decryption, they beat the encryption keys out of one of the
group members. This system is every effective in getting information
and some EGA's are more then willing to use it, after all everyone
has a breaking point (or they die).

: Am I completely on the wrong track here? Should I be looking at a
: initial post service that strips incoming logs (but is vulnerable
: to EGA direct attack)?

  Even if you use a relay service to strip off information like
your email address, location/IP, etc the EGA could watch the traffic
to and from the relay site and could figure out which message from
the relay was yours, even if it's encrypted going to and from
the relay. The EGA could also see who else gets this message.

  I've always looked at the internet, and everything on it, as if
it's a postcard traveling though the mail. Anyone who handles it
can look at it if they want and there is no way to stop that.
Sure if the postcard is in a language they can't read (encrypted)
they won't know what is says, but who knows what languages the
postman can read for sure? And the postman has to be able to read
the address if you want it delivered.

  If you're going to use the internet for something that might be
illegal where you are, (or somewhere else) you'll always run the
risk someone will be watching and know what you're doing. 

-- 
Barry Keeney
Chaos Consulting
email barryk@chaoscon.com
"Rap is Square Dancing gone terribly, terribly Wrong...."

Relevant Pages

  • Re: Usenet - How to protect free speech?
    ... The EGA might ... The fact that you're using encryption might make the EGA ... One of the less fun ways for the members of the group is "Rubber ... Even if you use a relay service to strip off information like ...
    (alt.computer.security)
  • Re: Stitching bliss
    ... If you do not have an EGA chapter near you, you can join as a Member At ... which means the members pay for supplies and book ... me --I'm a Pisces....what does that mean for stitching? ... Haven't been downtown in awhile. ...
    (rec.crafts.textiles.needlework)
  • Re: Stitching bliss
    ... house is a historical one and many clubs have their meetings there -- ... If you do not have an EGA chapter near you, you can join as a Member At ... which means the members pay for supplies and book ... Haven't been downtown in awhile. ...
    (rec.crafts.textiles.needlework)