Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Anonymous Blogging

Reply
Thread Tools

Anonymous Blogging

 
 
xrayman
Guest
Posts: n/a
 
      03-14-2006
I am trying to get some information regarding anonymous blogging. It is
very important I not be tracked back. I found this link through
del.icio.us that outlines a plan for blogging anonymously:
http://www.shorttext.com/u6jb
Is this overkill? Or is it serious steps I should consider. I would
like to hear any and all ideas and thoughts concerning the steps
outlined in the link - or your own ideas.

Thank you!!

 
Reply With Quote
 
 
 
 
~David~
Guest
Posts: n/a
 
      03-14-2006
As usual, before reading, don't do anything illegal/stupid...

1. Get a laptop with wireless
2. Find a public wifi-spot
3. Load an Anonym.OS LiveCD (http://theory.kaos.to/projects.html - basically
OpenBSD with tor for anonymous internet surfing all on a live cd so it doesn't
touch your harddrive)
4. Go to an online site, sign up for an email address and blog, never use those
for anything other than the intended purpose...
5. DO NOT do anything illegal/stupid

Hope this helps,
~David~

xrayman wrote:
> I am trying to get some information regarding anonymous blogging. It is
> very important I not be tracked back. I found this link through
> del.icio.us that outlines a plan for blogging anonymously:
> http://www.shorttext.com/u6jb
> Is this overkill? Or is it serious steps I should consider. I would
> like to hear any and all ideas and thoughts concerning the steps
> outlined in the link - or your own ideas.
>
> Thank you!!
>

 
Reply With Quote
 
 
 
 
George Orwell
Guest
Posts: n/a
 
      03-14-2006
xrayman wrote:

> I am trying to get some information regarding anonymous blogging. It is
> very important I not be tracked back. I found this link through
> del.icio.us that outlines a plan for blogging anonymously:
> http://www.shorttext.com/u6jb
> Is this overkill? Or is it serious steps I should consider. I would like
> to hear any and all ideas and thoughts concerning the steps outlined in
> the link - or your own ideas.


It's not only not overkill, it's false information. First of all, Internet
cafes and libraries are probably the most vulnerable and frequently
watched Internet access points there are, your own ISP account included.
So while you might "blend in" with the rest of the users on a given day,
what you do and where you go is far more likely to be monitored and
logged. And since you've joined their local network they can have a lot
more information about your machine than even your ISP might. You also
have to contend with the ever growing presence of security cameras and
such.

Cafes and libraries are NOT anonymous. Neither are the "web proxies" the
article suggests, especially in light of the fact that you're going to be
posting to your blog repeatedly. Make a single post that draws the
attention of an attacker, and the very next post you make might be your
last. Compromise the proxy either by cracking it or issuing a warrant and
you're owned. That's assuming the proxy you choose doesn't log connections
and give you up before you even get to make the second post. They ALL have
the ability, it's just a matter of "if".

About the only useful bit of information I read in that article was the
anonymous credit card stuff. If you travel a considerable distance from
your home location and buy one, being careful of those cameras of course,
they can be a pretty secure and anonymous way to spend money on the
Internet (or fund another anonymous account like something you've set up
properly at eGold).

About now you're probably wondering how, if the article's advice can't
provide it, do you actually maintain an "untraceable" blog. The short
answer is... you can't. In raw theory the Internet is a real time,
connection based media that relies on the fact that a path can be traced
back to you just to function at all. IOW, if you are to be completely and
totally anonymous, the Internet will never work for you at all.

There are, however, acceptable compromises....

There are "mathematically" anonymous services out there. Type II anonymous
remailers are considered the most secure way of transferring data across
the Internet today because they implement a protocol that obscures the
path back to you with layered encryption, latency, and "chaining" of
several machines in such a way that the ones in the middle are just moving
encrypted garbage around. They are limited to email though.

The Tor network functions very similarly to the remailer network, with the
one major exception that traffic passing through it is in real time.
There's no latency or "delay" in your connection, so someone watching a
big chink of the Internet *might* be able to figure out who you are by
the timing of packets flowing through the connections. The real world
chances of this are ridiculously slim, even when dealing with an attacker
as powerful as a government agency.

If you want the most secure, and really the only acceptably anonymous way
to do much of anything, then you should forget public access points and
follow the instructions found at http://tor.eff.org concerning installing
Tor and Privoxy, and configuring your web browser. Use that setup to get
an anonymous blogger account, and if you're really paranoid use the
remailer network to post to it using blogger's email features (that I was
previously unaware of by the way).

