|
Everything
you need for Secure and Private use
of the Web and Usenet
Security and Encryption FAQ - Revision 21.4
by Doctor Who
"No
one shall be subjected to arbitrary interference with his privacy,
family, home or correspondence, nor to attacks upon his honour and
reputation. Everyone has the right to the protection of the law against
such interference or attacks."
Article 12 Universal Declaration of Human Rights
This
Faq/Tutorial is offered in good faith and is intended to be an
encapsulation of my knowledge and experiences gained over the many
years that I have been a computer/Net user. There are many roads to
security and privacy on the Net, this is one that I have personally
pursued and can recommend from experiences gained. I am not making any
claim that it is the best or the only route to privacy and security,
just that it works for me.
There
are countless reasons why someone may need the reassurance of
anonymity. The most obvious is as a protection against an over-bearing
Government. Many people reside in countries where human rights are
dubious and they need anonymity to raise public awareness and publish
these abuses to the world at large. This Faq is to help such people.
Privacy and anonymity are very important principles associated with both freedom of speech and democracy.
"Anonymity
is a shield from the tyranny of the majority... It thus exemplifies the
purpose behind the Bill of Rights, and of the First Amendment in
particular: to protect unpopular individuals from retaliation - and
their ideas from suppression - at the hand of an intolerant society."
Justice Stevens, McIntyre v. Ohio Elections Commission, 1996
Changes since previous revision:
Now includes a method of anonymously obtaining a prepaid Debit Card.
Unfortunately,
since my last Faq, e-Gold has been compromized by the FBI. All accounts
are now subject to their scrutiny, so it is very inadvisable to use
e-Gold for the foreseeable future. This revision is a holding, meaning
temporary, revision and I will update with alternative ways to fund an
anonymous prepaid Debit Card as soon as I am able. References to the
use of e-Gold within this Faq should therefore be treated with great
care or ignored.
Part 1 offers an overview approach to achieve security and anonymity.
Part
2. In the second part will be the practical implementations of some of
the programs mentioned in Part 1. In some cases this will include
detailed setup instructions to help achieve the goal of true computer
and Internet privacy and anonymity. I assume a basic understanding of
computers, such as the ability to copy and paste and a general
knowledge of how to install programs and follow setup instructions.
Part 1 (Questions 1 to 30)
1. How does encryption work?
Essentially
the plaintext is combined with a mathematical algorithm (a set of rules
for processing data) such that the original text cannot be deduced from
the output file, hence the data is now in encrypted form. To enable the
process to be secure, a key is combined with this algorithm. The key is
protected by a passphrase. Obviously the process must be reversible,
but only with the aid of the correct key. Without the key, the process
should be extremely difficult. The mathematics of the encryption should
be openly available for peer review. At first sight this may appear to
compromise the encryption, but this is far from the case. Peer review
ensures that there are no "back doors" or crypto weaknesses within the
program. Although the algorithm is understood, it is the combination of
its use with the passphrase that ensures secrecy.
Thus the passphrase is crucial to the security of the data.
2. I want my Hard Drive and my Email to be secure, how can I achieve this?
You
need PGP (Pretty Good Privacy) for your Email and DCPP (DriveCrypt Plus
Pack) version 3 and/or TrueCrypt version 3 for your hard drive
encrypted files.
Both
DCPP and TrueCrypt are known as OTF (On-The-Fly) type programs. OTF
means the encrypted data is only decrypted into RAM (Random Access
Memory) and remains at all times encrypted on the drive. Thus a crash
close will not leave packets of plaintext on your drive. A very
important feature.
PGP
is available for all versions of Windows, Linux, Unix, Mac and others.
The source code is available for compiling your own version should you
wish.
DCPP is
Win2000/NT/XP compliant but not compliant with Win98 or earlier.
Regrettably, no source code is available. It has two unique advantages
over other encryption programs. (a) It is a whole boot drive encryption
program. (b) It offers a form of very good plausible deniability.
TrueCrypt
is a relatively new, free and open source program of great promise. It
does not display any file header info to help a snooper identify the
file's purpose. The header is encrypted and shows as random garbage.
But it will identify which type of format was used to create the
Truecrypt volume. Despite Windows and other programs claiming the
partition is not formatted, Truecrypt will itself rather unhelpfully
tell the world that it is obviously a Truecrypt created volume. I am at
a loss to understand the logic of this, but there it is.
It
allows the encryption of a whole partition or drive. The source code is
freely available so it means anyone with the ability can compile the
same program. The importance of this cannot be too strongly stressed.
It means the risk of a hidden back-door is virtually eliminated.
If
the sighting of the source code is important to you, I suggest using
PGP and TrueCrypt. In all cases you must check the PGP signatures of
these files, after downloading from a trusted site. I would never
advocate using any hacked version of a critical security program, or
one sourced from a warez or other dubious site. Certainly not if you
are truly serious about your privacy.
Note 1: PGP, although excellent at ensuring Email privacy, does nothing for anonymity. The difference is crucial.
I
will assume that anonymity is also very high on your list of needs and
so will concentrate on that issue further down the Faq.
3. What is the difference between these encryption programs?
One
of the difficulties before asymmetrical key encryption was discovered
was how to get the key to the person wanting to send you an encrypted
message. In the past trusted couriers were used to get these secret
keys to a distant location, maybe an overseas embassy. Nowadays this is
unneccessary because of the discovery of what is called public key
cryptography. Two different keys are used. One key is secret and the
other is made public. The most widespread program of this type for
private use is PGP, invented by Phil Zimmerman. In fact it has become
the de facto standard on the Net. This program is ideal for Email.
Anybody
sending you mail simply encrypts their message to you with your PGP
public key. The public key is obviously not secret - in fact it may be
spread far and wide so that anybody can find it if they wish to send
you encrypted Email. The easiest way to ensure this is by sending it to
a public key server. On the other hand, some prefer not to share their
key, except within a small closed group. Your choice.
The
only way to decrypt this incoming message is with your secret key. It
is impossible to decrypt using the same key that was used to encrypt
the message, the public key. Thus it is called asymmetrical encryption.
PGP is simplicity itself to install and use. It even offers to send
your newly generated public key to a key server.
For
your normal hard drive encryption, you will need a symmetrical type of
encryption program. This means the same key is used for both encryption
and decryption. DCPP and TrueCrypt are of this type and especially good
because they are OTF (On-The-Fly) type programs.
DCPP
and TrueCrypt use the passphrase to encrypt a randomly created key.
DCPP stores an encrypted copy of this key in the keystore which is a
separate entity to the encrypted disk. TrueCrypt stores an encrypted
copy of the key within the headers of the encrypted device. It is the
plaintext of the key that is used to encrypt (and decrypt) the contents
of the disk or container on an as needed basis into RAM memory.
With
PGP a public key is chosen to encrypt the message. PGP will then
generate a one time session key which it uses to encrypt the message.
This session key is then itself encrypted with the public key of the
intended recipient of the message. This encrypted copy of the session
key is then wrapped in the headers and sent along with the encrypted
copy of the message to the recipient. Only the recipient has the
private key which can decrypt this session key. If there are multiple
recipients, then this session key is encrypted to the public key of
each recipient in turn. All these different encrypted versions of the
session key are then wrapped in the headers of the message. Each
recipient can decrypt his version of the session key, which will then
be able to decrypt the message. PGP also has a keystore. The keystores
for both PGP and DCPP are protected by the passphrase.
The
sender of a PGP message may choose to sign a message. The message may
or may not be encrypted. PGP will then encrypt the hash of the message
contents using the senders private key. His public key can then be used
by the recipient to check that his hash of the message is identical to
the original, thus proving it was made using the sender's private key.
Only one private key, the sender's, can encrypt the hash such that it
will check out correctly with the sender's public key. If even a white
space between two words is closed up in a message, the signature will
show as bad. This offers a very secure method of checking both the
accuracy and the authenticiity of a message.
Truecrypt
and many other symmetrical encryption programs store the key within the
headers of the partition or container. One question often asked by
newbies is whether the passphrase is also stored somewhere within the
encrypted file. No. The passphrase is passed through a hash. It is the
hash output that is stored within the headers of the encrypted
container. The program will compare this hash with the hash it produces
from your passphrase that you type in to mount (open) the container. If
they are identical, the program will use your passphrase to decrypt the
key that the program generated to encrypt the disk or container. It is
this key that will then be used to decrypt the disk or container on the
fly.
Hashing is a one
way action only; it is impossible to derive the key from the hash
output. The hashing process is simply a way of checking that the
correct passphrase has been input. If the program was somehow altered
to force it to use an incorrect passphrase, the output would be
garbage. There is no shortcut or fix, without the correct passphrase
the output will be junk.
