top
Indybay
Indybay
Indybay
Indybay
Indybay
Regions
Indybay Regions North Coast Central Valley North Bay East Bay South Bay San Francisco Peninsula Santa Cruz IMC - Independent Media Center for the Monterey Bay Area North Coast Central Valley North Bay East Bay South Bay San Francisco Peninsula Santa Cruz IMC - Independent Media Center for the Monterey Bay Area California United States International Americas Haiti Iraq Palestine Afghanistan
Topics
Newswire
Calendar
Features
From the Open-Publishing Calendar
From the Open-Publishing Newswire
Indybay Feature
Related Categories:
Italian Cops Attempt Infiltration of Indymedia Chat Server
by San Francisco Indymedia
Saturday Jul 21st, 2001 11:37 PM
A summary of the Italian cops attempted infiltration of the IMC IRC server.
During actions in Genoa against the G8, Italian authorities have repeatedly attempted to infiltrate an internet chat server used by the Indymedia network.<br><br>
IRC is an open internet standard which allows people to set up and communicate via "chat forums." Users can login with a nickname and talk back and forth in real time. Independent Media Center, an international network of indymedia journalists, has used IRC as an organizing tool for over a year, according to Espe, a member of the indymedia tech collective.<br><br>
Italian police have repeatedly tried to access this chat server, presumably to listen in on plans and coverage being provided by Independent Media Center. Indymedia, which is operating a media center in Genoa, has provided in-depth coverage of international and local protests in over 40 cities across the world.<br><br>
Italian police have logged onto the server under the nickname "crudelia". Indymedia tech collective members have remained vigilant, though. "We know their IP addresses and hostnames," says another anonymous tech collective member. "When we see them come on, we kick them off. Unfortunately, we are really busy during major actions and cannot spend all of our time monitoring police spies."<br><br>
Italian activists have grown to anticipate this police maneuver. IRC is often used throughout Italy as an organizing tool. The activists report that police often come onto their server, pretending to be fascists or extreme leftists advocating violence. Italian activists have assembled their own form of counter-intelligence, keeping track of hostnames and other clues which can help them identify cyber-cops.<br><br>
Indymedia tech collective members warn that IRC is never secure. "People can simply idle in chatrooms and log all the traffic within it," says Espe. However, snoops do not have to login or let anyone know they are there to listen in. "Conversations can be sniffed and logged," Espe continues, meaning that anyone can monitor IRC traffic secretly.<br><br>
Tonight, Italian police brutally attacked the independent media center in Italy, severely injuring more than 20 people and stealing mini-discs and video.
by cypheranarchist
Sunday Jul 22nd, 2001 12:27 AM
there is ssl irc available which encrypts all traffic but you probably know that already. it is hard to get everyone to be able to use it though and one unencrypted client ruins your security
by spud
Sunday Jul 22nd, 2001 2:41 AM
have you ever heard of Echolon? the U.S. listens to cell, email, radio etc......
by fivel (mattias [at] helikopter.nu)
Sunday Jul 22nd, 2001 5:32 AM
i duno how seriously we can take the threat of echolon..
anyone knows?
btw. i like to come in contact with a serious anarcho or sydicalist crack/hack/phreaking-group that has goals. just send me a mail.
by [K]
Sunday Jul 22nd, 2001 7:07 AM
seriously, thats how you should take echolon, and dont just think that this level of espionage is limited to digital communications. Evedence suggests that the technology is not only available but in full fuctioning use to monitor, seggregate and record all forms of communication.
by The Rodent
Sunday Jul 22nd, 2001 7:33 AM
ssl could be an option, but all chats on an IRC should be considered available for intercept. You should never publicly dicuss confidential information via IRC.

A better option would be an email server with all the appropriate clients equipped with strong public key encryption (such as pgp). Then the encrypted messages could be targeted to those who are supposed to actually be able to read the message, instead of everyone on the channel.

If a client is compromised, assume all local messages that have been encrypted up to that point are compromised. At that point, remove the key for that client from your "distribution list" and it's now out of the loop.

If the user has been properly trained, all correspondence on the local laptop will be stored in an encrypted, rather than a non-encrypted format. Even with possession of the Private key, the authorities would still have to hack the passphrase. Most likely that would take several weeks, long enough that most of that information would be useless...

The downside is it would take a while to encrypt 1000 outgoing emails, and it would require a bit of training for the users to use the equipment in a secure manner...
by A/C (bog@us)
Sunday Jul 22nd, 2001 7:55 AM
The Rodent (and everybody else): There _is_ a very promising _secure_ alternative to IRC - SILC. (And as The Rodent pointed out, IRC over SSL isn't perfect and not all the traffic is encrypted anyway.)

