A guide to being subversive on the internet (and getting away with it)

[apothecary]

Hello!

Lots of people here ask me about things like internet privacy, anonymity, security, etc.

I figured I'd help out.

So here's the deal. It isn't easy, but it's worth if if you need it.

The building blocks:

GPG -- A lot of you have probably heard of PGP, which stands for Pretty Good Privacy. What PGP is an encrpytion system using public key cryptography. What does that mean to you? Not much more than you can trust your files (to some extent) to be safe using this sort of encryption.

GPG (GnuPG) is free software written on the OpenPGP standard, and is compatible with PGP, but it's free and open source! No closed software means no hidden FBI backdoors in the software or whatever.

I'm not gonna go over how to use GPG specifically, because it's been covered elsewhere much better than I could do it.

Suffice to say, it can be downloaded from www.gnupg.org, and you can learn how to use it comprehensively here.

Note that from here on, I assume you know how to use GPG in all the below ideas.

Smoke signals:

The most obvious method of transmitting messages is via email. However, email is at best flawed, there are many points along the transmission route where the message can be intercepted.

I prefer less orthodox methods that are more likely to evade attention.

Let's start with a simple example.

Indian tribes would use smoke signals to transmit messages long distances. These messages wouldn't hang around forever (no trail), and could only really be understood by the sender and recipient.

The enemy could hardly intercept a message made of smoke and force an indian to translate it, could they now?

So let's follow the ingenious example of the indians.

Let's start with your message. You can write it in a text file, and then encrypt that file against the recipients public key. However, how do you know the feds haven't broken into your home and installed a keystroke logger (it's happened before)?

How do you get around this? Simple! Do as young children do. Write your message using a paintbrush in microsoft paint, or similar. Save the image, and encrypt it against the recipients public key.

It should be noted however, that if the feds have broken into your home and installed a keylogger, you're pretty fucked already... but at least this stops inadvertent malicious parties seeing the message.

Now you have your message, encrypted in a nice strong bottle. How do you get it across the internet without anyone noticing?

There are a variety of places on the internet that allow you to input some information and recieve a token to access it later.

The best example is pastebin.

The purpose of pastebins, is so developers worldwide can collaborate on projects without flooding each others chat windows.

They go to the closest pastebin, paste whatever error message or particular code they want, and recieve a URL from which they can access it, or give to other developers to access. Pastebins are dynamic, so they only last a preset amount of time, usually a couple of days.

Using your ASCII armored GPG encrypted message (if that doesn't make sense, you need to read the GPG howto above), you can paste the entire encrypted message into a pastebin.

You then supply the recipient with nothing more than the pastebins particular URL, and they can access it for a short while.

You can find hundreds of pastebins on the internet, simply by googling for the word pastebin. Use them at random to throw would be trackers off the trail.

Similar ideas exist elsewhere.

There is a service called tinyurl (www.tinyurl.com), where you supply a url and it returns something like http://tinyurl.com/1vcx3 which redirects to the URL you supplied.

If your message is short, and doesn't require encryption you can go to tinyurl, and enter something like www.meetattheflagpoleatnoon.com and it will return an appropriate tinyurl.

You can supply this to the recipient who will know to meet you at the flagpole at noon, and a few days later, the tinyurl will be gone, lost to the void forever.

These are just a few examples. Be creative.

Browsing anonymously:

So you want to browse the net, but you don't want the feds to know what you're browsing.

You're not the only one! Terrorists, pedophiles, drug dealers, and many more shady characters need anonymous internet.

There are solutions, like Tor (http://tor.eff.org) that use "onion" routing to make sure your information passes through a crapload of nodes before it reaches destination. Tor is truly awesome and supported by the Electronic Frontier Foundation.

Also, you can always just google for "Open Proxy List" and use one of the many proxy servers that'll turn up.

I have more solutions, but Tor is awesome enough to encompass all of them. Go Tor!

