email  |  collective  |  security  |  blogs  |  our manual

Boxy the Boxcutter!

A secure communication scenario for non-technical distributed individuals

There is an adage in computer security that security is a process, not a product. What this means for the duration of this document is that while I am going to present a solution to the problem of how to have secure communication I do so with the understanding that it is impossible. There is not -a- solution; there is a process that must be flexible and informed. In that light I will update this document and keep it in a shared, public place so that it is easily available.

I am going to separate this scenario into a couple of parts for ease of organization and troubleshooting.

Part 1: General Identity management
Part 2: How to communicate with individual people over email
Part 3: How to communicate with a group of people in a Web Forum context
Part 4: Having a personal or group security policy in 3 easy steps.
Part 5: A summary and an easy to follow flowchart of steps

Part 1 - Identity

You have an online identity (OI) that is related to the computer that you use to connect to the Internet and where you do it from. This identity is a value related to your IP Address and MAC Address.

The ways that this identity can be determined is two-fold, technical and legal. The technical methods involve having a machine somewhere in the network between you and someplace you have connected to on the Internet. More than likely the NSA has this capacity for most Internet traffic (although how they parse this into usable information is unknown), your ISP has access to this information and the server that hosts the site that you visit has access to this information.

How to obscure Online Identity (OI)

While OI is a mechanism by which you can be identified it is also not particularly easy to do so. There are two components to your OI (IP Address & MAC), one (IP) is very simple to get for anyone involved in your Internet traffic. Your ISP, the server you are visiting and all of the wire in between. Your MAC address, on the other hand, is hard to track down outside of your network because once your traffic has passed through an interface that itself has a MAC address, yours is discarded. Additionally the MAC address of the computer you sit at isn’t as important as the MAC address of the most public interface you have, which is the physical network connection your internal network has to the Internet. In most cases this will be the MAC address of the network connection of your DSL or Cable modem. This said both MAC addresses and IP address can be obscured (we will talk about why this is or is not useful practice at the end).

To obscure your MAC address

(we will cover two scenarios: Linux desktops and Windows OS (2000, XP, Vista)).

In Windows you can change your MAC address in the registry (Start - Run - regedit) or you can download an application like Macshift (http://devices.natetrue.com/macshift/) that will automate the process. In linux you can change your MAC address from the command line (ifconfig <interface (probably eth0)> hw <class> <address>) or you can use software like GNU MAC Changer (http://www.alobbs.com/modules.php?op=modload&name=macc&file=index).

There are several different approaches to the question of how to obscure your IP address but the one we will cover will be using TOR (https://www.torproject.org/) as your method to connect to the Internet (with a web browser). Obscuring IP address information is difficult because so many places have access to this information so obscuring IP isn't necessarily as simple as installing an application and continuing on your way. TOR, at its simplest, is a network that exists to protect privacy. It protects its users from traffic analysis done on the ISP or Public level. As a user surfing the web the way to use TOR to protect your privacy is as simple as these steps

  1. Use Firefox (!!!)
  2. Install the TOR Bundle (Tor, Torbutton Firefox plugin, & Polipo): https://www.torproject.org/torbrowser/
  3. Disable these plugins to Firefox (Flash, Java, ActiveX, Google toolbar, & RealPlayer) or install NoScript (http://noscript.net/)
  4. Read more about TOR and the things you can do with it like running an anonymous relay (http://www.torproject.org/docs/tor-doc-relay.html.en).

While these methods will allow you the ability to obscure OI the question you have to answer for yourself is "Why?" There is an argument that encrypting and obscuring traffic on the Internet is a Good Thing (TM) (here is more information on this topic: http://linsec.ca/Personal_Privacy_and_Encryption) but it isn't the point of this article. The point of this article is about choice. If an individual chooses to interact anonymously on the Internet then they should have the tools and knowledge so that they can, and then decide for themselves the circumstances when they should do so. That said, using the techniques outlined here are inconvenient. They will affect the performance of, in particular, your casual web surfing (TOR is notoriously sluggish). That being said most users of anonymizing software use it sparingly, when they are viewing politically or morally controversial subjects rather than in general. It is good practice to have (for instance) two browsers installed on your system. One with privacy features enabled and another for casual browsing.

Part 2: Email

The rest of this document will review a couple of specific situations. The first one will be the question of secure, private email. The question of anonymity of email is a larger question that we will touch on but that is beyond the scope of this document largely because there aren't simple solutions available.

The content of your email is another matter. Stated simply there are two ways for email to be transmitted from one person to another without other people looking in. One is for the mail to never actually "travel" anywhere (that is for the mail to never leave the mail server that it originates from) and for the connection between the reader of the email and the server itself to be encrypted. The second way is to use an external tool (like GPG) to encrypt your mail.

In the first scenario you would need a friendly email server with the following characteristics.

  1. It needs to be able to provide encryption for its webmail service
  2. It needs to NOT send email external to itself when emailing two local addresses
  3. Both the sender and recipient of the email need to be using the same server for sending and reading email
  4. The level of trust between the users and the server maintainer is critical in this situation as it is pretty much the only thing keeping the communications private.