At the moment it can be quite buggy at times, though absolutely usable. Check it out at http://www.silcnet.org!
by guerillaman
Sunday Jul 22nd, 2001 8:38 AM
The environmental liberation front has some information on security which basically harkens back to the French resistance movement. Speak,in person, only to those you know and trust. Keep operating cells small. Speak only in secure areas away from personal spaces where bugs may crawl.(home,car,work,hangout etc.)No boasting,bragging or bull. Never talk to anyone else. If the FBI comes knocking tell them you will have your lawyer get in touch with them. Loose lips sink movements.
by aphrodite platoon (aphrodite_p [at] rfeedom.net)
Sunday Jul 22nd, 2001 9:13 AM
The best way to protect your privacy during communications seems combining advanced encryption with anonymity. All data traffic, not only from activists, can -and will- be watched and stored by powerful multinationals, clans and states. Even the best encryption only offers a delay against the intruders of your privacy. So we'll all need anonymizers as well. What's the use of deciphering heavy encrypted files if you don't know who wrote or received them? With the right privacy protection even IRC-chat can be really anonymous. So defend your freedom of speech, your freedom of religion and your freedom of gathering. Privacy is Sacred! I'm not going to promote a specific product, but you could take a look at http://www.anonymizer.com or at http://www.zeroknowledge.com.
by John
Sunday Jul 22nd, 2001 9:18 AM
Although I understand why we should try to encrypt everything we can from the prying eyes of Big Brother, I would suggest that we continue using unencrypted communications. The things that need to be encrypted are bomb plans, assasinations plans, murder plans, theft plans, etc, etc. But if we did those things what would make us different from the very police that snoop on IRC, or brake into the IMC at midnight? My opinion is that if we start encrypting and hiding things, then the state will only assume that we are planning violence.

Besides, 128-bit encryption has been broken in just a couple of hours, and cracking passwords wouldn't be too tough for people that know what they're doing. Windows passwords can be bypassed with little or no effort, and Unix passwords (most of 'em anyway) can be gotten after 24 hours of running a password cracker.
by Aphrodite Platoon (aphrodite_p [at] freedom.net)
Sunday Jul 22nd, 2001 9:19 AM
Sorry, this is the right addres
by Oliver
Sunday Jul 22nd, 2001 10:23 AM
1. U.S. NSA's Echelon is very real, and has been for sometime. See http://www.cryptome.org or even the ACLU's site. The question of assessing it as a risk is more complicated.

2. I agree with Rodent. Encryption is often worth it. It's the letters-vs.-postcards movement of the net. I would assume that van Eck freaking is complicated and expensive enough that the average person doesn't have to worry it. Generally, for the non-tech-savy like me, see
http://www.epic.org, http://www.eff.org, http://www.privacy.org, and http://www.cdt.org.

3. I generally use Safeweb (an anonymizer) to surf. I've had no probs accessing indymedia.org. But right now, i can't. I'm hear un-anonymous. I get this message when i try to use safeweb to go to indymedia:
--------------------------------------------------------------------------------

You have reached the web server running on the host ebe.abduction.org using a URL the server is not configured to respond to or by using a client that does not support HTTP/1.1 named virtual hosts.


--------------------------------------------------------------------------------
webmaster [at] abduction.org
------------------------

?
by Who knows - who cares?
Sunday Jul 22nd, 2001 10:49 AM
Anyone with the kind of dumb request like this is likely to be baiting the hook to catch fools.

Don't be caught.
by Who knows - who cares?
Sunday Jul 22nd, 2001 10:55 AM
Eschlon is NSA, etc. Don't forget Carnivore which is FBI and was secret until Earthlink sued about being required to put a sniffer that their NOC.
by Aphrodite Platoon (aphrodite_p [at] freedom.net)
Sunday Jul 22nd, 2001 11:21 AM
As far as the (often heard) arguments of John's "Cyber Cop" are concerned: defending privacy is at the basis of democracy. Where will we end if you give this up? Will you accept an electronic device being implanted to prevent people from walking in different directions? Will you give up voting anonymously? Did you consider what happens if there are large databases on every person out there? What happens if the powerful keep their secrets but the less powerful have no means to prevent their plans from leaking out prematurely? What if you can not trust the integrity of the communication with your doctor, lawyer, accountant, therapist, priest? And what if I send you a sealed envelope containing a letter with my inner most emotions, would you answer on a postcard containing a copy off my letter?
I certainly won't accept that and you can not make me look bad for defending my right on anonymity either. I have the right to go out and get me my food and wine without being under surveillance and without having to legitimize myself in every shop or means of transportation. And if I want to speak my mind in public without risking repression you can not deny me this without offending democracy (freedom of speech, freedom of gathering) itself.
Digitalization from data made it possible to create and store enormous files on everyone. The only answer in regaining these most fundamental privacy rights can be found in serious digital privacy protection. And you cannot expect me to trust national governments to defend my privacy against these international and very powerful, often not even democratically controlled, organizations either. They are intentionally gathering data on all of us as well... .
So I repeat: Protect your Privacy. Without it there cannot be democracy or any other kind of civilization.
by Who knows - who cares?
Sunday Jul 22nd, 2001 11:27 AM
You make good and valid points, but there is one reason to think more about the issue.

