Anonymous Blogging Project Overview
Presented by Adam Shostack
libertyblogs@gmail.com

Why IÕm Here
Free blogging speech under attack
China, Iran only most obvious
Tell you about a cool project
Get you thinking about the problems
Get you involved

Goal
The project is to review all available technologies and techniques and get the input of the best minds available to put together a plan for how we can achieve anonymous blogging.
The goal is to enable bloggers in Iran, China, (or anywhere) to blog with the least possible risk of being identified and jailed. The goal is 100% anonymity with 100% certainty.

Not Just Political
ÒInternational researchers now conclude that this is why the drug will no longer protect people in case of a worldwide bird flu epidemic. China's use of the drug amantadine, which violated international livestock guidelines, was widespread years before China acknowledged any infection of its poultry, according to pharmaceutical company executives and veterinarians.Ó
(WashPost, ÒBird Flu Drug Rendered UselessÓ
http://www.washingtonpost.com/wp-dyn/content/article/2005/06/17/AR2005061701214.html, via Dan GillmorÕs blog

Participant Overview
We have some excited techies, want more
WeÕd love some local experts who can help us understand how different governments act
WeÕd love to hear from folks on the verge of blogging who can help us understand tradeoffs...
...on our way to better and better tools

Big Issues
What do real attackers do?
What do real bloggers in nasty places want?
Technical issues, like
Client vs Clientless, Unintelligible vs. undetectable may be distracting
Is being seen concealing as bad as being seen dissenting?

Rough Project Plan
Figure out what to build
Technology **
Budget
Build & Operate
Improve

Rough Technology Plan
Tor
Wordpress
Adopt-a-blog
Other things over time**

Translation is Huge
Folks who want to blog are often not technical
Need to translate GUIs, CLIs and documentataion
EFF Blogging Guide
Zuckerman anonymous blogging guide

Research and Hacking Projects
Research
How do bloggers get in trouble?
Technical vs secret police vs blog analysis
Attacking Technology

Research Projects
How do various governments monitor the net?
The human rights groups need technical advice
Eg, Hotmail & X-Originating IP

Textual Analysis
Word choice, sentence structures, spelling errors
Things like sentence structures, or word choice, or even spelling errors
Very little research IÕm aware of
Academic or Hacking project

Textual Analysis
Primary Colors/Don Foster/Author Unknown
AmazonÕs Statistically Improbable Phrases
Bayes
Bad Guys Intelligence Agencies way ahead

Some Technical Challenges
How to catch bloggers using Tor:
Monitor your internet connections
Record Syn packets on Tor port, src and time
Note blog post publication time

Catching Tor-using Bloggers (2)
Correlate the two lists
Go to cyber cafes, check sign-in sheets
Harass blogger and innocent folks
How hard is this?

Catching Tor-using Bloggers (3)
Record flow length
Correlate flow length with blog post length

Tor Analysis
Estimate:
How many tor connections out of China per second?   100?  1000?
n% to blogging sites*
Alice posts weekly
* (Discover by operating a node)

Hacking Projects
Blog-post editor
Runs in a web browser
Pads all posts to fixed size
Internationalization friendly
Posts via Tor

Hacking Projects
Wordpress plugin for pooling
Accepts posts like WP today
Puts posts in a ÒpoolÓ which overflows sometimes.
Overflow posts get put on web
Pooling is what you really want when you think you want delay

Why Pooling?
Timing is (probably) vulnerable to normalization attacks
Pooling is vulnerable to active attacks
Making adversaries engage in active attacks is good.
Expensive
Revealing

Posting Is Not The Only Issue
Sites are often blocked for reading
Adopt-a-chinese blog mirroring project
rss2...
...email, ...sms, ...usenet,
..hax0rd photocopiers or laser printers

On HacktivismÕs Risks
What if random blocked sites started coming out of government printers?
Innocent folks would probably go to jail.
Repressive regimes are repressive
Do think creatively about ways to help
Consider the risks and who suffers

Thinking Creatively
Understand the real problems people have
People are going to jail, being tortured, denied medical care
Internet is about people communicating
want to help people do that

More Info
http://privateblogging.noreply.org/
Our Wiki
Passwords to keep out spammers, not you
Also http://wiki.circumvention.net/index.php/Anoniblog
http://i2p.net/mailman/listinfo/anonblog mail list (archived)
Blog posts at http://spiritofamerica.net/site/blog/
Email me, libertyblogs@gmail.com