4. I have Windows, am I safe?
Windows
is a closed source operating system which is a law to itself. Each new
update that is released by Microsoft seems to need further updates to
fix the security holes discovered in the previous releases. It has been
an ongoing process over many years with no end in sight. These
weaknesses can manifest themselves as security holes when on the Net. A
further problem with this operating system is its seeming determination
to write to your hard disk all sorts of information that may be hidden
from your view in all sorts of places that could be found by a forensic
examination of your computer.
Thus
we have a two fold problem. Firstly, the problem of Windows having the
potential of security holes that might be exploited by snoops and
hackers using the Net and a different security problem of writing all
sorts of information to sometimes hidden folders that might not be
obvious from a cursory check by you, but easily found by a forensic
examination.
If you
wish to protect yourself from these potential weaknesses you need to
have an effective firewall, an effective anti-virus and an anti-spyware
program. That will hopefully help to minimize the threats from outside.
That is only the start. You also need to replace your Windows Internet
Explorer browser and your Outlook or Outlook Express Email client for
something a lot more secure. I like FireFox and Quicksilver. Even these
need support from the use of specialist programs.
Even
with Firefox or any other Web browser it is imperative that you disable
Java and Javascript. More about the reasons why later in the Faq.
Secondly,
you are well advised to encrypt your whole drive to protect yourself
from what Windows will write to your hard drive. There are so-called
wipe and cleaner programs to remove cookies and many other files that
Windows will save to your hard drive for future reference. But at the
end of the day, the only truly effective counter measure against these
potential weaknesses is to encrypt your whole boot drive.
In
some countries, even this might not be enough. Such countries can force
you to hand over your passphrases to these encrypted drives by
threatening imprisonment. As more and more judicial systems seem to be
leaning ever closer to this sort of injustice (injustice because the
culprit is being forced to self-incriminate himself which is in direct
violation of Article 5 of the Bill of Rights; the right to refuse to be
a witness against oneself), so it is more and more important for the
individual to protect himself.
Because
of these encroachments on our liberty I propose in this Faq a method of
plausible deniability. This means you can justify every one of the
files and folders that are on your computer.
5. Which program do you recommend for this whole drive encryption?
Unfortunately,
there is at present no modern whole boot drive encryption program for
the Windows operating system with open source which also allows a
hidden operating system accessible on boot. Of the many different boot
drive encryption programs, I like DCPP. It is easy to install. But its
single greatest benefit is it offers a form of truly excellent
plausible deniability for its presence on your system.
It
encrypts the whole partition. So if you want to keep part of your drive
in plaintext you will need to divide your hard drive into independent
partitions or better, have two separate hard drives.
A
further major advantage over previously recommended encryption programs
is that the passphrase is input at Bios level, before Windows is
loaded.
The importance of this is difficult to over-emphasize.
This
means it is impossible for any software key-logging program that may be
on your computer to detect your passphrase. Such programs are sometimes
picked up on the Net or arrive via Email and could circumvent all your
efforts at security. It is even conceivable that a snoop or hacker
could steal your passphrase as you type it in, if this is done whilst
the operating system is running. I am sure someone will mention that
there are hardware keyboard logging devices, which could grab your
passphrase when you start up, before the operating system is loaded.
However, common sense local site security should minimize this risk.
A
Bios level input of the passphrase in conjunction with whole boot drive
encryption is just about the Holy Grail of security - without a
hardware keyboard logging device, very difficult to intercept and
snoop.
6. Are there other OTF programs?
There
are several. But so far as I know only DCPP operates from boot and
includes the opportunity of creating a second (hidden) boot operating
system.
Others, such as TrueCrypt only encrypt data files, not the Windows operating system.
TrueCrypt
offers strong plausible deniability because it allows you to encrypt a
partition that appears to be unused and without a drive letter. The
method of ensuring this is simply explained in the Help File that
accompanies TrueCrypt. The latest version also allows you to create a
hidden encrypted volume within the first. This further improves its
appeal and prospects of plausible deniability and in conjunction with
DCPP should be excellent for your backup data.
7. How difficult is it to break into one of these programs?
Very
difficult, in fact for all practical purposes, it is considered
impossible. In most cases, the weakest link will be your passphrase, or
being compromised by a hardware key-logger through not having good
security on your desktop.
Your
passphrase should be long. Every extra character you enter makes a
dictionary search for the right phrase twice as long. Each time a bit
is added it doubles the number crunching time to crack into the
program.
Each keyboard
character roughly equates to 8 bits, and is represented on the drive as
two hexadecimal characters. This suggests a 20 character passphrase is
roughly equal strength to the encryption. In practice, probably not. A
keyboard has around 96 different combinations of key strokes, thus
multiplying this number by itself 20 times is a hugely large
combination, ensuring a high probability of defeat at guessing a
passphrase. But few people can remember a truly random 20 character
passphrase. So most people use a less than random one. This means it
should be longer to help compensate for this lack of entropy.
You should also use at least part of both lines of the passphrase input screen with DCPP. If you like, two passphrases.
8. Why?
Because
any passphrase cracker cannot find the correct key until it has
exhausted a key search as wide as the last character you enter. A
strong hint that you should make sure the last character of your
passphrase is well along the bottom line! For higher security you
should spread it around on both lines.
Although TrueCrypt has a single line entry it will accept a long passphrase of at least 57 characters from my simple tests.
Be
sure that if any serious snooper wants to view your secret data, they
will find a way without wasting their time attempting a brute force
attack upon your DCPP or TrueCrypt container. In some countries rubber
hose cryptography may be the rule. In some "civilized" countries there
are more sinister methods, such as tempest or the use of a trojan.
Fortunately,
tempest and trojan attacks are far less likely to succeed against DCPP
than all the other encryption programs. Hence my strong and
enthusiastic support for this program.
9. What about simple file by file encryption?
I
recommend either PGP Tools which comes free with PGP or Kremlin. Of
course this is not necessary for files within your encrypted drive. But
is essential to clear files off your computer that are outside your
encrypted drive.
PGP
Tools is a long winded process just to encrypt a single file, as it
asks you to first choose a key before entering the passphrase. Kremlin
is quicker because it allows you to right click on the file to be
encrypted, a password box opens and that is it. It also similarly
allows you to wipe any file by right clicking. This can also be done by
PGP. Another recommended program to erase individual files is Eraser.
10. Can I encrypt files on a floppy?
Yes, use either TrueCrypt, DCPP, PGP Tools or Kremlin.
11. Does using Encryption slow things up?
Negligibly
on any modern computer. The length of your passphrase is immaterial to
the speed of decryption. But different encryption algorithms vary
significantly. One of the fastest is Twofish and probably the slowest
is 3DES (triple DES). This applies only to symmetrical encryption
programs. PGP uses RSA or Diffie-Hellman generated keys, which in turn
are used to encrypt/decrypt a randomly generated session key. The RSA
key is very slow, but as it is only used to encrypt/decrypt the 128 bit
CAST5 or IDEA session key its slowness is not noticed. TrueCrypt offers
a range of ciphers, of these I recommend AES as it is a 128 bit block
cipher with a 256 bit key. It offers a good compromise between speed
and security.
12. Do I need a PGP passphrase if I store my keyrings within my encrypted drive?
Definitely.
Just because you have encrypted your drive does not relieve you of the
necessity of protecting yourself whilst online.
13. I use Mac, OS2, Linux, (fill in your choice), what about me?
Use either BestCrypt (by Jetico - do a Google search) or PGPDisk.
There are many others, but I know nothing about them.
14. How can I ensure I do not leave traces of unwanted plaintext files on my system?
If
you are using DCPP this should not be a problem. But you must disable
the Windows hibernation (power saving) feature. When Windows goes into
hibernation it will dump everything that is in RAM memory onto the boot
drive, by-passing the DCPP drivers. By-passing these drivers means it
writes everything to disk in plaintext including the keyfile data which
unlocks your most secret partition. This will defeat the whole purpose
of having encryption.
Although
your whole drive will be encrypted I would still install a program to
clean out bloat and cookies. My recommendation for this is Windows
Washer.
To wipe unused
space on your drive I recommend Zapempty. Although a Dos based program,
it runs easily even within Win XP. This is a part of a zipped file of
wipe utilities called Wipeutil.zip. Extract Zapempty onto the drive you
wish to clean up and double click it. But do not use it or any other
disk wipe tool on your encrypted drive or it may be a pointer to where
the hidden container lies.
15. What programs do I put in my newly Encrypted Drive?
All
your usual programs that you need to use your computer normally, plus
the more specialised ones to help you achieve anonymity. See further
down the Faq.
16. How do I "cover my tracks"?
Never
surf naked. Always, always use a proxy. There are now easy ways to use
a proxy. In the early days it was necessary to find and hand select the
proxies you wished to use. This was a laborious process and needed
expert knowledge of which programs to use to find and exploit them.