This sort of setup will give you the most "untraceable" anonymous blog you
can currently have on the Internet today, with no exceptions. The methods
implemented by the remailer network and Tor are so much more secure than
proxies and cafes that they can be considered actually anonymous, while
proxies and public access points can not. Apples and oranges... night and
day... etc.

All that said, how anonymous do you really need to be? One of the keys to
maintaining your anonymity is knowing who your attackers are. That means
the best "technical" anonymity in the world might be useless against an
attacker who knows you intimately and can recognize your "style", or the
source of information you're posting. The other side to that coin is that
even "weak" anonymity might be enough against someone who doesn't know
you, and doesn't have the "juice" to monitor sections of the Internet or
force some reputable proxy to hand you over. The key here is what sort of
information you're dealing in, and who you're going to **** off. Answering
those questions is critical to deciding if you even want to attempt to
post the information to an "anonymous" blog in the first place.




 
Reply With Quote
 
George Orwell
Guest
Posts: n/a
 
      03-14-2006
~David~ wrote:

> As usual, before reading, don't do anything illegal/stupid...
>
> 1. Get a laptop with wireless
> 2. Find a public wifi-spot
> 3. Load an Anonym.OS LiveCD (http://theory.kaos.to/projects.html -
> basically OpenBSD with tor for anonymous internet surfing all on a live cd
> so it doesn't touch your harddrive)


This might completely demolish any anonymity Tor gives you. If you're
using wireless from a laptop you're part of a local network and they have
your MAC address (among other possibly critical information). It might be
possible to trace that MAC address right to a store, date, and even a
credit card number and address for the purchaser.

NOTE: Anonym.OS has built in tools for spoofing MAC addresses, but they're
imperfect in that some hardware won't allow it, and useless because you
failed to mention them.

WiFi access also means that your physical location and time line are
known. In a lot of scenarios this is more than enough to out you. It's
much more desirable to use a system that can't be traced back to your
geography and/or "routine" in any way, even if it's just in general.

> 4. Go to an online site, sign up for an email address and blog, never use
> those for anything other than the intended purpose... 5. DO NOT do
> anything illegal/stupid


That's the key to the whole thing... the user. Even marginally anonymous
methods might suffice if the poster keeps his wits about him, and good
anonymity can be trashed by "wit challenged" individuals.
 
Reply With Quote
 
Jim
Guest
Posts: n/a
 
      03-14-2006
George Orwell wrote on 3/14/2006 3:07 AM:
> xrayman wrote:
>
>> I am trying to get some information regarding anonymous blogging. It is
>> very important I not be tracked back. I found this link through
>> del.icio.us that outlines a plan for blogging anonymously:
>> http://www.shorttext.com/u6jb
>> Is this overkill? Or is it serious steps I should consider. I would like
>> to hear any and all ideas and thoughts concerning the steps outlined in
>> the link - or your own ideas.