The oppressors only have x amount of resources and the amount of them that are spent on wild goose chases means there are fewer to use in oppression of legitimate dissent.

So I would advocate an occassional encrypted e-mail about the migratory path of the Canadian Goose or the life of the Wild Hare for comic relief.

Laughter is the only thing that can get you through oppressive times so you might as well have some at the oppressor's expense.
by Anonymous Coward
Sunday Jul 22nd, 2001 11:32 AM
Encryption is the way to go. Van Eck devices only work with CRT monitors and analogue video cards, so either use a laptop or a *digital* flat panel LCD display. Web SSL authentication is OK, but 2048 bit PGP/GPG public key encryption is absolutely secure. The traditional UNIX crypt() call is quite insecure, as a previous poster wrote, however OpenBSD (http://www.openbsd.org) offers Blowfish password encryption. Most Linux distributions can be hacked to support this through various pam modules as well.

Here is what I recommend:

Use public PGP keyring servers (such as pgp.mit.edu) to upload public keys for names which do NOT associate to real email addresses. For each name you have a connection point to a cell leader or organizer. This way hierarchy is obfuscated while maintaining total anonymity of participants. Next, for each communication post the message on a random USENET newsgroup using a commonly known keyword (or PGP keyring name) PGP/GPG encrypted and signed at the highest bit setting. The proper recipient will need to know how to find the message among the huge noise of USENET, but once found he/she need only obtain the public key of the sender to decrypt with his/her private key.

The downside to this solution is that it's difficult to send out general orders to a group of recipients, but it will work wonderfully for one to one communication. The reason this is so secure is that it combines total authentication from PGP signatures to confirm that only the correct person sent the message with total authentication that only the correct recipient can decode the message. Combine this with posting the note across public forums that accept terabytes of new data weekly and you'll see that not even Echelon could find the needle in a haystack, nor could the NSA's computers crack and decrypt the message in time to take action.

I note that I DON'T support violence, having been involved with many non-violent peaceful protests. I don't want any black bloc associates thinking that by making this suggestion I support their actions. But this software is available in source and free specifically for these kinds of purposes. Use it.

Anonymous Coward
by Aphrodite_Platoon (aphrodite_p [at] freedom.net)
Sunday Jul 22nd, 2001 3:04 PM
Good point this "exhausting resources". Spying on people is probably as old as human history itself, and with enough brute force every encryption or anonymity can be broken, but it would demand the resources and commitment from a pretty big security agency to do so with the protection from the Canadian Goose or the Wild Hare (love this analogy!). They would have to reduce spying on normal citizens and limit their efforts to fighting "heavy crime", "national security risks" and each other. But the right protection goes further than an occasional highly secured e-mail and includes almost every digital move I make on the web. It's not a matter of "teasing the enemy" but one of defending against the biggest threat for civilization. In my opinion this privacy matter goes even beyond left- or rightwing politics as it's threatening for every citizen and monk equally.
by Kirk Steele (ksteele42 [at] yahoo.com)
Sunday Jul 22nd, 2001 4:10 PM
Could you quote the capture file of the IRC session in your article. Better yet, could you quote the session screen of the IRC administrator.

As an indy org, you veracity is the only currency you have. Punctuate your story by quoting your sources openly and directly.

Kirk
by anonymous
Sunday Jul 22nd, 2001 4:31 PM
SAFEWEB IS RUN BY THE CIA. PLEASE CHECK THIS OUT. SEARCH GOOGLE FOR SAFEWEB & CIA
by Randy (rmyers1951 [at] yahoo.com)
Sunday Jul 22nd, 2001 5:20 PM
I want to bring some special skills Monday 4:00 p.m. ...I need a ride from Arcata(275 mi north)to S>F>
by cryppie
Sunday Jul 22nd, 2001 7:04 PM
The Crypto Rights foundation works with human rights groups to help them set up secure communications. See http://www.cryptorights.org.
by raggedy ann (analytics [at] softhome.net)
Sunday Jul 22nd, 2001 8:31 PM
New Software Makes Surfing Anonymous
Oakland's Safeweb has CIA backing
Lance Gay / Scripps Howard News Service 20feb01
An Oakland software developer is offering a free Internet service to bring back the halcyon days of anonymous surfing, allowing Net users to evade Web bugs designed to spy on them and to get around programs that employers use to track what workers are doing online.

And guess who is helping finance the new generation of technology to keep your Web surfing secret from prying eyes? It's one of Washington's most secretive agencies, the CIA, which has a vested interest in seeing the Internet remain as anonymous as possible.

Jon Chun, president and cofounder of Safeweb, the Oakland software developer, said he was initially reluctant to allow the CIA to invest in his technology, but now believes the CIA connection will work to the company's benefit.