Some still prefer to do it this way. I call it rolling your own. It has
the distinct advantage of user choice and control over each proxy to be
used in a chain. However, this may offer anonymity, but not necessarily
privacy. Meaning no encryption. I like privacy and anonymity, so I use
other methods. The method I propose also has the merit of ease of use
and total transparency once the programs are set up.
17. Earlier on you mentioned plausible deniability, what is it?
Plausible
deniability is the ability to offer irrefutable justification for every
single file, folder, container, partition and drive that might contain
encrypted data. DCPP version 3 (now version 3.5) offers a world first
because it allows dual booting into either of two entirely separate
boot operating systems, each invisible to the other with both using the
same drive partition. One of these may be called your honeypot
operating system, meaning it contains encrypted data that you are
prepared to show under duress. The second (hidden) operating system
will contain your most secret data that you never release. Its presence
can only be deduced by correctly guessing the second most secret
passphrase for that operating system. No other way exists to prove
there is a second operating system. Examination by forensics of your
encrypted boot drive can only show the usual random data that is
associated with an encrypted drive. Nothing else.
This must mean excellent plausible deniability.
18. What if encryption is illegal in my country?
I
used to suggest using TrueCrypt. But as the program discloses which
type of format was used, thus negating any claims of it being random,
it might be difficult to justify. Actually DCPP offers some (slight)
hope, if the MBR (Master Boot Record) of your drive is restored to
normal. Hope only because it does not disclose what it is. But if you
have a multi megabyte or worse gigabyte partition, it is not going to
sound very convincing if you claim it is random garbage. It will need
to be small, a few megabytes at most and at the end of a drive.
It
will have to be run off a floppy and you will still need to hide the
floppy effectively in the case of a search. I am sorry I cannot help
you here. It must be down to your own initiative.
19. Are there any other precautions I should take?
Make
copies of all your PGP keys, a text file of all your secret account
numbers and passwords and the other details for your E-gold accounts,
full details of your Virtual Debit Card account, copies of INI files
for critical programs, your anonymous Email account details plus
anything else that is so critical your life would be inconvenienced if
it were lost. All these details should now be stored in a folder called
"Safe" on your encrypted drive. A copy of this folder should be stored
on an encrypted CD, preferably within the hidden part of a TrueCrypt
container and stored off-site.
If
you are going to rely on any variation of the ploys suggested here,
then you should keep this Faq within your hidden encrypted drive.
You will need to take further precautions whilst you are online against threats from hackers and snoops.
20. What are these threats?
They are known as Tempest and Trojan attacks.
21. What is a Tempest attack?
Tempest
is an acronym for Transient ElectroMagnetic Pulse Emanation
Surveillance. This is the science of monitoring at a distance
electronic signals carried on wires or displayed on a monitor. Although
of only slight significance to the average user, it is of enormous
importance to serious cryptography snoopers. To minimize a tempest
attack you should screen all the cables between your computer and your
accessories, particularly your monitor. A flat screen (non CRT) monitor
offers a considerable reduction in radiated emissions and is
recommended.
22. What is a Trojan?
A
trojan (from the Greek Trojan Horse), is a background program that
monitors your key-strokes and then either copies them to a secret
folder for later recovery or sends them to a server when you next go
online. Sometimes referred to as spyware. This may be done without your
knowledge. Such a trojan may be secretly physically placed on your
computer or picked up on your travels on the Net. Perhaps sent by
someone hacking into your computer whilst you are online, or whilst
visiting a Website.
23. How do I do avoid these threats?
First
of all you must have a truly effective firewall. It is not sufficient
for a firewall to simply monitor downloaded data, but to also monitor
all attempts by programs within your computer that may try and send
data out. I suggest installing Zonealarm. This firewall very cleverly
makes an encrypted hash of each program to ensure that a re-named or
modified version of a previously acceptable program cannot squeeze
through and "phone home". Zonealarm version 6 also incorporates both
anti-virus and anti-spyware checking, making it an excellent choice.
That
is but the start. You also need a Web browser that does not leak
information, plus a method of passing data across your ISP's servers
strongly encrypted to prevent prying eyes from watching all that you do
on the Net.
24. I use the Net for Web browsing, Usenet and Email, am I safe?
Whilst
you are online anyone could be monitoring your connection. They do not
need access to your computer to do this. They need only have access to
your ISP. To minimize these risks you must encrypt the data passing
across your ISP's servers.
My
suggestion is to use a combination of several programs. Each is easily
set up (see Part 2). Between them you will be secure and anonymous. The
best news, all these programs are free and open source!
25. Which programs do you recommend?
You
need four main programs besides the news client such as Agent (my
favorite) and the Web browser such as FireFox (again my favorite) and
the Email client such as Quicksilver, (yes, another favorite).
Quicksilver
will ensure that only text is displayed; all HTML is banished. This is
important because it prevents you being caught by Email marketeers and
perhaps snoops and hackers that use linked graphic files as a means of
tracking "live" Email addresses.
You
can still receive HTML and attachments with Quicksilver, it just
protects you by putting them into a separate folder, where you can view
them at your leisure when offline.
Other programs are: Stunnel, Freecap, Privoxy and Tor.
They
are all very easy to use and really can be setup by a newbie if you
follow the setup instructions I offer in Part 2. They are totally
transparent to the user. Once setup there is no maintenance or
searching for proxies, etc. It is all done in the background with no
further unput required from you.
26. Tell me more about these programs?
Stunnel encrypts the data between you and your news server and is very simple to use.
Freecap is also easy to setup and acts as the bridge between Stunnel and Tor.
Tor
is a connection-based low-latency (meaning fast) anonymous
communication system that protects TCP (Transmission Control Protocol)
streams for Usenet, web browsing, instant messaging (IM), internet
relay chat (IRC), Secure Shell (SSH), etc.
In
basic language Tor is a socks server that accepts and encrypts data
from any program that is "socksified", meaning set up to communicate
with it.
Tor is a new
program and is still in Beta development mode. But it is still a fully
functioning Socks proxying system that offers the promise of great
anonymity and privacy. It is free and open source. It is supported by
the Electronic Freedom Foundation, a web based charity dedicated to
freedom of speech online.
Tor
will build automatically and transparently to the client (you) an
anonymous and encrypted route across the Net. It uses multiple layers
of encryption, each node only knowing the previous and next node, so
with several nodes your data becomes anonymized. The principle is like
an onion with many layers of encryption and anonymity. Thus it is
called onion routing.
Remember,
the data is encrypted both by Tor which uses TLS (Transport Layer
Security) and by Stunnel which uses SSL (Secure Socket Layer) as it
leaves your desktop through your ISP and on into the Tor network. Where
it exists the Tor network it continues onwards as SSL encrypted data on
its way to the news server or wherever.
For Web browsing we need Privoxy. This again acts as a bridge between your browser and Tor.
A
web proxy is a service, based on a software such as Privoxy, that
clients (i.e. browsers) can use instead of connecting directly to the
web servers on the Internet. The clients then ask the proxy to fetch
the objects they need (web pages, images, movies etc) on their behalf,
and when the proxy has done so, it hands the results back to the
client.
There are many
reasons to use web proxies, such as firewalling (security), caching
(efficiency) and others, and there are just as many different proxies
to accommodate those needs.
Privoxy
is a proxy that is solely focused on privacy protection and junk
elimination. Sitting between your browser and the Internet, it is in a
perfect position to filter outbound personal information that your
browser is leaking, as well as inbound junk. It uses a variety of
techniques to do this, all of which are under your control via the
various configuration files and options.
Privoxy
will bridge the connection between your browser and Tor the Socks proxy
host. It will minimize pop up ads, etc. But its main advantage is it
will help prevent information leakage from your desktop to any third
party trying to sniff your data. Used in conjunction with Tor it
ensures all your Web browsing is totally anonymous.
There
is no need to close Privoxy if you wish to use your news client or
whatever. These programs are totally transparent to you once they are
running.
Full setup instructions for these programs are offered in Part 2.
27. Is the data encrypted after it leaves the remote server and Tor?
Yes,
providing you are using Stunnel. The only precaution you must take to
ensure both privacy and anonymity, is to use Stunnel in combination
with FreeCap, which ensurres it routes all data over the Tor network.
It is possible to use Stunnel alone, but not recommended.
28. How do I subscribe anonymously to a news provider?
In this Faq I offer more choice. You can send cash, a postal order or use a prepaid Debit Card.
There
are now at least 4 news servers offering SSL (Stunnel) encrypted
connections through port 563. These are: Easynews, Newscene, Octanews,
and Meganetnews. Thus I strongly advocate you choose one of these four.
It costs no more to enjoy this extra level of security, so why accept
anything less?
There are also remailers that accept an SSL encrypted connection, which significantly improves your Email security.