Pesky hard drive:

So you got raided by the feds. They have your computer, and on it, possibly records of all your shady dealings and stuff! SHIT!

The trick in this situation is prevention. Make sure there's nothing incriminating on your computer.

Turn off logging on your IM clients, don't use cookies (if a site NEEDS cookies, then you don't need it security wise).

Lastly, when you have incoming files that are incriminating, use ramdisk.

http://support.microsoft.com/default.aspx?...b;en-us;Q257405

Ramdisk is like a normal hard drive, but resides in your computers memory (rather than the hard drive), so when it's shut down everything in the ramdisk is lost.

So the feds raid your house, confiscate your computer, turn it off...bam. All incriminating evidence is gone. If you want to know how to make ramdisks in linux, just post here and I'll add it.

That's it for now. More to come, including encrypted instant messaging, if you have any other requests, post here

[ 25. May 2005, 06:38: Message edited by: apothecary ]

[nabraxas]

so if you block ALL cookies, do you exempt sites like this one?

otherwise how do you 'log-on'? ie: you need to accept the cookie so you can post. i think.

[Darklight]

apothecary:

I figured I'd help out.

Thanx again apoth, that's excellent.

This applies to all information, I remember when PGP first came out the bloke who made it was suggesting encryption and data security apply to all data, rather than creating encryption only for sensitive stuff, so that people learned to value their privacy on line as they do in life. And discourage authorities from peeking- not only for rules that apply now, but for those which may change or become more repressively enforced in the future.

Unfortunately it never caught on.

Once someone has your computer, they can infer all sorts of stuff, how you spend, where you go, who you hang out with, your political beliefs etc. You don't need to be doing anything illegal to catch their attention, you only need to be *suspected*, and the information is yours whether they're right or not. With all the interest in the guvvy invading ppls privacy these days I don't think we're likely to become more free for a while

[apothecary]

nabraxas, well, you can create a ramdisk, tell your browser to store its cookies there so you only have to log in once per "computer is on".

I keep cookies because I don't do any illegal things on this computer.

[faustus]

what do you think of evidence eliminator? www.evidence-eliminator.com alot of talk that it's bogus (possibly by people who are against this sort of software)... meant to write over the hard disk many times, make the data irretrievable even with the polizei's finest tech.

[apothecary]

It probably works.

The way most operating systems work is that when you delete a file, it isn't really deleted. Just the reference to it is removed, so those bytes can be overwritten.

There are plenty of programs like the one above that overwrite that section of the hard drive so it can't be recovered, but it takes time. If the feds bust your door, you can't say ok hang on let me remove the evidence, I'll be done in 20 minutes.

It's simpler to just not keep it on there in the first place

[smogs]

i reckon the best method would be a small explosive device on your hard drive... they bust down the door you push a big red button and in a small flash of smoke... GONE

just dont let your cat jump on the table

[monkeyZ]

How much 'evidence' can you really get of, say, a sight like this?

For example, i might say i'm going to do something like eating some HBWR seeds and want to know whether i should eat the seeds and then snuff the filed seed casing?

... but then on another forum i also said i'm a 6'8, well built pleasure machine looking for some fun....

how much truth can you really take in anything i say online? i mean, i'd never do anything illegal, i just like to be cool like everyone else

(but i am a well built pleasure machine. honestly)

[apothecary]

Heh.

I think it works the other way. They don't look at your forum posts and say "lets go bust this dude" (although they might), I believe they bust you, then use your forum posts as evidence.

[hebrew]

yes please post about linux and ramdisk

[apothecary]

http://www.vanemery.com/Linux/Ramdisk/ramdisk.html

[Qhorakuna tantani]

Smogs: I remember reading instructions on how to build a device using thermite that, if a password is entered wrongly 3 times, it melts your whole hard drive. It's not that unbelievable, seeing as thermite can vaporize carbon steel! and it's so damn easy to make, only two ingredients.

[apothecary]

Problem with boobytrapping is that the raiding officers will come down HARD on you.

