Usenet - How to protect free speech?

I'm curious, I've just been having an argument with a bunch of guys
and I wondered if you people had some interest (and any suggestions
on other newsgroups to query if not...)

Basically it comes down to this:

--
There are a set of people P = {p1, p2, p3, ... , pN}. These
people want to have a conversation on the usenet networks.

However, there is an Evil Government Agency EGA that will arrest
these people because they talk about things with certain key words
in them.
--

I suggested that the people involved post using public key
encryption, regularly rotating and posting an unencrypted public
key to the newsgroup and privately distributing the newsgroup
private key to members.

All posts are then public-key encrypted and can only be read by
people with the private key.

Then EGA can see that data is being posted but cannot access
what the data being posted IS, and therefore, the posters are
protected.

Now, I've been challenged: If the set P is willing to add new
members from the set of people who NOT in P, it becomes a trust
issue.

Any BAD new member added to P makes the private key available
to general use and the entire group is compromised.


So, what to do?

Can the usenet be used in such a fashion as to protect posters
from EGA's? If so, how?

Am I completely on the wrong track here? Should I be looking at a
initial post service that strips incoming logs (but is vulnerable
to EGA direct attack)?

CAN the usenet be used in such a fashion?

cheers,
Doug.

Doug

In article <>, Doug <> wrote:
:There are a set of people P = {p1, p2, p3, ... , pN}. These
eople want to have a conversation on the usenet networks.

:All posts are then public-key encrypted and can only be read by
eople with the private key.

:Am I completely on the wrong track here?

Yes, that's not Usenet. Take it to a blog or Wiki or private server
or something like that.


:However, there is an Evil Government Agency EGA that will arrest
:these people because they talk about things with certain key words
:in them.

Not likely, even in dictatorships. The keywords would result in
the posts being flagged for closer reading, and the arrests would
then be on the basis of what was said. People don't get arrested for
postings strongly supporting government positions.
--
"No one has the right to destroy another person's belief by
demanding empirical evidence." -- Ann Landers

Walter Roberson

In article <>, Doug <> wrote:
>I'm curious, I've just been having an argument with a bunch of guys
>and I wondered if you people had some interest (and any suggestions
>on other newsgroups to query if not...)
>
>Basically it comes down to this:
...
>Any BAD new member added to P makes the private key available
>to general use and the entire group is compromised.

This is a general problem that has existed for hundreds of year.

The answer is that you can't solve it.

Consider that existing members may already be compromised (moles) or
may become compromised in the future.

>So, what to do?

Live with the fact that the group's life is in the hands of the
weakest link, both current and future.

>Can the usenet be used in such a fashion as to protect posters
>from EGA's? If so, how?
>
>Am I completely on the wrong track here? Should I be looking at a
>initial post service that strips incoming logs (but is vulnerable
>to EGA direct attack)?
>
>CAN the usenet be used in such a fashion?

No. In security, there is no perfect defense, but neither is there
an unstoppable attack.

Craig

Craig A. Finseth

In alt.computer.security Doug <> wrote:
: --
: There are a set of people P = {p1, p2, p3, ... , pN}. These
: people want to have a conversation on the usenet networks.

: However, there is an Evil Government Agency EGA that will arrest
: these people because they talk about things with certain key words
: in them.
: --
: All posts are then public-key encrypted and can only be read by
: people with the private key.

Encryption is a good start, but sooner or later someone will
figure out how to break whatever system you use. The EGA might
already know how to break it now!

: Then EGA can see that data is being posted but cannot access
: what the data being posted IS, and therefore, the posters are
: protected.

The fact that you're using encryption might make the EGA
a look at you and want to know why you're using it.

One of the best ways I can think of is hiding your traffic
by making it look completely normal to the point of being
boring. Everyone goes to places like google, if you could
hide your messages in something that google would return
from a simple search, it's possible that no one will notice.

Basicly hide in plain sight. People see the crazy guy
who talks to himself on the street, but they don't give a
second look at the garbage man picking up the trash cans.

: Now, I've been challenged: If the set P is willing to add new
: members from the set of people who NOT in P, it becomes a trust
: issue.