Privacy.Li
will act as a sign-up proxy, meaning they will sign you up anonymously
to your choice of news provider, or indeed any other service you wish.
They accept many types of payment, including cash and E-Gold. They have
their own news service, but do not offer an SSL connection, but as it
is only accessed via their SSH connection and Tor, it should be very
safe. To maximize your security, you must sign up anonymously and only
ever access their servers via Tor. This hides your IP address from
Privacy.Li.
E-Gold is
not intended to be anonymous, unless you take steps to ensure it is. By
signing up using your choice of discrete details and (most importantly)
on first access immediately disabling the security protocols which
sense your IP address. With anonymous access from different IP
addresses using Tor, it is very important to do this or you will find
your account access blocked. I recommend opening a second E-Gold
account and transfering funds from the first into the second on an as
needed basis. Any spending of your E-Gold should then only be done from
the second account. This doubles the difficulty for anyone trying to do
a backtrace. Obviously the accounts should not share any information.
Meaning different bogus names, addresses, passphrases, etc.
29. How do I create a secure/anonymous Email account with Quicksilver?
Previously
I have recommended creating a Nym using one of the remailers. Because
of the huge amounts of spam I was receiving, I have had to revise my
recommendation about this. I now recommend opening a simple POP3
account with one of the many sites offering a free Email service.
Provided you only ever access them via Quicksilver and Tor, you should
be safe.
One example of this is Hotpop. There are many others. Take a look here:
http://www.emailaddresses.com/email_pop.htm
All
these are only soft anonymous, but they can all be hardened by using
Quicksilver and ensuring it routes only through Tor. You could use
Hotpop as your Email incoming POP3 account and send or post through Tor
and the Mixmaster remailer network.
Both
Hotmail and Hushmail (and the latest version of Yahoo) insist on you
having both Java and Javascript enabled before they allow you to open
an account. This is unacceptable to me. I would never recommend using
any Email service with such a requirement. Explanations follow in Part
2.
30. Can you briefly summarise all the above?
You
need PGP and Quicksilver for your Email and DCPP and/or Truecrypt for
encryption of your hard drive. These recommended programs should help
you achieve a very high level of plausible deniability and privacy.
You will need other programs to ensure you are anonymous whilst online.
You
need to be anonymous online for both browsing and whilst subscribing to
any Web services. For this you need at least one, but preferably two
E-Gold accounts and a pre-paid Debit Card. You must only access your
email POP3 accounts using Quicksilver and Tor.
Part 2
31. How do I achieve maximum plausible deniability?
You
must have two separate bootable drives. Drive C is your regular drive,
it should not be encrypted. Your second bootable Drive D is the one we
shall concentrate on. I recommend leaving Drive C as your regular
plaintext drive for ordinary usage. But there is good reason to have
these programs also installed onto your Drive C.
To
achieve dual boot with your Drive C as the default, you will need to
re-install Windows onto firstly your Drive D and then again onto your
Drive C. This is because Windows always makes the last install the
default. Alternatively, you can modify your boot.ini file, provided you
know what you are doing.
I recommend re-formatting both drives. Obviously you should backup essential programs and data before you do this.
It
should be possible to boot into either Drive C or D after you have
created a dual boot system and at this point without any passphrases.
You
should then do everything from within the second Drive, D; meaning you
first install Boot Authentication and immediately create an ER
(Emergency Repair) disk. Choose the screen option with the Dos tools,
just in case of future problems.
Then check by booting into both drives (now needing the passphrase of course).
You
should then boot into D and encrypt D. At this stage you will still
need to start DCPP from within Drive D to do this. Then immediately
after encryption is completed, update your ER disk before re-booting.
Now
re-boot into Drive D and again start DCPP from within Windows. You must
now create a new keystore and key using your ultra secret passphrase.
It is very important that this new keystore and key is stored only on a
floppy. Now you can clone your encrypted drive.
You
should then check you can still boot into the first (original)
encrypted drive on D. If this is successful, close down and re-boot
into your D drive using the ER disk (to test it) using your most secret
second passphrase. This should now boot into the hidden OS. You should
once again open DCPP from within Windows and using your secret key and
passphrase you can now encrypt this hidden OS using your most secret
key.
Before re-booting
ensure you update both ER disks. You can also create an image file to
create a bootable CD using a suitable CD burning software. This is
identical in usage as an ER floppy.
You
must now remove Boot Authentication off your desktop. One easy way is
to use the Tools facility on your ER disk. Just follow the onscreen
instructions. They do sound very ominous about being sure you know what
you are doing, etc. Just say Ok or YES and revert to the original MBR
(Master Boot Record). Do not worry, you will still be able to access
your encrypted secret drive by using either of the ER disks. But
henceforth this will be your only means of access.
Obviously you must not attempt to update your ER disk after doing this!
32. So far, so good. What now?
When
booting you can simply boot immediately into your plaintext Drive C or
by using the ER disk, input either passphrase and boot into either the
honeypot encrypted drive or your hidden operating system drive.
Clever, very clever. Superb plausible deniability. Or is it?
What
happens when an attacker finds that the dates of all the files in the
first encrypted partition have never been opened perhaps for months?
My
justification for this scenario is that Drive D is an encrypted backup
of my Drive C. It is encrypted to minimize the risk of it being
corrupted should my computer catch a virus. When dismounted (closed),
my encrypted drive will be shown by Windows to be unformatted. As such,
Windows will not normally write to it. Thus it offers a layer of
security that should I lose all of my Drive C, I can recover by booting
into my encrypted Drive D. I am not going to argue the fine print here.
This is my justification for having encrypted my Drive D. If there are
viruses which can cause Windows to format Drive D, so what? I will
argue I am ignorant of such things.
If
doubts are raised they are impossible to prove without correctly
guessing your second passphrase. Even if your attacker convinces you he
knows DCPP offers the possibility of a hidden partition there is a
plausible defence.
Note:
It is not a good idea to simply copy your Drive C installation to your
Drive D, because all the registry entries will refer programs back to
your plaintext drive C, thus undermining all your efforts at security.
Far better to do two independent installs. There are ways around this,
using software that forces Windows to give your drives specific drive
letters. But do this only if you know what you are about.
33. Is it as straight forward as this?
Not quite. After creating the first encrypted partition on your second hard drive you have to avoid a couple of slight bugs.
First
of all it is essential to ensure the data are compacted to the front of
your D drive. The easiest way I have found of doing this is prior to
doing any encryption is to use Windows' backup tool to copy all the
data on Drive D to another drive, perhaps a folder on your Drive C.
Then do a quick re-format of Drive D (or delete everything but a quick
format is so much faster). Now using Windows, restore all back to Drive
D. Easy. You should find all your data is now compacted to the front of
the drive which will allow you to easily create the hidden OS later on.
However, another little
bug raised its head when I tried again to get it to clone. I found that
the password input screen DCPP displayed before it would clone only
allowed a shorter passphrase to be input. There is no error as such,
just that DCPP tells you it has found the keystore but cannot open it
because either it is corrupt or it is the wrong passphrase. As long as
this bug remains, it offers you the chance of further plausible
deniability. The second bug sets a limit on the length of your seceond
most secret passphrase of about 21 characters.
The easiest work around is to use a shorter passphrase to clone and to change it to a longer one before encrypting the clone.
Note
1: I would strongly urge you not to store this second keystore on your
honeypot encrypted drive. I suggest creating and storing it on a
floppy. Later, after cloning, encrypting and updating your ER floppies,
you should completely destroy this floppy. This ensures this critical
keystore was never written to your honeypot drive.
Note
2: There is no requirement to keep a copy of this keyfile. If at any
future date you wish to decrypt this clone or the original you can use
the ER disk recovery tools to do so.
The finding of a second keystore on your honeypot drive will totally destroy any attempt at plausible deniability. Or will it?
Not
necessarily. You could create a false keystore, one with a very long
(and different) passphrase and most importantly, one with a different
key to suggest you have been attempting to create a hidden drive but
without success. You can prove this is feasible by demonstrating this
keyfile cannot create a hidden operating system (naturally, only after
you have already proven this to yourself with this particular keyfile).
Ostensibly you have no idea why DCPP refuses to cooperate, but the
passphrase opens the keystore, proving it is correct. This is vital.
That is superb plausible deniability.
34. Any other precautions?
It
is absolutely essential that no further data are added to your honeypot
drive at the risk of destroying altogether your hidden drive. This is
no idle threat. To (slightly) help in this regard, when about to clone
the operating system, you are offered a choice of spacing between the
two partitions, input at least 500 megabytes or more for this gap
space.
I would
recommend that you initially test out both passphrases. But use your
honeypot passphrase just once to test it works. Never again use it.
