General Internet Security and Posts About Illegal Activities

Indybay eds,

Is this in response to something specific that was posted recently or in the past? I am one of those doing support work for the AETA4. Is this post in response to FBI/Police harrassment that could possibly be relevant to the AETA4 case (since you mention the case in passing). If so, let us know here and we will provide you with our email address, or those of attorneys if appropriate.

Stay safe.

Thanks,
AETA4 Support Team

Here is additional reading about the absolute security level of tor... for any activity (the average user of Tor might not be seeking to post about vandalism online, but rather to access pornography, or might be a military member or student trying to hide their IP address). They assess that many tor nodes could easily be 'honeypots' run by security agencies or private individuals who are interested in knowing who wishes to use Tor and what sites they want to visit. At the same time, Tor is decentralized and many people have set up nodes. Likewise, the staffing time for monitoring everyone's activity (like in east germany) would be enormous the government probably doesn't have time to read your email.

http://www.civiblog.org/blog/_archives/2007/11/15/3355919.html
http://arstechnica.com/tech-policy/news/2007/09/tor-node-operator-after-run-in-with-police-i-cant-do-this-any-more.ars

Also, yes - it's important not to abuse indybay. While they have anonymous wire postings, there are other places where this could be done.

Things come up from time to time that have been posted to the site that might endanger site users or even Indybay itself, potentially placing unintended folks in legal jeopardy of different sorts. Josh Wolf first posted his video of the 2005 anti-G8 demo to the site and not long after that he received a subpoena for the full video, so the post here is intended more as a general warning for people to think things through in that what they view online, record in the streets, and post at Indybay might have ramifications beyond what they first considered.

But, no, this is not a reaction to anything that the AETA4 Support Team has posted.

I'm guessing this has more to do with the recent pics posted of the Union Square raid.

i suspect this is a culmination of smaller issues that are more annoyance than anything, but also a service of saying to be smart.

Everywhere you go, if your phone is on (it DOES NOT MATTER if your phone does not have GPS!), you are leaving a digital record of your position every 10-30 seconds with the telcos who keep these records for multiple years and are more than happy to share that data quietly with any jackass with a badge.

You can even be tracked right now by your phone number, on the web from a laptop inside a cop's car. Dont believe me? Here's the company that offers the service http://www.trueposition.com/web/guest/homepage

And dont think turning off your phone is good enough, many phones simply go into a sleep mode when the power is "off" but stay on the network. Pop the cover and remove the battery. Or keep an empty Altoids tin that will fit your phone, to block the signal.

And dont just turn it off when you've got something to hide. Hello, telegraphing? Turn your phone off often when you travel, and leave it off to provide some inexplicable cover time.

The "realists" were wrong; you ARE being watched. Incidentally, you can thank Bill Clinton for the federal legislation "to save lives" that brought you this nationwide tracking system.

RT writes, "Myspace, blogs, and online networks are like a dream for police investigators. Where they used to have to go out and interview people, check records, walk the street, now they merely have to go online. Investigation from the convenience of their offices.

I took part in a demonstration and was arrested. Afterward, the police contacted my employer to suggest that they check up on me. I got a copy of the police report yesterday and was surprised to find that the police had gone beyond just the basic facts of my arrest.

They had tracked down the website for my band, followed a link to our myspace page, and from there tracked down my personal myspace page. In my profile I had some pretty cheeky anti-authoritarian hyperbole and that was quoted in the report. "Subject says in his myspace profile that he is 'looking for someone to turn over and burn police cars with,'" a dumb comment that had been part of my online profile for many years. There was a print out of my entire myspace profile, band website, etc. All of this info had been passed on to my employer."

I will present here the maximum security scenario for postings where you go to prison if the pigs find out who put it up. It goes without saying that this sort of post goes to a site willing to receive and republish it like the ALF or ELF press office.

This can be scaled down for lower security applications, e.g. using Tor and PGP form home to frustrate email surveillance of activist groups, or normal-security wardriving to administer a website that might bring AETA charges.

*************************

OK, you need to post that ALF press release, those videos of masked warriors having a smashfest or that long list of UCLA vivisector's home addresses, car tags, routes to work, etc. You must assume that everything thatr can be recorded by enemies will be.

Don't use a home computer, as your ISP might log IP's or sniff packets. Don't rely on Tor without encryption or a honeypot could read the contents. Don't rely on encryption without Tor or an ISP could connect source, destination, and time.

Ultimate security for something at the ALF/ELF level might work like this:

1: set up a Linux laptop, using a live disk or live disk image on USB for the session. Be sure to disable any use of swap space from the hard drive unless that is encrypted. If the computer is captured but has been turned off, everything is gone-it was on RAM only.

2: buy a wireless card or USB device to use ONCE ONLY, as wireless devices might be traceable. Remember $40 for a wireless card is much cheaper than $500 for a lawyer. Destroy it when finished. Get a high gain antenna so you can get out of sight-keep this as it cannot be traced.

3: Go wardriving: Find an unsecured wireless connection where you can ge out of security camera range of the connection but close enough to connect with that good antenna. This connection should belong to someone who you don't mind getting a visit from law enforcement, maybe your target's competition?

4: Find a bush, etc that blocks visual line of sight to the target but lets wireless signals pass, and take cover behind it. Crowds are good cover too, and if you are not known to anyone the cover this provides gets much better. A parking lot full of cars, not watched by obvious cameras, with a fake/obscured tag on the car, is another possible scenario.

5. Boot from the live disk or live disk image on USB and connect. Once connected, DO NOT check email or do anything else with your name on it or that can be connected with who you are. If the website you are posting to has PGP, use it! This will prevent your wardriven connection (which could be a honeypot) from sniffing the traffic and calling the pigs. Use Tor, too if this is really hot-that will delay anyone monitoring, say, the ELF Press Office ISP for all incoming messages. Tor and PGP can delay cops long enough for people around you to forget you face-probably for weeks.

6: Finish up, immediately disconnect, wait a few minutes(so your getting up doesn't correlelate with the signal cutoff), then leave the area. Trash the wireless card at least 1/2 mile from the connection and wipe your prints off it prior to disposal.

DON'T BE INTIMIDATED-BE PREPARED!