While the content of the scotslawstudent is not something particularly worrying to me, and I’m known to write this in as insecure places as on the bus there are other situations where reporting is heavily repressed and there are few ways for the rest of the world to be informed about what is going on in the area – this is seen in the problems in Zimbabwe currently where everything including spending US dollars has been outlawed – and it can be that the only way that news gets out can be from the eyewitness accounts recorded by people using blog software.
The scotslawstudent is an anonymous blog – I chose this to allow me to post on topics without being immediately identifiable. It means that I can post my grades etc without fear of being mocked in public. It’s hosted at wordpress.com which is a free blog host. Believe it or not this wasn’t a cost saving move, WordPress.com provides its blogs with a great deal of bandwidth which is more than I would be able to get from other anonymous hosts. I operate a full web site under a group name which uses WordPress software so I’m familiar with it and that made me go for WordPress.com
The registration details of the site point to scotslawstudent and the emails link to email@example.com, my handle for this blog, which does not reveal my identity to people with access to the details I gave at sign up for the blog or the email. This keeps my identity safe from people giving the site a rudimentary look over.
I don’t feel that my privacy is under attack enough to take more steps than simply not giving my name out in the posts and when signing up so I stopped at this point. However, for some people, the information they are posting may be very much more important and sensitive than the musings about my education that I do. For this there are many other modes and means of posting to the Internet.
Watch what you post
Admittedly, this isn’t entirely something which I don’t do. It’s mainly common sense – if you know a secret and no one else except, for example, your boss knows it you will become an obvious suspect if the secret appears on the Internet. If you fail to keep your posting anonymous – perhaps to the point of using your name or initials, then you have severely limited the amount of trust you can put on your own anonymity.
Use a web cafe
Mainly the issue that a wannabe secret blogger will need is to keep himself away from the blog which he is posting to. For example, in many ways the best way to do this is to use busy web cafes and to pay in cash. This will mean that the post will come from a public place and there will, potentially, be a lot of noise on the line to cover the post. Any court orders to identify the poster will only trace back to the IP of the web cafe, and if the web cafe uses a NAT router to split its connection among many systems may even only trace back to the single connection with no opportunity to trace to the individual terminals. The Chinese government, for one, has realised this and is now implementing measures to photograph all users of web cafes as they sit down. I think that’s fairly dodgy sounding particularly given the use that anonymous web cafes can be to people who want to get their message out. There are caveats on using a web cafe, not least if the user also drops by personally identifying material – though I doubt many whistleblowers will take advantage of the opportunity to google their names or the like – but even merely checking their own emails can be enough to allow someone who is supervising the web cafe to track a poster down. Timing is a useful method of identifying users of a computer system – I’ve used it myself to identify misuse of a school’s computer systems – and if the web cafe is empty but one at the time a whistleblower posts a scorching piece of evidence onto a blog from an IP address belonging to that then it’s elementary to connect you to the post.
In an oppressive regime this could land a blogger in a great deal of trouble. The UK currently has not touched bloggers but the US, all of places, has taken huge measures to stop the actions of corporate whistleblowers and there are notorious breaches of what we Europeans would call basic human rights around the world, even in countries which are not traditionally considered to be the Third World.
Use an anonymous proxy
Another way to get yourself some distance from the post is to use a proxy server. A proxy is a piece of network hardware which bounces (technically retransmits) anything which it receives, applying its own identification to the message in the process. This means that a user who posts to a blog from a proxy will be recorded as posting to the blog as if they were sitting at a keyboard at the proxy server.
Proxy servers can be searched for just like any other resource on the Internet – with Google. A search for “proxy server” will reveal long lists of computers which can be connected to by changing some settings in your browser. These servers are dotted around the world and as any Scot who receives a form letter from English solicitors knows the act of simply pointing out a jurisdictional difference is enough to stop casual pursuers in their tracks. It is generally a very good idea, if you are posting from a country under a repressive regime, to choose a proxy well away from your location to increase the difficulty in getting your details. Generally, although this is not an absolute tip, a proxy registered as anonymous will be safe enough to use from home.
The natural evolution of this idea of putting a far away computer between a poster and the blog is to put more than one computer between the poster and the blog, and to vary the computers that are used. This is done automatically by using a system called The Onion Router, this is a remarkable system which is nearly entirely volunteer run. In this case the poster connects to the network of individual computers around the world which then route the message between themselves. As long as the message goes through a number of different computers in different countries the original poster is nigh unrecoverable without extremely high amounts of work. The amount of traffic which goes through the network also helps itself in creating a large “haystack” for someone to search through to track down a particular poster.
A poster needs to be very careful that they are actually routing their data through the Tor system, for example this involves installing the Tor system and configuring any applications which the poster wants to keep anonymous. This can be as simple as activating a Firefox extension or configuring the programs individually. Tor has the disadvantage of being quite slow and low bandwidth, it’s far more than needed for web browsing or email or chat but not enough for downloading large files, which is also unfair to the network as a whole, remember that downloading files over Tor ties up resources which can be used for vitally important tasks.