>
> It's not only not overkill, it's false information. First of all, Internet
> cafes and libraries are probably the most vulnerable and frequently
> watched Internet access points there are, your own ISP account included.
> So while you might "blend in" with the rest of the users on a given day,
> what you do and where you go is far more likely to be monitored and
> logged. And since you've joined their local network they can have a lot
> more information about your machine than even your ISP might. You also
> have to contend with the ever growing presence of security cameras and
> such.
>
> Cafes and libraries are NOT anonymous. Neither are the "web proxies" the
> article suggests, especially in light of the fact that you're going to be
> posting to your blog repeatedly. Make a single post that draws the
> attention of an attacker, and the very next post you make might be your
> last. Compromise the proxy either by cracking it or issuing a warrant and
> you're owned. That's assuming the proxy you choose doesn't log connections
> and give you up before you even get to make the second post. They ALL have
> the ability, it's just a matter of "if".
>
> About the only useful bit of information I read in that article was the
> anonymous credit card stuff. If you travel a considerable distance from
> your home location and buy one, being careful of those cameras of course,
> they can be a pretty secure and anonymous way to spend money on the
> Internet (or fund another anonymous account like something you've set up
> properly at eGold).
>
> About now you're probably wondering how, if the article's advice can't
> provide it, do you actually maintain an "untraceable" blog. The short
> answer is... you can't. In raw theory the Internet is a real time,
> connection based media that relies on the fact that a path can be traced
> back to you just to function at all. IOW, if you are to be completely and
> totally anonymous, the Internet will never work for you at all.
>
> There are, however, acceptable compromises....
>
> There are "mathematically" anonymous services out there. Type II anonymous
> remailers are considered the most secure way of transferring data across
> the Internet today because they implement a protocol that obscures the
> path back to you with layered encryption, latency, and "chaining" of
> several machines in such a way that the ones in the middle are just moving
> encrypted garbage around. They are limited to email though.
>
> The Tor network functions very similarly to the remailer network, with the
> one major exception that traffic passing through it is in real time.
> There's no latency or "delay" in your connection, so someone watching a
> big chink of the Internet *might* be able to figure out who you are by
> the timing of packets flowing through the connections. The real world
> chances of this are ridiculously slim, even when dealing with an attacker
> as powerful as a government agency.
>
> If you want the most secure, and really the only acceptably anonymous way
> to do much of anything, then you should forget public access points and
> follow the instructions found at http://tor.eff.org concerning installing
> Tor and Privoxy, and configuring your web browser. Use that setup to get
> an anonymous blogger account, and if you're really paranoid use the
> remailer network to post to it using blogger's email features (that I was
> previously unaware of by the way).
>
> This sort of setup will give you the most "untraceable" anonymous blog you
> can currently have on the Internet today, with no exceptions. The methods
> implemented by the remailer network and Tor are so much more secure than
> proxies and cafes that they can be considered actually anonymous, while
> proxies and public access points can not. Apples and oranges... night and
> day... etc.
>
> All that said, how anonymous do you really need to be? One of the keys to
> maintaining your anonymity is knowing who your attackers are. That means
> the best "technical" anonymity in the world might be useless against an
> attacker who knows you intimately and can recognize your "style", or the
> source of information you're posting. The other side to that coin is that
> even "weak" anonymity might be enough against someone who doesn't know
> you, and doesn't have the "juice" to monitor sections of the Internet or
> force some reputable proxy to hand you over. The key here is what sort of
> information you're dealing in, and who you're going to **** off. Answering
> those questions is critical to deciding if you even want to attempt to
> post the information to an "anonymous" blog in the first place.
>
>
>
>

Why not just put on some sunglasses and head down to the public library?

Jim
 
Reply With Quote
 
xrayman
Guest
Posts: n/a
 
      03-14-2006
This is really excellent information. So much to digest. One quick
question:
How can one "spoof" the MAC address? Are there tools available to do
such?
Thanks again - good stuff.

 
Reply With Quote
 
nemo_outis
Guest
Posts: n/a
 
      03-14-2006
"xrayman" <(E-Mail Removed)> wrote in
news:(E-Mail Removed) oups.com:

> This is really excellent information. So much to digest. One quick
> question:
> How can one "spoof" the MAC address? Are there tools available to do
> such?
> Thanks again - good stuff.




There are a million good software ones (I used to "roll 'em by hand" and
edit the registry). One good one:

SMAC
http://www.klcconsulting.net/smac/

or you can go hardware:

speed-demon
http://www.sdadapters.com/products.htm

Regards,



 
Reply With Quote
 
~David~
Guest
Posts: n/a
 
      03-16-2006
The Anonym.OS CD allows a user to spoof a MAC address assuming the hardware
supports it; almost anything with a prism or atheros chipset supports it. (goto
madwifi.org). Upon boot up the cd asks if you would like to randomize the MAC
address; if you click yes, it does. The "manual" way to do it is on the command
line:
ifconfig ethX hw ether xxxxxxx where ethX is the interface

~David~

xrayman wrote:
> This is really excellent information. So much to digest. One quick
> question:
> How can one "spoof" the MAC address? Are there tools available to do
> such?
> Thanks again - good stuff.
>

 
Reply With Quote
 
~David~
Guest
Posts: n/a
 
      03-16-2006
You are correct: Assuming the user has hardware that allows this, they can do
it fairly easily as the CD _prompts_ you upon bootup to see if you want to
randomize the MAC address. How much easier can it get?

And yes, you have to make sure you are fairly physically anonymous. Many
universities have large wireless networks that are easy to get on and hard to
track people on because of their large size. For example, my university has a
HUGE campus and it would range from _very_ difficult to impossible to track a
person if they were using a fake MAC. The only thing authorities/sys admins
would know, assuming they could get through Tor's anonymity (no small feat) to
trace the true point of origin, is that a user with a wireless network card
accessed the network with a fake MAC on a system that sort of looks like winXP,
which is what anonyOS looks like. Reboot the system, take the CD out of the
drive, and all traces go away.