This situation has the advantages of centralizing the technical responsibilities onto the person running the mail server (who should already be familiar with these procedures) and the disadvantage of being a "single point of failure" where the server could be a source of physical or digital attack.

In the second scenario you will follow these steps.

  1. Install Mozilla Thunderbird
  2. Install the plugin Enigmail
  3. Configure Enigmail (Here is the Quick Start Guide)
  4. Enact a secure home policy (more on this later)

This situation has the advantage of distributing the technical responsibilities (and emails) onto the users of encryption. It means a pre-existing email account can be used. There are several serious disadvantages. Both sides of an email exchange have to be encrypted (and physically protected), stay encrypted, and users systems cannot store passwords (or hints) for ease of use.

Part 3: Communication in public in private

The second situation: when you would like to have a persistent conversation with a select group of people using forum software packages available. This would be a distinct experience from, for instance, an email list because multiple threads of discussion can occur simultaneously rather than one stream of conversation. Think of this as the desire for anonymous parallel conversation.

Similar to the discussion about OI, persist communication suffers from a few problems. One, if the conversation is persistent then it is discoverable and "seizable" by hostile parties. Two, the server may be saving information (like log files) that can be used to gather information about its users (although obscuring OI would be effective here). Three, the server that hosts the conversation may be compromised by hostile parties. Four, the traffic between a web browser and a hosted piece of software can be unencrypted (seen in plain text by anyone watching it).

Reviewing these issues is a matter of context. Is the server where you hope to have communication trusted (run by a trusted, competent, transparent person or people?)? Is the software you hope to use trusted (written by trusted, competent, transparent people)? Does the server use encryption? How visible is the location where the server is (for instance does it host Pirate Bay or Indymedia)?

All of this said the simplest way to achieve this kind of service is with a Tor “hidden service.” This requires (yet again) a trusted server and a technical person who can set up a Tor hidden service. Tor also makes it possible for users to hide their locations while offering various kinds of services, such as web publishing or an instant messaging server. Using Tor "rendezvous points," other Tor users can connect to these hidden services, each without knowing the other's network identity. This hidden service functionality could allow Tor users to set up a website where people publish material without worrying about censorship. Nobody would be able to determine who was offering the site, and nobody who offered the site would know who was posting to it.

More information can be found here (http://www.torproject.org/docs/tor-hidden-service.html.en)

Part 4: Having a personal or group security policy in 3 easy steps.

In most business and government environments a lot of time and energy is spent enacting a series of security policies. Of particular interest to us are network security policies because they are a good reflection of the kinds of things we should pay attention to and perhaps practice. Here is a list of what a typical network security policy is concerned about

  1. Assets - Itemize what exists in your network and its value (to you and potential violator)
  2. Checklists - Securing computer systems can be boiled down to checklists (firewalls, Operating systems, IDS (intrusion detection systems), anti-virus, physical security, etc) but understanding these checklists takes technical acumen.
  3. Granularity - The best policies are simple and useful for specific scenarios. They are not complex and wide-ranging.

These concerns have some application for individuals and groups but the concentration on assets (usually this means intellectual property), has a different flavor than a concern with privacy. Here is an attempt at distilling what is useful about a corporate security policy into something that individuals and groups can use.

  1. What information are you sharing? Make a list of categories of information and rank them 1-5 (with 1 being the most important & private). If 90% of your communication is 5 is it reasonable to use 2056 bit encryption on an internal network with multiple 20 character passwords securing your access to this communication? It could be that the answer to this question for you is yes but perhaps this level of security will become neglected due to its inconvenience. This should be formalized and agreed to by all parties involved in communication.
  2. Have a technical person help you create checklists for your computing environment and explain how to keep your systems up to date.
  3. Don't create rules for yourself that you forget 5 minutes later. Become familiar enough with technology to use it for simple, defined tasks and then stop. Assume anything you do not understand is a security issue, because it probably is.

Part 5: Conclusion and lists

Part of the goal of this guide is to be a non-judgmental discussion about sharing information. This guide attempts to, by example, practice what it preaches. By being transparent about privacy concerns and a practice around privacy we believe we take personal responsibility for how we are observed in a surveillance society. While this short guide is not conclusive (by any stretch of the imagination) it will provide a series of tools and steps by which you can seriously consider using the Internet anonymously.

Starters

1) Use an Open & Free Operating System (We recommend an updated Ubuntu GNU/Linux) as all others have known privacy issues
2) Make a list of ways you communicate using the Internet

Email

1) Gain access to the operator of a privacy-friendly server OR
2) Learn how to use GPG, Thunderbird and Enigmail

Browsing

Install the Tor pack

Procedures

1) Create a security policy for yourself and whatever organizations you are a part of
2) Create a list of your computer environment and have your protections audited
3) Think about disaster scenarios. Plan for them.

Technical Jargon (incomplete)

IP Address - Provided to you by your ISP ( ISP - Internet Service Provider. A service you either pay for (at home) or borrow (from a neighbor's wireless connection, a library or cafe) MAC Address - An number associate with a network device (like a wireless or network card). This number is set by the manufacturer of the device (there is literally one number for each network device). There are technical ways to change your MAC address but they are advanced techniques.