Always remember stories on OG of people who boobytrapped their grows, cops raid, get hurt and you get an extra 10 years on your sentence or something :/

[smogs]

yeah but this is physical destruction of evidence and unlikely to hurt people... unless they are stupid.

and yes it generally works that u get busted... then they search your pc and use it for evidence and to prove intent... and planning.

also if they found other info like "how to make a bomb" or something then they would charge u for that etc

[monkeyZ]

ok, so how does one hide/encript info they'd like to keep? Not so much transient internet info, but electronic documents/books/guides that they'd like to keep, but may be falsely interpretted by others.

Is there any ways to encrypt info so that it's all easy to access for the owner, but invisable/uncrackable for anyone else?

[ 29. May 2005, 13:15: Message edited by: monkeyZ ]

[apothecary]

Uh. GPG?

[monkeyZ]

yeh, that was stupid. :confused: hehe... sorry.

for some reason i seemed to the that was text only ecryption, but i don't know why i thought that.

[smogs]

burn them on cd, encryped and stash it somewhere outside your house where u can get it maybe?

put in ziplock baggy and hide it someone under ground heh heh

[apothecary]

Encrypt, rename to "Goat Porn XXX.avi" and upload to kazaa

[Chemical Shaman]

How do you get around this? Simple! Do as young children do. Write your message using a paintbrush in microsoft paint, or similar. Save the image, and encrypt it against the recipients public key.

Hahahaha holy shit dude!! I would only go to that sort of effort is i was a drug manufacturer AND a gun smuggler AND a nuclear arms dealer.

The fact that you have suggested such measures leads me to believe that you are all 3 so I have tipped off the feds accordingly.

If you would like to discuss this with me please view the image I have just sent you. It's a picture of me sitting on the beach with 3 girls in bikinis playing with a beach ball. If you zoom in you will see each girl is holding a bottle of CocaCola, if you zoom in again and then zoom in again and then zoom in again and then zoom in again you will see that in the barcode of one of the bottles reads the message "Hey Apothecary, meet me at the bus stop at 3pm", don't worry the image has been encrypted using 128,000 bit encryption.

Seriously, you guys must be doing some REALLY dodgy shit if you are going to these lengths, whatever it is..... i want in

When the police confiscated my computer, I had just downloaded this program that encrypts all of your dogy information into inconspicuous .wav files and put's them somewhere inconspicuous. I just hadn't gotten around to installing it yet

-Chemical Shaman

[apothecary]

CS, not all the techniques I list are from personal experience, some of them have been taught to me by people who would easily spend lifetimes in jail if they were caught.

When I was on the hacktivismo mailing list, we would frequently be discussing ways to allow Chinese citizens to browse/use the internet (including posting material critical of the government) without fear of persecution from above.

Trust me, in those situations, it's better to go way over the top than end up with a bullet in your forehead.

[nabraxas]

from what i've read, & there was an excellent article in New Scientist a few months ago, nothing can be totally removed from your hard disk, even overwriting it a bunch ov times, there are still traces left that the FEDs can recover.

think about it like this, the hard drive is magnetic media similar to audio tape. how many times have you recorded over something, only to still be able to hear it faintly in the background ov your new recording? same thing w/hard drives.

allegedly the FBI when it needs to dispose ov a hard drive that may contain sensative info, have a fool proof method ov making the data unrecoverable---3 shots from a .45

[reshroomED]

Microsofts *really* hidden files

ed

[bloodbob]

First thing first is its not hard for the cops to be allowed to installed monitoring devices in your home. If your suspected of doing local house burglary they can get video camera's installed in yoru house.

Next encrypting your hard drive isn't always a good idea because if you don't hand over the encryption key its 2 years in jail I believe.

On the hard disk wiping I'd personally be suprised if we actually had the equipment in australia but I could be very very wrong.

[apothecary]

lol.

The feds are not all powerful when it comes to hard drives, I will demonstrate that in the next update to this section.