"It's a bit of holy water: If we can meet the standards of the CIA, we can sell our technology to government and business," Chun said. The company makes its money from licensing fees, but Chun said Safeweb will always be free to consumers.

With surveys finding that a quarter of Internet users are alarmed about their loss of privacy, Internet service providers could find that Safeweb will reassure customers about the safety of Internet surfing.

The technology can be used to hide from advertising companies that are tracking Internet users with cookies, Web bugs and pop up ads. With Safeweb (http://www.safeweb.com) as an intermediary site, advertisers will not be able to determine who is viewing their sites, track where they go afterward or monitor their Internet activity over time.

Safeweb also evades software that schools and libraries have installed on computers to limit Internet sites students can visit.

It also gets around snooping software that some employers have put on their networks to cut down on employee misuse of the Internet. Snooping systems record

only that the employee visited the Safeweb site, not what was done on the Internet afterward.

The Direct Marketing Association, representing the mass marketing industry, said technologies

like Safeweb can provide much tighter anonymity for Net surfers than any of the privacy bills being considered in Congress.

"We think you are looking at the situation where privacy on the Internet is going to be better provided by technological innovation," said Jerry Cerasale, the association's senior vice president for government operations.

He said direct marketers oppose legislation because they fear America's move to regulate the Internet would set a precedent for other countries to impose their own regulations, which could be far more restrictive.

Some foreign countries don't like the new technologies. Saudi Arabia last month blocked its citizens from using Safeweb's site to evade monitoring.

Chun said he is developing new software called Triangle Boy for use in Middle East and Asian countries that will defeat government-owned telephone monopolies and allow people in Iran, Iraq and China to log through proxy servers to get Voice of America and Radio Free Europe programs or send e-mail.

Triangle Boy works by spoofing the addresses, making censors believe the computers are just making a routine connection to another computer.

Safeweb's CIA funding came through In-Q-Tel, a Northern Virginia company created by the CIA in 1999 to encourage development of Internet technologies that the agency finds useful.

CIA Director George Tenet told the Senate Intelligence Committee last week that the agency wants to find new ways of exploiting the communication capabilities of the Internet while maintaining the CIA's traditional secrecy.

Chu said the CIA funding amounts to a small proportion of the $8 million the company raised, largely through New York venture capital firms. But the link between the company and the agency already has sparked a discussion on Internet chat groups, where some users say they won't use Safeweb because of the CIA issue.

by raggedy ann (analytics [at] softhome.net)
Sunday Jul 22nd, 2001 8:33 PM
#1:
New Software Makes Surfing Anonymous
Oakland's Safeweb has CIA backing
Lance Gay / Scripps Howard News Service 20feb01
An Oakland software developer is offering a free Internet service to bring back the halcyon days of anonymous surfing, allowing Net users to evade Web bugs designed to spy on them and to get around programs that employers use to track what workers are doing online.

And guess who is helping finance the new generation of technology to keep your Web surfing secret from prying eyes? It's one of Washington's most secretive agencies, the CIA, which has a vested interest in seeing the Internet remain as anonymous as possible.

Jon Chun, president and cofounder of Safeweb, the Oakland software developer, said he was initially reluctant to allow the CIA to invest in his technology, but now believes the CIA connection will work to the company's benefit.

"It's a bit of holy water: If we can meet the standards of the CIA, we can sell our technology to government and business," Chun said. The company makes its money from licensing fees, but Chun said Safeweb will always be free to consumers.

With surveys finding that a quarter of Internet users are alarmed about their loss of privacy, Internet service providers could find that Safeweb will reassure customers about the safety of Internet surfing.

The technology can be used to hide from advertising companies that are tracking Internet users with cookies, Web bugs and pop up ads. With Safeweb (http://www.safeweb.com) as an intermediary site, advertisers will not be able to determine who is viewing their sites, track where they go afterward or monitor their Internet activity over time.

Safeweb also evades software that schools and libraries have installed on computers to limit Internet sites students can visit.

It also gets around snooping software that some employers have put on their networks to cut down on employee misuse of the Internet. Snooping systems record

only that the employee visited the Safeweb site, not what was done on the Internet afterward.

The Direct Marketing Association, representing the mass marketing industry, said technologies

like Safeweb can provide much tighter anonymity for Net surfers than any of the privacy bills being considered in Congress.

"We think you are looking at the situation where privacy on the Internet is going to be better provided by technological innovation," said Jerry Cerasale, the association's senior vice president for government operations.

He said direct marketers oppose legislation because they fear America's move to regulate the Internet would set a precedent for other countries to impose their own regulations, which could be far more restrictive.

Some foreign countries don't like the new technologies. Saudi Arabia last month blocked its citizens from using Safeweb's site to evade monitoring.

Chun said he is developing new software called Triangle Boy for use in Middle East and Asian countries that will defeat government-owned telephone monopolies and allow people in Iran, Iraq and China to log through proxy servers to get Voice of America and Radio Free Europe programs or send e-mail.