Windows is a very pro-active operating system and it will do things you
may not be expecting. Things such as automatic backing up of the
registry, defragging, etc. Everyone must have noticed how their drive
can sometimes be very active when they are not doing anything. This is
Windows doing its thing. So mount once to test, then forget all about
it. But do not forget the honeypot passphrase, it may be your
credibility lifeline.
35. Any more hints about this system?
Another
option that you should consider is disabling your C: drive from within
your Hidden OS drive. To do this open Control Panel > System >
Hardware > Device Manager > Click on Disk Drives to expand and
select the drive you wish to disable. This will have the effect of
hiding your Drive C when you are in your hidden encrypted drive, thus
minimizing the risk of Windows writing anything to your plaintext Drive
C. It also helps to minimize the risk of you saving or installing
something to your Drive C accidentally.
Note
1: the devices are shown using their boot identification, not as drives
C, D, etc. You must check by looking in your boot configuration to
correctly identify these entities.
Note
2: This action will only be implemented when booting into the drive
from which it is setup. By doing it from within your hidden OS you
ensure you can still boot into Drive C normally.
Note
3: You could do this from within your Drive C to hide your encrypted
drive. But it will not fool a forensics expert for one moment, thus it
foolishly red flags what should not be of any concern.
36. What programs do I need and where do I get them?
There are seven programs recommended for security and anonymity:
DCPP, PGP, TrueCrypt, Stunnel, FreeCap, Privoxy and Tor.
And three others recommended for Email, Usenet and Web browsing: Quicksilver, Agent and FireFox.
In
all cases where there is a choice of download, ensure you download the
version that is compliant with your operating system, e.g. Windows XP
or whatever.
Get them here:
PGP: http://www.panta-rhei.dyndns.org/downloads/PGP/pgp658ckt08.zip
TrueCrypt: http://www.truecrypt.org/
Stunnel is used for NNTP secure connections to your news provider.
Stunnel: http://www.stunnel.org/download/binaries.html
Stunnel requires the executable file plus 2 others.
stunnel-4.05.exe stunnel-4.05.exe.asc (digital signature file optional but recommended)
OpenSSL Libraries (required files). These are put in the same folder as Stunnel:
libssl32.dll libeay32.dll
libssl32.dll.asc (optional) libeay32.dll.asc (optional)
FreeCap: http://www.freecap.ru/eng/?p=index
Privoxy: http://www.privoxy.org/
Tor: http://tor.freehaven.net/
Not essential, but strongly recommended:
Agent: http://www.forteinc.com/main/homepage.php
FireFox: http://www.mozilla.org/products/firefox/
Quicksilver: http://www.quicksilvermail.net/
Note: There are later versions of PGP. Ignore them. They are closed source.
37. Where do I put these files?
PGP
should be installed onto your hidden operating system. It may offer to
install onto your Drive C. Avoid that unless you want to deliberately
offer a sanitised version on your Drive C.
Actually
there is good reason to install all of the above onto your Drive C.
This may sound alarming, but consider, their presence might be deduced
if any snoop has been monitoring your ISP data. It will always pass
across as encrypted data. If an examination of your hard drive were to
reveal the absence of such programs, how do you show how you were doing
it? The presence of these programs is not illegal at all. On the
contrary, there are very good and sensible reasons why you want to
avoid both spam and having your privacy invaded. In fact, I go further
and install Tor as a server. This is easy with the latest version. Just
click on server after install - that's it. More about this later on.
For
the other files, create a new folder called Proxy. Open Proxy and
create the following sub-folders: FreeCap, Stunnel, Privoxy, Tor
Install
by copying all of the downloaded files into their respective folders.
Ensure the library files for Stunnel are in the same sub-folder. The
latest version of Tor now includes a Windows install.
Each program can then have shortcuts made and placed on your desktop, or wherever you choose if different.
38. How do I configure Privoxy?
Privoxy is used for HTTP secure connections to the Web. It works in conjunction with Tor. It is not used for Usenet or Email.
The
config.txt file looks daunting, but you just remove # from the
beginning of any line to make that line active. The only change you
must make is to ensure Privoxy routes through the Tor network. To
ensure this, scroll down to section 5.2 in config.txt
Copy and paste the following line exactly as shown, into section 5.2:
forward-socks4a / 127.0.0.1:9050 .
The
spacing and the period at the end are important. You should leave the
other lines alone unless you know what you are about.
The
above is mandatory, but optionally and strongly recommended once you
have succeeded in getting privoxy working properly, is to stop it
logging your actions. Do this by commenting out (using # at the start
of the line) "logfile privoxy.log" and "jarfile jar.log".
By default it will run on startup and minimize to the task bar.
39. How do I configure Stunnel?
Stunnel is required for an NNTPS, meaning secure, connection to Usenet.
Copy and paste all of the following in Notepad and save it in the Stunnel folder, name the file stunnel.conf:
#Stunnel
client configuration file # client = yes options = ALL RNDbytes = 2048
RNDfile = bananarand.bin RNDoverwrite = yes # #[Meganetnews_NNTPS]
#accept = 119 #connect = news.meganetnews.com:563 #delay = no # [nntps]
accept = 119 connect = secure.news.easynews.com:563 delay = no #
#[nntps] #accept = 119 #connect = news.x-privat.org:563 #delay = no #
#[Octanews_NNTPS] #accept = 119 #connect = snews.octanews.com:563
#delay = no # #[putty_nntps] #accept = 119 #connect = 127.0.0.1:563
#delay = no # # End of config file
Remove
the # from the beginning of any bunch of lines you wish to make active.
The above is setup to optionally allow (When the # is removed) routing
through several news providers using a secure SSL connection.
Note the lines:
[putty_nntps] accept = 119 connect = 127.0.0.1:563 delay = no
This is an option to route your Usenet connection through a SSH (Secure Shell) host server using Putty.
This option is strongly recommended for Usenet posting when used together with Tor for maximum anonymity and security.
The
file (stunnel.conf) does not exist until you create it. Stunnel cannot
work without its presence. You will just get some server error. This
might happen if you or Windows names it incorrectly.
You
may need to get Explorer to show extensions to known file types,
otherwise Windows may save the file as stunnel.conf.txt. If you are not
sure, go to Tools > Folder Options > View > uncheck "Hide
extensions to known file types". Click on Ok.
Note:
In the previous Faq I had shown a long list of various remailers. I
have omitted them all from the above config file as the latest
Quicksilver allows direct connections into Tor and thence on to the
remailer network. This means it is easier and quicker to send and
receive mail using Quicksilver and Tor.
If
you want options I suggest creating several folders called Stunnel 1,
Stunnel 2, etc and copy Stunnel.exe plus the two library files and
stunnel.conf into each. Now make active different combinations of the
above in each folder. Ensure that only one option is active in each
stunnel.conf file or you may get conflicts and problems. Create
shortcuts to each stunnel.exe and copy to your desktop (renaming as
necessary).
40. How do I configure FreeCap?
Go
> File > Settings > Proxy Settings > Default Proxy. Type
127.0.0.1 into the server window and 9050 into Port. Click OK. Under
Protocol ensure SOCKS v5 is checked.
With
the program back at the opening screen, drag and drop the Stunnel
shortcuts into the FreeCap window. You will immediately see the Stunnel
icons position themselves along the top of the screen. As each is
loaded, re-name it to easily distinguish it from the others. Do this by
right-clicking on an icon and selecting Modify. Change the name on the
top line to something self-descriptive, such as Easynews or Putty or
whatever.
You have now
socksified Stunnel. That is all it takes. Whenever you run Stunnel you
must start it by clicking on one of the icons from within FreeCap,
which obviously means first starting Freecap. Stunnel secures the
programs and by socksifying it with Freecap, ensures all data is routed
over the Tor network. Just minimize Freecap after starting Stunnel. To
close Stunnel, right click on its icon on the taskbar and select Exit.
Note:
Some may experience problems with FreeCap. If you do, an excellent,
free for non-commercial use alternative, (but not open source) is
SocksCap. It is here:
http://www.socks.permeo.com/Download/SocksCapDownload/index.asp
41. How do I configure Tor?
Nothing
to do. Just click on its shortcut and watch the screen. Wait a minute
for it to create its onion route across the Net. Once this is enabled
it will display, "Tor has successfully opened a circuit. Looks like its
working."
minimize (not close) the program and that is it for Tor.
The
latest version comes bundled with Vidalia, a Windows installer. This
now shows all sorts of goody information, such as a World view of the
Tor servers and network in actual usage. It is very easy to make your
system a server on the Tor network. Do not be alarmed. This is
perfectly innocent. All data passing through will be encrypted. It
helps to explain your operation. You are a firm believer in freedom of
speech and the rights of freedom. This is your way to express your
rights.