~David~

George Orwell wrote:
> ~David~ wrote:
>
>> As usual, before reading, don't do anything illegal/stupid...
>>
>> 1. Get a laptop with wireless
>> 2. Find a public wifi-spot
>> 3. Load an Anonym.OS LiveCD (http://theory.kaos.to/projects.html -
>> basically OpenBSD with tor for anonymous internet surfing all on a live cd
>> so it doesn't touch your harddrive)

>
> This might completely demolish any anonymity Tor gives you. If you're
> using wireless from a laptop you're part of a local network and they have
> your MAC address (among other possibly critical information). It might be
> possible to trace that MAC address right to a store, date, and even a
> credit card number and address for the purchaser.
>
> NOTE: Anonym.OS has built in tools for spoofing MAC addresses, but they're
> imperfect in that some hardware won't allow it, and useless because you
> failed to mention them.
>
> WiFi access also means that your physical location and time line are
> known. In a lot of scenarios this is more than enough to out you. It's
> much more desirable to use a system that can't be traced back to your
> geography and/or "routine" in any way, even if it's just in general.
>
>> 4. Go to an online site, sign up for an email address and blog, never use
>> those for anything other than the intended purpose... 5. DO NOT do
>> anything illegal/stupid

>
> That's the key to the whole thing... the user. Even marginally anonymous
> methods might suffice if the poster keeps his wits about him, and good
> anonymity can be trashed by "wit challenged" individuals.

 
Reply With Quote
 
George Orwell
Guest
Posts: n/a
 
      03-17-2006
~David~ wrote:

> You are correct: Assuming the user has hardware that allows this, they
> can do it fairly easily as the CD _prompts_ you upon bootup to see if you
> want to randomize the MAC address. How much easier can it get?


Super! As I remembered it this wasn't automatic, and had to be done after
the OS had loaded. A bit of a security risk in itself.

> And yes, you have to make sure you are fairly physically anonymous. Many
> universities have large wireless networks that are easy to get on and hard
> to track people on because of their large size. For example, my university
> has a HUGE campus and it would range from _very_ difficult to impossible
> to track a person if they were using a fake MAC. The only thing
> authorities/sys admins would know, assuming they could get through Tor's


<snippage>

If an attacker has the ability to break Tor the rest is likely
meaningless. Even if they just have the ability to narrow down your
location with traffic analysis of a "hunch" netwqork segment,
triangulating your precise location would probably be trivial.

Still, using hard wires is inherently more secure than wireless access at
this day and time, and being behind a router is preferable to being part
of a very large and likely closely monitored network. Both wireless and
joining a LAN leave a considerable number of doors open that aren't there
otherwise. In fact, just broadcasting a encrypted signal itself to the
general public might be the thing that garners you unwanted attention and
leads to ultimate compromise.

> anonymity (no small feat) to trace the true point of origin, is that a
> user with a wireless network card accessed the network with a fake MAC
> on a system that sort of looks like winXP, which is what anonyOS looks
> like. Reboot the system, take the CD out of the drive, and all traces go
> away.


I agree that for most applications "drive by" access, if practiced and
done correctly, is not much less secure than the good ol' desktop PC on a
private network accessing the Internet through a gateway device that
physically isolates it. But there's still a larger number of things to
consider and secure, and consequently a larger number of things to go
wrong. That said, I'd wager that the OP would be just fine either way
assuming he realized it was something like Tor providing the anonymity and
not the "Internet Cafe" the poster first asked about. Tor is acceptably
secure. Direct connections, no matter how obscure, are not.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Is this a local anonymous class or a member anonymous class Reporter Java 3 05-12-2007 05:23 AM
Blogging sites / engines Paul Aspinall ASP .Net 2 12-22-2005 04:37 PM
Blogging sites / engines Paul Aspinall ASP .Net 0 12-21-2005 08:46 PM
help with an anonymous array of anonymous hashes noeldamonmiller@gmail.com Perl Misc 1 02-10-2005 01:08 AM
Blogging Components: Trackback and Pingback Protocols Mark Olbert ASP .Net 2 12-05-2003 02:38 AM



Advertisments