Triangle Boy works by spoofing the addresses, making censors believe the computers are just making a routine connection to another computer.

Safeweb's CIA funding came through In-Q-Tel, a Northern Virginia company created by the CIA in 1999 to encourage development of Internet technologies that the agency finds useful.

CIA Director George Tenet told the Senate Intelligence Committee last week that the agency wants to find new ways of exploiting the communication capabilities of the Internet while maintaining the CIA's traditional secrecy.

Chu said the CIA funding amounts to a small proportion of the $8 million the company raised, largely through New York venture capital firms. But the link between the company and the agency already has sparked a discussion on Internet chat groups, where some users say they won't use Safeweb because of the CIA issue.


#2
Safeweb's 'Triangle Boy' Enters CIA Civil Service


E-Mail This Article

Printer-Friendly Version



By Robert MacMillan, Newsbytes
WASHINGTON, DC, U.S.A.,
16 Feb 2001, 12:02 PM CST



Anonymous Web browser company SafeWeb of Oakland, Calif., got more than just a box of candy hearts from the Central Intelligence Agency in time for Valentine's Day - it got a $1 million investment from the CIA's non-profit venture capital arm, as well as a commitment to use a customized version of SafeWeb's Triangle Boy software to surf the Web in anonymity.
Triangle Boy is a new SafeWeb product that allows CIA field agents and other employees in foreign countries to transmit information back to field offices or the McLean, Va., headquarters without "arousing suspicion" that they are using SafeWeb's own IP-disguising PrivacyMatrix product to cover their tracks, said SafeWeb President Stephen Hsu.

The CIA has contracted the use of Triangle Boy, which offers e-mail spoofing and other track-covering ways of making an anonymous Web browser and e-mail look like he or she is simply exchanging e-mail with a private user's computer - rather than the SafeWeb server which is actually handles the traffic and masks the true nature of the correspondence - for about $1 million for initial use.

SafeWeb also is building a general virtual private network for the CIA. Hsu noted that In-Q-Tel and the CIA do not have representation on SafeWeb's board of directors, however.

"Most CIA resources are foreign nationals. For that person to be able to transmit information back to the CIA but without arousing suspicion is very important to them," Hsu said. "What we allow them is... if they go to an Internet cafe or home, the browser actually has a strong encryption engine built in (and) our technology talks to that little engine and lets you access any Web site."

Web sites that the agents visit would try to determine who is checking them out, but only get the Internet protocol address of SafeWeb's servers.

"You could take one of our boxes and plug it in at The Washington Post, and any employee of the Washington Post could, from the road, or someone else's office, just use a browser to talk to the internal Web server at the Washington Post," Hsu said.

Hsu also noted that the Triangle Boy software - in essence a "lightweight packet reflector that forwards stuff to our server" - is something that could help Internet users take advantage of SafeWeb's PrivacyMatrix product, which allows for the anonymous Web browsing in a country like Saudi Arabia, which has banned PrivacyMatrix use.

The Saudi government "said, 'boom - we're going to cut all traffic to SafeWeb IP addresses," Hsu said.

"We knew this would eventually happen, so we designed (Triangle Boy)... (so that) anybody in Saudi Arabia who wants to access SafeWeb can type in an IP address... The little code makes the machine into a Cisco router and forwards all the packets to us," Hsu said. "Anybody who's monitoring him at the data center will think he's just exchanging packets with some other PC."

The company offers PrivacyMatrix to individual consumers for free, which is supported by the sale of banner ads. This, he said, is a relatively cheap strategy since even if few many ad impressions are generated, the only cost to SafeWeb for the consumer PrivacyMatrix use comes from bandwidth usage.

The main line of business for the company, he said, is strategic investments with agencies like the CIA, as well as financial institutions like credit card companies, and ISPs, all of which are finding an increasing need to offer their customers a suite of privacy and other services.

Hsu also said that banner ads are possible without compromising user privacy. The company uses an artificial intelligence engine only to analyze keywords for ads, but when those ads are sent out to a user's desktop, the engine recognizes no additional information about the user. What info is grabbed at that snapshot moment is not retained, he added.

SafeWeb also offers services such as eliminating Web pop-up boxes, and Web cookie disablers.

by disobey (support [at] aol.com)
Sunday Jul 22nd, 2001 8:51 PM
This has been bothering me for some time. I have been wanting to find out more about how to protect myself on the net. I need more links. I run a server as well and would like to know how I can protect myself. I chat on the IRC channel and I always just pretend that I'm talking to at least a couple of narcs.
by The way it works
Sunday Jul 22nd, 2001 8:58 PM
There are no fullproof ways of encryption.

It shouldn't matter, because we need to keep communication channels open so more people are informed not less. There is nothing that we are doing that is wrong.