Note: I
recommend checking back regularly for the latest version of Tor as it
seems to be changing very frequently. Older versions may cause problems
of incompatibility or other minor glitches. I also recommend you take
the bother of reading at least the basics of how Tor works.
42. How do I configure my Browser?
To
ensure your browser chooses to route through Tor you must now go to its
Proxy settings Window. With FireFox this is > Tools > Options
> Connection Settings.
Input
127.0.0.1 into each line except Socks Host. Leave that line completely
clear. Input 8118 into the Port window for each line, but again leave
the Socks Host line clear. This is because Privoxy listens for
connections on port 8118 by default. Remember we have already
configured Privoxy with the line: "forward-socks4a / 127.0.0.1:9050 ."
This is telling Privoxy to pass on its connections to Tor which is
listening on Port 9050 by default.
Click
on > Tools > Options > Web Features and uncheck "Enable Java"
and "Enable Javascript". This is very important to ensure no remote
site can take control of your desktop and invade your privacy. I would
also disable "allow Web Sites to install software"
You
will find some Web sites will not now work correctly. This is the
penalty of ensuring you do not give away your private details to any
snooper who may be trying to sniff them.
43. How do I configure my news client?
You
must now configure your news client by inputting 127.0.0.1 into the
window which asks for your news server name. If you have never used a
proxy prior to this, go to the screen displaying "News Server". In
Agent 1.91 this will be Options > User and System Profile > User.
Enter 127.0.0.1 for the server name. Click OK. The port is set in the
Agent.ini file to 119, do not change that. Stunnel has already been
configured to listen on port 119 anyway and to forward through port
563. Yes, you could change this port, but only do so if you know what
you are about.
Note:
Stunnel can only be used with a news provider that offers a secure
(NNTPS) connection (by default on port 563). For other news providers
Stunnel is useless. For these less secure sites I suggest socksifying
Agent, by dragging and dropping the Agent shortcut into FreeCap. Not
nearly as secure, as your data will not be encrypted after it leaves
the Tor network on its way to the News provider. It costs no more to
subscribe to a secure news provider than it does to one that does not
offer an encrypted connection. So why choose anything less?
Each
of these four programs, Stunnel, FreeCap, Privoxy and Tor accepts
connections from either your Web browser, into Privoxy and on to Tor,
or from your News client into Stunnel, socksified by FreeCap and again
on to Tor. Many programs can be socksified, not just those mentioned.
The procedure is exactly the same, just drag and drop the shortcut of
the program to be socksified into Freecap.
44. How do I test these are all working?
Let's check the Web first.
Start Privoxy (which by default normally starts with Windows).
Open your browser and input: http://p.p/
You should see the Privoxy main page with the following:
"This is Privoxy 3.0.3 on localhost (127.0.0.1), port 8118, enabled."
If you see that, be assured you have accessd via Privoxy.
If you see "p.p. could not be found, please check the name and try again." You are definitely not accessing via Privoxy.
Go back through the above and check everything very carefully.
Note:
This is an internal test, not via the Web. It just proves that Privoxy
was invoked to display that page from its own folder, which you will
see displayed if you click on "View and change the current
configuration"
You will then see a clear display of all the configuration settings.
Do not change anything unless you have a backup file and know what you are doing.
Let's assume your Web browser is functioning as it should and you see the p.p. page displaying the confirmatory message.
You should now test your news reader client.
45. How do I test my news connection is anonymous?
Open FreeCap and click on the Stunnel icon in the FreeCap Window.
Without
opening Tor at this stage, start your news client. As a small
precaution ensure you are in an appropriate newsgroup and attempt to
download its headers. You should see connecting to 127.0.0.1 displayed
on the lower taskbar in Agent or wherever in the version you are using,
followed by error reported by Winsock driver. Good. This proves Stunnel
was attempting to connect to Tor which is offline of course, thus no
connection was possible.
Now
start Tor. Try again. Hopefully this time you will have more success
and it should connect to the news server and start downloading headers.
Note: It can sometimes
take a considerable time to connect when using the Tor network. This is
normal, but means patience is a virtue here.
Go
to a multimedia group and start to download a large file. While the
download is in progress, close Tor. You should see an immediate error
about connection to server closed unexpectedly. Good.
Re-start
Tor. Re-establish the connection with the server and start over. This
time close FreeCap. Notice the download will continue. Do not panic! It
is still accessing via Tor. Prove this for yourself by closing Tor and
notice the download again stops immediately and there is the same
Winsock error. However, do not normally close any of these programs
until you are ready to go offline. Always close the news reader first
to ensure no data is being accessed which might just possibly jump
across and appear in the clear.
The
usual way to open each of these programs is go online with your ISP.
Open Freecap, start Stunnel from within FreeCap. Open Tor, then last of
all open your news reader. Test the system from time to time to satisfy
yourself all is as it should be. Closing down is the reverse of this
procedure.
If you have
got this far, you have succeeded in creating a secure and truly
anonymous network connection for both your browser and your Usenet
posting/downloading.
Note:
It is imperative that Stunnel be started only from within FreeCap and
thus be socksified. Otherwise it will simply connect directly with your
news provider, bypassing the Tor proxy network. Certainly it is an
encrypted connection but totally useless from an anonymity point of
view. Your ISP will know exactly where you are connected. Your news
server could also log your ISP address!
46. What if no exit server exists on Tor with port 563 (or 119) enabled?
Unfortunately
this might very well happen occasionally. Because of abuse or over-use
(what is the difference?), admins are reluctant to open ports to
Usenet. Of course, if you are a server, you have this option. But be
aware, it might attract very heavy traffic through your computer as
others find it open. Alternatively, check the box to ensure you are
handling only traffic between Tor servers, in other words become a
middleman server.
If
you do experience a problem one alternative is to subscribe to a Secure
Shell (SSH) host, such as Cotse, Find.Not or Privacy.Li. There are
others. I have only had experience with Privacy.Li. Rarely had a
problem. Their servers seem very reliable. But using any of these
services will add overhead and therefore slow things up considerably.
Of course if all you want is to access the privacy groups you can configure your stunnel.conf file to include:
[BANANA_NNTPS_563] accept = 119 connect = tyrndfbdb2x6g3vg.onion:563 delay = no
This
is Banana's hidden service. Because it is a hidden service, it does not
rely on any Tor exit server having ports 119 or 563 enabled.
Note
that only a very few news groups, those concerned with privacy are
available through Banana. Panta offers a similar service, also with
just a few news groups. Both are useful for posting to news:alt.anonymous.messages
If you would prefer to subscribe to a Secure Shell host, then you need to use Putty as the SSH client.
Putty is here: http://www.tucows.com/preview/195286.html
You
will still need Stunnel to allow the NNTPS (encrypted) connection into
your news provider and FreeCap to act as a bridge between Stunnel and
Tor. Tor is the socks proxy that hides your true IP from the Secure
Shell host server. As Putty will channel everything through port 22,
you will have a lot more choice of exit servers with Tor.
See the above example stunnel.conf file.
The sequence is: Agent > Stunnel > Freecap > Tor > SSH server > news server (or wherever).
This
is the route to go for the strongest anonymity. It is especially
recommended for hard anonymous posting to Usenet. For lurking, the
requirements are not as critical and it is sufficient to just go Agent
> Stunnel > Freecap > Tor > news server.
Contrast that with the usual newby connection of Agent > news server, or worse, Outlook Express > server.
47. How do I configure Putty?
Open Putty. Load one of your SSH servers, but do not yet open the connection.
Go down left hand column to Proxy. Click on Socks5
Enter 127.0.0.1 into Proxy Hostname and 9050 into Port.
Click on Yes for "Do DNS name lookup at Proxy end."
Go down to Tunnels. Remove your existing news server which will be using port 119.
Input
563 for local port. Then input "secure.news.easynews.com:563" (or
whatever name your news provider has assigned you) in the destination
host box (without the quotes) and click on ADD.
Your entry will then look something like this:
L563 secure.news.easynews.com:563
Go back up to the opening screen in Putty and click on Save.
Note:
Despite suggesting Easynews in the above examples, I am not endorsing
them as a news server. I prefer Meganetnews these days.
48. Can I post binaries anonymously to Usenet with this system?
Absolutely.
If you choose to use Agent, it will always use your news provider as
the posting host. This is why I recommended you subscribe anonymously
to this news provider - see further down regarding anonymous
subscriptions.
If you
are into heavy posting then you should use Power Post or something
similar that allows you to choose whole folders of files for posting.
If
you use Quicksilver for posting to Usenet it will always use one of the
mail2news gateways. All data from your desktop is encrypted through to
the first remailer and then on through the Mixmaster remailers and onto
Usenet. The one and only down side is that the anonymous remailer
network does not readily accept large files, such as binaries. Do not
try and post as attachments, better to write it into the body of the
message, if possible. Agent does this by default, even when you use its
attachment feature.