: Any BAD new member added to P makes the private key available
: to general use and the entire group is compromised.

People are always a possible weak link. Can you always trust
everyone in a group 100%? Are there things you've NEVER told
anyone? Why not? you trust your wife/husband/SO/friends
right?

Also there are other ways to get access to the encrypted data.
One of the less fun ways for the members of the group is "Rubber
Hose" decryption, they beat the encryption keys out of one of the
group members. This system is every effective in getting information
and some EGA's are more then willing to use it, after all everyone
has a breaking point (or they die).

: Am I completely on the wrong track here? Should I be looking at a
: initial post service that strips incoming logs (but is vulnerable
: to EGA direct attack)?

Even if you use a relay service to strip off information like
your email address, location/IP, etc the EGA could watch the traffic
to and from the relay site and could figure out which message from
the relay was yours, even if it's encrypted going to and from
the relay. The EGA could also see who else gets this message.

I've always looked at the internet, and everything on it, as if
it's a postcard traveling though the mail. Anyone who handles it
can look at it if they want and there is no way to stop that.
Sure if the postcard is in a language they can't read (encrypted)
they won't know what is says, but who knows what languages the
postman can read for sure? And the postman has to be able to read
the address if you want it delivered.

If you're going to use the internet for something that might be
illegal where you are, (or somewhere else) you'll always run the
risk someone will be watching and know what you're doing.

--
Barry Keeney
Chaos Consulting
email

"Rap is Square Dancing gone terribly, terribly Wrong...."

Barry Keeney

On Thu, 11 Sep 2003 22:35:41 +0800, "Doug" <> wrote:

>CAN the usenet be used in such a fashion?

The real question is SHOULD it and the answer is no
its designed for open discussion and freedom of speech
implies the freedom to listen.
--
Jim Watt http://www.gibnet.com

Jim Watt

In article <>, says...
>
> Can the usenet be used in such a fashion as to protect posters
> from EGA's? If so, how?
>

Yes. Research mixmaster remailers. Use them.

/steve
--
The most advanced e-mail control on the Net!
http://www.cotse.net/servicedetails.html
E-Mail, Anon Proxies, Remailers, Usenet, Web Hosting, More.
The Internet's Full Service Privacy Website, Your Shield From The
Internet.

Stephen K. Gielda

Doug wrote:

> Then EGA can see that data is being posted but cannot access
> what the data being posted IS, and therefore, the posters are
> protected.
>
> Now, I've been challenged: If the set P is willing to add new
> members from the set of people who NOT in P, it becomes a trust
> issue.
>
> Any BAD new member added to P makes the private key available
> to general use and the entire group is compromised.

If the EGA is worthy of the title evil, they would simply 'lean' on the
ISP providing services to one of the posters to get their address info,
go around to their house, torture them for a bit to get any required
passwords and then jump on said persons computer and post as one of the
trusted posters, and gain info on the others that way.
E.

E.

> > Can the usenet be used in such a fashion as to protect posters
> > from EGA's? If so, how?
>
> Yes. Research mixmaster remailers. Use them.

Thank you, that's almost exactly what I was looking for. More on
alt.privacy.anon-server when I think fully a way to apply via the
usenet.

cheers,
Doug.

Doug

In alt.computer.security, Msg ID: <>
"Doug" <>, wrote:

>I'm curious, I've just been having an argument with a bunch of guys
>and I wondered if you people had some interest (and any suggestions
>on other newsgroups to query if not...)
>
>Basically it comes down to this:

Wrong.. Basically it comes down to THIS.

PGP is censorship in disguise..

You protect Free Speech, by excercising Free Speech.
"If you can't say something nice then say what you THINK..."
Be politically Incorrect.. **** them all..
PGPers included.


Ray

mchiper

On Fri, 12 Sep 2003 14:37:16 -0400, mchiper <> wrote:

>>Basically it comes down to this:
>
>Wrong.. Basically it comes down to THIS.
>
>PGP is censorship in disguise..

The trouble with free speech is that shitheads still remain
shitheads. Just louder.

--
Jim Watt http://www.gibnet.com

Jim Watt