KEEP UP WITH THE GREAT WORK!
by It works ok
Sunday Jul 22nd, 2001 9:14 PM
try ZoneAlarm Pro
by kazem (mezak [at] mail.com)
Sunday Jul 22nd, 2001 11:46 PM
this is what democracy means i capitalism! in other word dicatorship of higer class against lower. bourguasie condemn us marxist that we through "proletair dictaturship" don't belive in democracy. the people understand what that means! democracy in capitalasim is'n anything exept capitalistclass dictaorship against workerclass. we marxists are going to overthrow this procdur opposite.
in other word democracy to the workers and dicatorship against capitalism
by George Tenet
Monday Jul 23rd, 2001 12:23 AM
These articles about the so-called Safeweb company being funded by the CIA is scary shit.

I wouldn't be surprised if this company is nothing more than a CIA front organization designed to spread American Propaganda (i.e. the reference to Radio Free America, etc...) around the World, especially countries AmeriKKKA is hostile to (i.e. Iraq, Iran, and China).

What these CIA goons don't realize is that the Radio Free America crap is so comical in its propagandistic nature that no self-respecting citizen in these countries will pay attention to this shit anyway--other than as an mediocre example of America humor. Its kinda like watching CNN or FOX tabloid News.
by TheRodent
Monday Jul 23rd, 2001 4:10 AM
Although there are no fullproof ways of protecting your privacy, there are better and worse approaches. Most modern encyption algorythms are very strong. DES and RC5 have been cracked, but 3DES, Two-Fish, Blowfist, and AES are considered strong, and should last at least for a few years.

Make a habit of encrypting all communication. If you only encrypt part of your communication, it allows traffic analysis.

The biggest reason for encryption failure is loss of physical control of a local computer. Without physical security, there is no security. If your paranoid enough, create a bootable CDRom with a fully functioning version of your OS with favorite Encryption software. Spooks can't inject a keyboard sniffer on write-only media (without a lot of work). Worried about van eck phreaking, build a faraday cage, or work on a laptop. Neither are perfect solutions, but LCD screens are far less susceptible. It's like a game of chess, for every attack, there is a countermeasure.

You can take security as far as you want. For the most part, we're just intersted in delaying message interception for a period of time... hours, days, months, or years. You take the precautions depending on how long you need it to stay private. Although many Gov't organizations, such as the NSA are extremely good at extracting information, they have limited resources. They have to triage information. If an organization of 10000 users are all using encryption, even a weak encryption can be safe. At that point, they have to rely on more traditional forms of spycraft such as traffic analysis, infiltration, and the like.

Privacy is a basic human right. Encryption helps provides that privacy. It's not a matter of whether we're "right" or "wrong", it's simply none of the gov't/corp's business to know what I'm saying to my Lover, or my associates.

by Paul Rubin (phr-indy [at] nightsong.com)
Monday Jul 23rd, 2001 7:51 AM
I've talked at some length with the CEO of Safeweb. I'm confident that it's on the level. Don't freak out about the CIA contract. The CIA is a customer that buys some services from Safeweb, just like it buys office supplies from office supply vendors. There's no indication that anything more than that (i.e. large-scale CIA monitoring of Safeweb traffic in cooperation with Safeweb) is going on.

That said, Safeweb is not designed as a high-anonymity service. It's just a relay between your browser and a remote web site. The incoming channel is encrypted but the outgoing channel probably is not, and they can be correlated by someone (such as the CIA)'s internet feed WITHOUT Safeweb's cooperation. Also, Safeweb is a fairly conventional proxy server that logs incoming and outgoing connections. They keep the logs for 1-2 weeks in case of abuse, and are occasionally served with subpoenas for log data. They make reasonable effort to turn over the minimum necessary but they do comply with compulsory process. So I would describe Safeweb as medium-grade anonymity. I use it regularly but there are some things I wouldn't use it for.

For higher grade anonymity, the best bet is Zero-Knowledge Systems' Freedom Network (http://www.freedom.net) premium service. This costs $60/year and you need to download special client software to connect to it, but it's highly anonymous--your traffic is chopped into little bits and the bits are stirred with other people's traffic before being sorted out again and sent on to the external internet and there is NO log info to turn over. By the time packets leave the Freedom network there's simply no record left of where they came from. It's a well designed system and there are technical papers on the freedom.net site analyzing its security.