To
post binaries, use Agent or Power Post or similar and post via your
socksified Stunnel and Tor via your SSH server using Putty.
A
warning: If you post illegal material, you may find your anonymous
account closed without warning and no possibility of any refund! Of
course no such opportunity exists when you channel through the remailer
network, which is precisely why so many choose to use it.
49. what about sending Email?
I
recommend Quicksilver. Quicksilver now supports a direct route through
to Tor, providing you specify it. To ensure this go > Tools > POP
Accounts > Proxy > input 127.0.0.1 in the Proxy Server window and
9050 in the Proxy Port window and choose 5 for Socks Level from the
drop down options. Obviously, you must also input your POP3 userid and
password in the POP Accounts section.
There
is no need to worry about socksifying it through Stunnel and FreeCap.
Here are sample templates for this. Just copy and paste them into a
Quicksilver template.
This one is for Usenet, name it Panta-news:
Fcc: outbox Tor: 127.0.0.1:9050,4a; nowhere.invalid; Host: panta-rhei.dyndns.org:2525 From: kwiktime < kwiktime@kwiktimemail.net> From: urnym.goes.here Chain: panta,*,*,*; copies=2 References: To: mail2news_nospam@anon.lcs.mit.edu,
Newsgroups: X-No-Archive: yes X-Hashcash: Subject:
...and this one is for Email, name it Panta-Email:
Fcc: outbox Tor: 127.0.0.1:9050,4a; nowhere.invalid; Host: panta-rhei.dyndns.org:2525 From: kwiktime < kwiktime@kwiktimemail.net> From: urnym.goes.here Chain: panta,*,*,*; copies=2 To: X-Hashcash: Subject:
Notice
that in both cases truly excellent anonymity is assured because in
addition to the anonymity offered by Tor, your messages are further
anonymized by passing across the Mixmaster remailer network. It should
be truly impossible for your ISP to be able to even discern that you
are posting or sending Emails. This is because you are not using your
ISP's SMTP server to sendmail or to post.
Hashcash
is a requirement for panta-rhei, banana and dizum. Without the Hashcash
token your message will be either randomnly sent to another remailer or
lost. To use Hashcash you must get the Hashcash zipped file from here: http://www.panta-rhei.dyndns.org/downloads/
Unzip
and install in a convenient folder. After installation go > Start
> Programs > Universal Hashcash Minter and copy or drag and drop
the shortcuts shown into your desktop, or wherever. Now all you need to
do is click on the shortcut to mint tokens, copy one of these tokens to
the clipboard so you can paste it into the header of your Quicksilver
template. Then delete that token from the list of availables.
Hashcash
is being forced on remailer admins to help minimize junk mail. Without
it, some might simply close. We all benefit from the remailer network
and this is the price we have to pay for this service.
To read more about Hashcash go here: http://www.hashcash.org/
A
further refinement when using Quicksilver is to ensure that when you
ask it to update the remailer listing, it always uses Tor. To ensure
this, on the Tool Bar go > Remailer Documents > Proxy > in
Proxy Host type 127.0.0.1 and Port 9050 and Socks Level 5.
50. Why is the remailer network so secure and anonymous?
Although
not perfect (nothing is), it does offer a level of anonymity well above
and beyond what simple anonymous services (such as Hotpop) offer. It
uses the Mixmaster remailers and has protocols to ensure your messages
are very difficult to trace and decrypt. Remember, by using Quicksilver
in the recommended way, you are not just using Mixmaster, but also
using the Tor network which then sends all data on to the Mixmaster
remailer service.
Mixmaster
is the type II remailer protocol and the most popular implementation of
it. Remailers provide protection against traffic analysis and allow
sending email anonymously or pseudonymously.
Mixmaster
consists of both client and server installations and is designed to run
on several operating systems including but not limited to *BSD, Linux
and Microsoft Windows. It does not use PGP, but RSAREF with its own
keys and key formats.
In
the above cases, this anonymity is further reinforced by using the Tor
network to anonymize you from the panta-rhei first remailer in the
Mixmaster network. Double anonymity - excellent.
On
the horizon is a new remailer system called Mixminion. It is available
now, but only as a beta service, so by all means experiment, but be
careful.
51. How do I receive Email with Quicksilver?
You
can set up Quicksilver to look for Emails on any POP server such as
Fastmail.fm or hotpop.com. All your mail is then recovered via the Tor
network which helps you remain anonymous.
Go
> Tools > POP Accounts > Proxy > 127.0.0.1 for Proxy
Server, 9050 for Port and Socks level 5. Ignore the two lower lines.
This will route your Email path through Tor. You can choose to ensure
that quicksilver only downloads PGP encrypted mail and to delete or
leave on the server. Very flexible.
52. What about P2P and IRC?
P2P
using eMule or whatever is very risky from a privacy view point, unless
you know what you are doing. I believe some have used it in conjunction
with Find.not, but you will have to do your own research about this. I
am sorry I cannot help as I have never tried it.
The Tor Website claims you can use Tor for IRC and IM, but again, I have never used Tor in this fashion myself.
53. How do I get access to the premium (paid for) services?
Apply
on their sites. But always access via Tor and ensure you subscribe
anonymously. The easiest way is by means of a prepaid Debit Card.
54. I want a Pre-paid Debit Car, how and where do I get one?
Go
here: http://www.money-around-the-world.com/ But only after you have
configured your browser to route via Tor - most important this!
They
will accept many forms of payment. E-Gold is my preferred way using two
different E-gold accounts back to back. Why? Because it is much more
difficult to do a back trace.
The
Debit Card is acceptable to many more web sites, especially news
providers, than E-gold. Note this card is solely for Net use. It is a
virtual card. You get Emailed the card details, you do not receive a
physical card through snail mail. Thus the name and address you supply
need only match the name and address you have used when creating your
second E-gold account. Naturally, this is the same address you must use
when using your card to subscribe to a Web site. But this name and
address is your choice! If in the United States, the Zip code must
match your choice of address. But so far as I can tell, that is the
only check that is made. Just take an address out of the phone book,
but change the name and street to something innocuous.
Of course the Email address you offer, must be accurate, secure and most importantly, anonymous.
55. Are there any disadvantages to this type of card?
Cost.
They charge you 50 US Dollars, plus 6 percent of the value you wish to
load into the card. At the end of the year, you need to re-apply for
another. It can only be used for Web purchases.
Its
truly big advantage is it can be purchased anonymously. No online
identity checks or credit checks and no need to offer a genuine postal
address.
But be certain to use an accurate and anonymous Email address.
56. What about funding my E-gold account?
This
can be a disadvantage if you choose a market maker unwisely. Some will
want to identify you as per the latest Government homeland security
bills. However, if you choose an Asian market maker, you can pay
directly into one of their branches with a fake identity. Remember this
is your initial E-gold account. The name you use must be different to
your second E-gold account. The second E-gold account receives its
funding by you transferring money from one account to another. To
E-gold it would seem as if you were sending money to someone else with
no connection with you. Always use Windows Washer between accessing
these accounts, to ensure there can be no connection between them by
E-gold's use of cookies.
57. What is so bad about MS Internet Explorer?
MSIE
is a dangerous program designed by MS to allow remote servers to access
your computer's registry. Although designed for use by MS to allow easy
updating of the Windows Operating System, this feature could be used by
any site to access your IP address, even your machine ID and your
personal Credit Card details or worse, far worse, your saved
passphrases. This can be done even if you have logged onto a site
through a chain of proxies. In other words Microsoft Internet Explorer
is an absolute no-no as far as anonymity is concerned.
Be
wary also of Windows Media Player. It creates a unique ID number in the
form of a 128-bit GUID (Globally Unique Identifier) which will uniquely
identify your computer to the world at large. It is stored in the
Windows Registry here:
HKEY_CURRENT_USER\Software\Microsoft\WindowsMedia\WMSDK\General\UniqueID
This
ID number can be retrieved by any web site through the use of
JavaScript. Hence the reason why it MUST be disabled. The ID number is
called a supercookie because it can be retrieved by any web site. This
supercookie can be retrieved by any site to track you and web sites can
share this information with each other, allowing them to create a
sophisticated profile about your Internet usage. Worse, cookie blockers
cannot block its use!
The
easy way to fix the problem is in Windows Media Player > Tools >
Options > Player. In the "Internet settings" section, uncheck the
box next to "Allow Internet sites to uniquely identify your Player."
Or
you can ensure that Windows Media Player is not enabled at all. To do
this go Start > Settings > Control Panel > Add/Remove Programs
> Set Program Acess and Defaults > Custom > clear the button
for both Real Player (another bad one) and Windows Media Player and
also clear the button where it says "Enable access to this player" for
both of them. I choose both of the above methods as I believe in belts
and braces when it comes to privacy.
