Anonymous Blogging Project Overview |
Presented by Adam Shostack | |
libertyblogs@gmail.com |
Why IÕm Here |
Free blogging speech under attack | ||
China, Iran only most obvious | ||
Tell you about a cool project | ||
Get you thinking about the problems | ||
Get you involved |
Goal |
The project is to review all available technologies and techniques and get the input of the best minds available to put together a plan for how we can achieve anonymous blogging. | |
The goal is to enable bloggers in Iran, China, (or anywhere) to blog with the least possible risk of being identified and jailed. The goal is 100% anonymity with 100% certainty. |
Not Just Political |
ÒInternational researchers now conclude that this is why the drug will no longer protect people in case of a worldwide bird flu epidemic. China's use of the drug amantadine, which violated international livestock guidelines, was widespread years before China acknowledged any infection of its poultry, according to pharmaceutical company executives and veterinarians.Ó | |
(WashPost, ÒBird Flu Drug Rendered
UselessÓ http://www.washingtonpost.com/wp-dyn/content/article/2005/06/17/AR2005061701214.html, via Dan GillmorÕs blog |
Participant Overview |
We have some excited techies, want more | ||
WeÕd love some local experts who can help us understand how different governments act | ||
WeÕd love to hear from folks on the verge of blogging who can help us understand tradeoffs... | ||
...on our way to better and better tools |
Big Issues |
What do real attackers do? | ||
What do real bloggers in nasty places want? | ||
Technical issues, like | ||
Client vs Clientless, Unintelligible vs. undetectable may be distracting | ||
Is being seen concealing as bad as being seen dissenting? |
Rough Project Plan |
Figure out what to build | ||
Technology ** | ||
Budget | ||
Build & Operate | ||
Improve |
Rough Technology Plan |
Tor | |
Wordpress | |
Adopt-a-blog | |
Other things over time** |
Translation is Huge |
Folks who want to blog are often not technical | |
Need to translate GUIs, CLIs and documentataion | |
EFF Blogging Guide | |
Zuckerman anonymous blogging guide |
Research and Hacking Projects |
Research | ||
How do bloggers get in trouble? | ||
Technical vs secret police vs blog analysis | ||
Attacking Technology |
Research Projects |
How do various governments monitor the net? | ||
The human rights groups need technical advice | ||
Eg, Hotmail & X-Originating IP |
Textual Analysis |
Word choice, sentence structures, spelling errors | |
Things like sentence structures, or word choice, or even spelling errors | |
Very little research IÕm aware of | |
Academic or Hacking project |
Textual Analysis |
Primary Colors/Don Foster/Author Unknown | |
AmazonÕs Statistically Improbable Phrases | |
Bayes | |
Bad Guys Intelligence Agencies way ahead |
Some Technical Challenges |
How to catch bloggers using Tor: | ||
Monitor your internet connections | ||
Record Syn packets on Tor port, src and time | ||
Note blog post publication time |
Catching Tor-using Bloggers (2) |
Correlate the two lists | |
Go to cyber cafes, check sign-in sheets | |
Harass blogger and innocent folks | |
How hard is this? |
Catching Tor-using Bloggers (3) |
Record flow length | |
Correlate flow length with blog post length |
Tor Analysis |
Estimate: | ||
How many tor connections out of China per second? 100? 1000? | ||
n% to blogging sites* | ||
Alice posts weekly | ||
* (Discover by operating a node) |
Hacking Projects |
Blog-post editor | ||
Runs in a web browser | ||
Pads all posts to fixed size | ||
Internationalization friendly | ||
Posts via Tor |
Hacking Projects |
Wordpress plugin for pooling | ||
Accepts posts like WP today | ||
Puts posts in a ÒpoolÓ which overflows sometimes. | ||
Overflow posts get put on web | ||
Pooling is what you really want when you think you want delay |
Why Pooling? |
Timing is (probably) vulnerable to normalization attacks | ||
Pooling is vulnerable to active attacks | ||
Making adversaries engage in active attacks is good. | ||
Expensive | ||
Revealing |
Posting Is Not The Only Issue |
Sites are often blocked for reading | |||
Adopt-a-chinese blog mirroring project | |||
rss2... | |||
...email, ...sms, ...usenet, | |||
..hax0rd photocopiers or laser printers |
On HacktivismÕs Risks |
What if random blocked sites started coming out of government printers? | ||
Innocent folks would probably go to jail. | ||
Repressive regimes are repressive | ||
Do think creatively about ways to help | ||
Consider the risks and who suffers |
Thinking Creatively |
Understand the real problems people have | ||
People are going to jail, being tortured, denied medical care | ||
Internet is about people communicating | ||
want to help people do that |
More Info |
http://privateblogging.noreply.org/ | ||
Our Wiki | ||
Passwords to keep out spammers, not you | ||
Also http://wiki.circumvention.net/index.php/Anoniblog | ||
http://i2p.net/mailman/listinfo/anonblog mail list (archived) | ||
Blog posts at http://spiritofamerica.net/site/blog/ | ||
Email me, libertyblogs@gmail.com |