For encrypted voice communications, try Nautilus (http://www.lila.com/nautilus). I'm a co-author of this program and can vouch for its freedom from any type of intentional backdoor. We made it as secure as we know how, it has been analyzed by experts who haven't found any significant problems, and the source code is included so you can check it yourself.
by zedd (zedd [at] phase.cz)
Monday Jul 23rd, 2001 9:33 AM
i'm from czech rep./czechoslovakia where "socialism" took place for 40 years - believe it or not all independent people are much happier in our curent earlywildeast capitalism - please don't propagate what you don't know
by RevereRides
Monday Jul 23rd, 2001 11:28 AM
Three months ago, a story about SafeWeb also mentioned PGP being funded in the same manner. If I remember correctly, they are both from the same company.
Nessie, thanks for the Van Eck info, re: modem, power lines, .... interesting.
The frying mackerel suggestion seems decent, please, don't forget the garlic and mayonnaise!!!
by King of Hearts
Monday Jul 23rd, 2001 12:32 PM
Who made you king?
by proxy
Monday Jul 23rd, 2001 2:00 PM
Hmmm , all this chatter about Safe_Web and the CIA , hell ! the whole Internet and TCP/IP protocol is a wayward teen-age daughter of the Department of Defense - they were the ones that conceived and gave birth to her!!!!

the plot thickens...........

everybody loves a good conspiracy story -



by JHH (gdd [at] antioffline.com)
Monday Jul 23rd, 2001 4:20 PM
For those who run ircd servers and wish to use SSL, there are some quick easy hacks to run it over stunnel, an SSL tunneling and encryption tool. Its relatively easy to set up, and not only is encrypted, its also anonymous to everyone on that IRC server, as they inherit the servers hostname. Of course this does break DCC, but oh well... Only the server admin can eavesdrop or see who is connecting if this is set up. See http://www.stunnel.org for the software, and if you need help setting it up email me and Ill be happy to help out or provide a config for you.
by Aphrodite Platoon (aphrodite_p [at] freedom.net)
Monday Jul 23rd, 2001 4:50 PM
Thank you all for clearing up the relation between Safeweb and the CIA. It's very well possible that Chun is acting out of blind faith (and I do mean blind). But I don't think that it's safe to rely on governmental organizations to defend your privacy. Their first concern is usually control, whether they are communists, capitalists or fundamentalists.
Relying on PGP for your protection is a different matter. As far as I know they are related to Network Associates (like McAfee) so it doesn't seem ok to suggest that this is a wolf in sheep's clothing. The "inventor" of PGP was definitely one of the "good guys" who took quite a few risks to defend peoples privacy against governments. But there's an other problem. Even strong encryption is unable to defend us against the staggering amount of data that is being gathered on every person. It's effect is limited to defending against prying individuals and small powers. But it's not unlikely that the really big companies and states have supercomputers to their disposal that are a few years ahead of us. So even if you use very good encryption, it's only a short term solution to buy you some time. It doesn't prevent "them" from gathering data on everyone which means that they'll be able to tell what you were doing at Friday the thirteenth when you were sixteen years old anyway (all data transported through the air, including all "wireless", is being stored). The only way to prevent this Big Brother nightmare is anonymizing your movements on the web. So combining strong encryption with anonymizing yourself is really the best solution.
by susan (susan [at] unsaccodicanapa.com)
Tuesday Jul 24th, 2001 6:34 AM
We are just going out the door to join in on the protest here in Roma. People of all ages including a ten year old child called Frida. We do not have any faith in the "Forze dell'Ordine" but we are convinced that if nothing is done now there will be little chance to protest at all in the future.

Susan
When the government fears the people, you have liberty;
when the people fear the government, you have tyranny.
- Thomas Jefferson

Visit my site at: http://www.unsaccodicanapa.com
by utunga
Tuesday Jul 24th, 2001 7:41 AM
hi all,

trust no one

ssl irc is well worth it when talking to people you know and can verify identity for, but bear in mind.

even with people you think you know, irc provides *documentary evidence* which may, one day, be used against you.

and there is no point whatsoever to use SSL irc or SILC for public IRC channels - sure, communications might be 'secure' from outside communications, but one of the people in the channel might be a cop.

the secret service regularly take on real life activist identities to infiltrate organisations like ours. they will have done this again.

the only protection against this infiltration is small autonomous cells of activity, and to say who cares what they know we will do it anyway. remember, it doesn't much help them to know there will be 100,000 protesters in the street, theres still 100,000 people there.

Finally... ssl encryption is grand, but *expect* that ECHELON (which is very real and very serious) and CARNIVORE and other signals intercept based monitoring systems lead into computers that have *very highly powered and clever* decryption/cracking methodologies. even the largest bit encryption is vulnerable to exploits, and expect that the NSA will know them all..

by bastien (mooe [at] altern.org)
Tuesday Jul 24th, 2001 11:16 AM
yope, evhelon is bad. but they've got a nice little software (carnivore) used to monitore all traffick in a website. even the swiss has an echelon system (satos3/onyx), great-britain, new-zealand, germanz, australia, perhaps more.

if ya wanna talk about this mail me but with pgp please.
(you don't want that big bro reads your mai, no?)
-mooe-
by Loree Thomas (loreetg [at] yahoo.com)
Tuesday Jul 24th, 2001 3:26 PM
Police spies? Why would anyone worry about spies unless they were engaged in illegal activities?

Peaceful protesters coordinating their efforts via IRC have no reason to fear spies.