There are two main ways to use encryption when blogging – the first is to encrypt the messages you transmit and the second is to encrypt the transmission itself.
Text encryption is not a new phenomenon, Julius Caesar was apparently the first person to use it on a large scale, and computers are extremely good at it. Currently the general standard is RSA encryption which uses the public key system – actual usage of this is fairly technical and beyond the scope of this article.
Encrypting the transmission itself is known as “end to end” encryption, and this is most commonly associated with the little padlock you see at the bottom of the page when you go to Amazon. However, it can be used for much more than protecting your details. It can also be used to protect your message from being eavesdropped on and it’s this mode which is very useful. It can be used to protect the entire connection between a poster and a blog or it can be used to protect the connection between a poster and a mailbox, used to get a message out of a country where it can be posted along the free parts of the Internet. There are various ways to do this, ranging from SSH tunnelling to just activating a “secure mode” on a webmail service. It depends on the care the user involved is taking.
Hushmail.com is a high security webmail service using public key encryption – so basically a combination of hotmail and PGP, this means that the system keeps email on the system encrypted. It’s not got the same attitude to protecting its users and will respond to court orders with apparently docile acceptance, so not strong enough protection to keep a poster safe from government action, although the difficulty of a foreign government getting one in the relevant jurisdiction could keep someone safe from action for a foreseeable period of time.
Use mail redirects
A good way to hide a post is to email it around the internet, this is the equivalent difference of dropping a letter into a post box or hand delivering it. When a letter that’s been posted arrives at the recipient the sender no longer posses that letter and the person who has to make the delivery is an unrelated postman whereas if the sender hand delivers it they have taken a journey, potentially out of the ordinary, and have kept possession of the letter all the way through the process. If the police, for example, spot the sender as he arrives to deliver the letter then they have a great of information about him, whereas if the letter was posted then the observer only knows the identity of the postman.
Mail redirects work by sending a message between various computers on the Internet, it means that the message is bounced between countries and at each leg of the journey the identity of the two computers is the only identifying information which the message contains – at the end of the journey the message does not reveal any information about its source except the final computer to send it on. Obviously all the jumps mean it’s a slow process and it’s quite risky, some emails never actually do reach their destination and disappear on one of the hops but it’s very private if it’s done correctly.
Legacy note – invisiblog.com
There used to be a blog system online which worked from the very simple foundation of mail redirection and public key encryption. To sign up to invisiblog.com a user would simply email the site with their public key and then this would start a blog titled with the last 16 digits of their key. As long as the key was specifically created for the new blog there could be no way to track the poster down with the information provided. The blog is then posted to by emailing messages to the site, again using mail redirection, signed with the same key. The blog could be read by any one with a web browser but even the owners of the blog only knew the public key of the person who was writing the posts in the first place.
This comes undone should the poster’s computer be seized which would reveal the private key of the poster, and therefore create a massive presumption that the owner of the computer was the one making the posts. However, generally very few methods will withstand the physical seizure of the equipment used to make the posts and it should be considered to be a very difficult stage of affairs to get past.
This site has since stopped operating since 2005 and there does not appear to be a similar system running on the Internet at this time. I would be interested in seeing a system like it running in future even though I personally have no use for it.
Super technical note – use other ways of connecting
Optical fibre has changed the way the world works nowadays and connecting the continents together with it has made the world seem a great deal smaller. However, although it is the main way of transmitting data in the world today does not make it the only one. There are many, many ways to communicate in the world – letter, phone to name two.
In some cases it may be best to simply get the information out of the country and have it published from elsewhere. This is particularly easy if the person lives near to a border. The real reach of the government may well extend beyond the physical borders of the country, but as far as international law is concerned it is strictly limited to within the geographic limits.
In extreme circumstances, potentially, if a person comes across sensitive information and has a radio operator licence and know people outside of the country, not bound by the same repressive rules as he is, then it’s a work of an evening to send a message, encrypted or not, to that other person and to have them post it online for him. This clearly has its own, not inconsiderable worries and assumes a lot of other factors which may or may not exist in the situation.
The Electronic Frontier Foundation has written at great length on being a blogger in states where it is not a government supported action. It provides great detail on the methods of avoiding detection and how to blog about sensitive topics. Blogging in extreme situations is an extremely risky move and if the situation has deteriorated to the point where the only reporting in an area then things are very bad. It’s a conscientious decision and a very important one, hopefully one I will never have to make, in terms of keeping human rights alive in a region where they cannot be checked up on.
None of this advice is provided personally and should not be expected to provide protection from a repressive regime. It is a fact that much more care will be needed when trying to avoid the attention of a regime than in theory on a blog. Although these notes are useful to people wishing to abuse the systems mentioned this is not the purpose of the article and the use of these techniques in illegal activity is not supported by neither the author of this blog, nor the people who design and run the services provided. Services which are provided for the benefit of humanity to provide those in difficult situations a safe and protected way to broadcast their experiences simply should not be misused by those seeking to gain advantage. The design of many of the services is such that it does not really benefit anyone in carrying out illegal activity.
This post was adapted from materials provided by the EFF and personal experience.