58. Surely all this is totally over the top for the majority of users?
It
is certainly over the top for 99 per cent of users for 99 per cent of
the time. If, however, you are the one in a hundredth and you do not
much like the idea of being at risk for 1 per cent of the time, then
no, it is not over the top at all.
In
any case, using these tactics helps create smoke which in turn helps
protect those who really do need all the protection and security they
can get.
Remember this
Faq is intended to help many different people. Some may be living in
deprived conditions, in countries where human rights abuses are a daily
fact of life. Remember, there are far more undemocratic countries, than
democratic ones.
59. What about backing up my Data?
Create
another encrypted container using TrueCrypt on an external hard drive.
Open this partition and copy some innocuous data from your normal
plaintext drive. Now close this container and create a hidden
container, following the instructions in the documentation that comes
with TrueCrypt. Now copy all your secret data across into this secret
container.
Restoring is just as simple. Just open the secret container and copy into your DCPP partition.
60. Are there any other hints?
A
few items that may be of interest if you run Windows XP, although not
of any value as snoop protection. To make your system run faster do
this: Right-click on the Start menu button > Properties > Start
Menu > Classic Start menu > Customize > Advanced Start >
scroll down to "Show Small Icons in Start menu" and uncheck the box.
Click OK, again OK. Now right-click on your Desktop > Properties
> Appearance > effects. Uncheck everything. Click OK in the
Display Properties dialog and OK again. You have just got rid of much
of the Windows kludge. It will run faster and will seem more
enthusiastic about everything.
A
further small improvement in securing your hard drive is to disable
Write Behind Disk Cache, if allowed. My version of Windows XP Pro does
not now allow it. If yours does, do this: go > Start > Control
Panel > System > Hardware > Device Manager > Disk Drives -
show devices > open the appropriate disk > Policies > Uncheck
Enable write caching on the disk. Click OK, close the boxes. And that's
it!
Write behind disk
caching is just another kludge thing from Windows. Theoretically it
will speed things up, but at the cost of causing more program crashes
and certainly to reduce your security, so disable it.
Windows
Vista insists on NTFS files. Thus it is presently impossible to create
a hidden OS using Vista. I suspect Securstar are well aware of this and
are taking steps to work around this drawback.
...............................................................
That's it. I hope this Faq has been of some help to you.
I
am aware that this Faq has grown over the years and will seem very
daunting to someone new to the Net. My suggestion is to take it one
step at a time. Experiment with PGP. Generate a few keys, test them out
by sending Email to yourself. Only when you understand what you are
doing should you then go on to the next step. I would suggest this
might be by investing in a new hard drive and experiment with
encrypting it using DCPP. Once this has been successful, attempt to
clone it and then finally to encrypt your hidden OS within it.
Only
then should you try installing the files required for anonymity and
privacy. Again, take it one step at a time. Do not over-reach yourself.
Despite my attempts at
thoroughness, this Faq still falls woefully short of a truly
comprehenisve explanation of all that is required for true Net privacy
and anonymity. Hopefully individuals will take time to read and learn
more as they go along.
I
have received several Emails from individuals who tell me they have
encountered various problems trying to follow my Faq. Basically, it
appears that some machines just do not like DCPP. Dell is one such
brand. From what I have learnt, it seems impossible to create a hidden
drive. In some cases, not even on Drive C. However, some success was
achieved following my suggestion to use the ER disk to attempt to boot
into the hidden disk instead of relying on the disk's MBR (Master Boot
Record) after cloning. Do the same whenever you wish to boot into the
hidden drive. In another incidence it seemed beneficial to switch off
the machine altogether before attempting a re-boot. Yet another ploy
was to reduce the size of the DCPP drive to just below 30 Gigs. A
larger drive caused boot errors.
No idea what is going on, but if you are having similar problems, try one or more of these suggestions. They may help.
My key is on the key servers. This is my key fingerprint:
F463 7DCB C8BD 1924 F34B 8171 C958 C5BB
Remember,
anybody can call themselves by my Nic, but there can only be one key
fingerprint like the above - mine. It thus ensures you are reading a
Faq prepared by me and no one else.
Links to items specifically mentioned or recommended in the Faq:
DCPP: http://www.securstar.com
TrueCrypt: http://www.truecrypt.org/
Putty: http://www.tucows.com/preview/195286.html
or here:
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
Stunnel is used for NNTP secure connections to your news provider.
Stunnel requires the executive file plus 2 others.
Stunnel: http://www.stunnel.org/download/binaries.html
stunnel-4.05.exe stunnel-4.05.exe.asc (digital signature file optional but recommended)
OpenSSL Libraries (required files - scroll down the page:
libssl32.dll libeay32.dll
libssl32.dll.asc (optional) libeay32.dll.asc (optional)
Privoxy Home page: http://www.privoxy.org/
Tor: http://tor.freehaven.net/
Quicksilver: http://www.quicksilvermail.net/
Mixmaster:
(required by Quicksilver) can be downloaded after installing
Quicksilver, just go > Window > Update Wizard and follow the
onscreen steps
POP Email services: http://www.emailaddresses.com/email_pop.htm
Hashcash Zip file: http://www.panta-rhei.dyndns.org/downloads/
Hashcash site: http://www.hashcash.org/
Kremlin: http://kremlinencrypt.com/download.php
Wipeutil: http://short.stop.home.att.net/freesoft/filutil2.htm
Windows Washer is here: http://www.webroot.com
E-Gold: http://www.e-gold.com (CAUTION: Don't use anymore! Indicted in the US, no more privacy)
SupraGold: http://www.supragold.com
Virtual Debit Cards: http://www.money-around-the-world.com/
Privacy.Li: http://www.privacy.li
Agent: http://www.forteinc.com/main/homepage.php
Zonealarm: http://www.zonelabs.com/store/content/home.jsp
Other links that might be of interest:
UUDeview: http://www.fpx.de/fp/Software/UUDeview/
Jstrip: http://www.davidcrowell.com/
BLJoin: http://www.all4you.dk/FreewareWorld/links.php?id=8866
(Recommended to decode and join binary files)
SSL Proxy info: http://www.jestrix.net/tuts/sslsocks.html#intro
WinHex: http://www.winhex.com/winhex/order.html.
(Will show you what is on your hard drive)
ACDSee: http://www.acdsystems.com/english/products/acdsee/index
Thumbs Plus: http://www.cerious.com
VuePro: http://www.hamrick.com
News Providers: http://www.exit109.com/~jeremy/news/providers/
Freenet: http://freenet.sourceforge.net/
Nym remailers:
nym.alias.net, home page: //www.lcs.mit.edu/research/anonymous.html
Anon.efga.org, home page: http://anon.efga.org/
In case you need convincing:
http://www.gn.apc.org/duncan/stoa_cover.htm
Useful programs:
Partition Magic: http://www.powerquest.com/
FSRaid: http://www.fluidstudios.com/fsraid.html
HJSplit: http://www.freebyte.com/hjsplit/
Mastersplitter: http://www.tomasoft.com/mswin95.htm
PowerPost: http://www.cosmicwolf.com/
Quickpar: http://www.pbclements.co.uk/QuickPar/
SmartPar: http://www.smr-usenet.com/tutor/smartpar.shtml
WinAce: http://www.winace.com/
WinRAR: http://www.rararchiver.com/
YProxy: http://www.brawnylads.com/yproxy/
Media Player Classic: http://sourceforge.net/projects/guliverkli/
Some anonymity sites:
http://www.worldnet-news.com/software.htm
http://www.skuz.net/potatoware/index.html
http://www.skuz.net/potatoware/jbn/index.html
http://packetderm.cotse.com/
http://www.cotse.com/refs.htm
http://freeyellow.com/members3/fantan/pgp.html
http://www.all-nettools.com/privacy/
http://Privacy.net/
http://www.geocities.com/CapeCanaveral/3969/gotcha.html
http://www.junkbusters.com/ht/en/links.html
http://www.skuz.net/potatoware/privacy.txt
Other additional useful sites:
Beginner's Guide to PGP:
http://www.stack.nl/~galactus/remailers/bg2pgp.txt
PGP for beginners:
http://axion.physics.ubc.ca/pgp-begin.html#index
Faq for PGP Dummies: http://www.skuz.net/pgp4dummies/
The PGP Faq: http://www.cryptography.org/getpgp.txt
The SSH home page: http://www.ssh.com/products/ssh/
Anonymous Posting:
http://www.skuz.net/Thanatop/contents.htm
Anonymity Info: http://www.dnai.com/~wussery/pgp.html
Nym Creation:
http://www.stack.nl/~galactus/remailers/nym.html
General info:
http://www.stack.nl/~galactus/remailers/index-pgp.html
Revision 21.4
|