Media personel reporting events have even less to worry about from spies.

None of this makes sense to me.

Loree
by Elkhart
Tuesday Jul 24th, 2001 4:32 PM
Perhaps the *spies* were involved in illegal activities? But that would mean that police. . .sometimes break the law?! *GASP*! What a surprise!
by Aphrodite Platoon
Tuesday Jul 24th, 2001 8:04 PM
Regarding SSL: as far as I know this is purely based on (strong) encryption and defends the integrity from your data during the transport between modem and Provider. Directly implemented this doesn't offer you anonymity (doesn't really defend against the "Big Brother nightmare") because the data still contain the computer address from the "sender". Besides that, SSL has two weak points. The data can be read by the provider you use and SSL produces logs that are being kept by the provider so this provider has to be trustworthy and can be subpoenaed to present these log files.

Regarding the use of anonymous IRC: the Canadian Goose made it possible, but I haven't figured out how to get it up and running yet so feel free to offer me advise (I'm not that technical or clever).

I do agree with several previous speakers that it's important to keep in mind that even the most efficient Privacy Protection is one-way traffic only. You still have to be careful about what you say and who you're talking to. As always.

And to offer an answer to Loree and others who are wondering if it's really a jungle out there, I'd like to quote the EFF (http://www.eff.com)

"(...) Last but certainly not least, there are other privacy threats besides abusive marketers, nosy bosses, spammers and scammers. Some of the threats include industrial espionage, government surveillance, identity theft, disgruntled former associates, and system crackers. (...)"
by The Urban Monk (-)
Tuesday Jul 24th, 2001 11:43 PM
Most private encryption softwares (even the Swiss ones) have given the first bits of their decryption keys to the NSA. In consequence, encrypting will prevent realtime monitoring of your activities but it will still be picked up by Echelon-like systems and can be traced back as needed after the events. See http://www.cryptome.org
by anonymous coward
Wednesday Jul 25th, 2001 11:11 AM
The name "Anonymous Coward" is a reference to posts on slashdot.org which come from users who don't have accounts; all users without accounts post under that name. Other people might be using this pseudonym, I don't know. However, I'm not the person to which you refer in your links. I just happen to be a systems professional who sympathizes with the protest movement; though I don't support violent black bloc action. My knowledge of encryption and security lead to write that post. To my knowledge, it is accurate from a technical standpoint. Though I can't promise that the NSA, or any other secret police, can't crack RSA public key cryptography I can promise that it would take either massive numbers of computers working in tandem or a quantum computer (which doesn't yet exist in academia).
by ganjamann
Thursday Jul 26th, 2001 12:36 AM
there are webmail services who provide anonymous and secure email. it works with pgp: you first encrypt your mail with the key of the recipient. Then you choose two or more email servers and the order in which they should be used when sending the mail. lets say you have three mail server A, B and C. First you encrypt the mail with the recipients adress. this encrypted text is now the message body of an email to A. this mail then gets encrypted with public key of A. you then repeat this with B. the last step is you take the encrypted text encrypt with the public key of C and send it to C. When C receives the mail, it decrypts it and receives a mail to send to B. an so on.
the cool thing about that is that only the last mail server in the chain knows the recipient. but the best thing of all no one can trace your mail. if the police or someone else is watching the recipient they cant find out who's the sender and if they're watching the sender they can't find out the recipient. the only thing you need to do is to carefully select the mail servers inbetween (different providers, different countries). the police can only follow your mail through the "chain" if they have control over all the mail servers in the chain. otherwise its impossible for them, because the servers send mail only at fixed times and all the mails sent out have the same size. (if your mailsize is bigger it is splitted up). they also send out mails when there are no mails to send (dummy mails). so the police cant find your mail based on time or size.
i hope you understand what i wrote. but it's easy to do. you just go to the website (of course with an anonymizer) write your mail, select the mail servers between you and the recipient and send it. that's it. sorry but i dont have any links.
by XX (XX)
Thursday Jul 26th, 2001 2:23 AM
About Marxism,

Jesus said: Love your ennemies, pray for them.
Both capitalism, and marxism comes from occult sourses,
freemason and leninism is organised the triangle way.
As well as groups who love Nature, the so called priests rule the stupid ones and the stupid ones feel better as the untouchables which can be stolen from, taxes, and extingished..

Some evidence, Wurmbrandt, shows Marx was a satanist.

Lenin was helped by Rockerfellor money, does say some,
as well as Hitler was,

Conclusion, either way you choose, you decide for the same bullshit. You does become a puppet hitting your neighbour.
Around 1900 liberals and socialist were working together closely.

We are 100% volunteer and depend on your participation to sustain our efforts!

Donate

Donate Now!

$ 202.00 donated
in the past month

Get Involved

If you'd like to help with maintaining or developing the website, contact us.

Publish

Publish your stories and upcoming events on Indybay.

IMC Network