[SGVLUG] Internet privacy [was: Re: Need a quick debian or ubuntu test...]

Emerson, Tom (*IC) Tom.Emerson at wbconsultant.com
Fri Jun 5 16:57:59 PDT 2009


> -----Original Message----- Of Charles Wyble
>
> Uh..... ok..... *backs away slowly*

Charles -- what he's talking about is establishing a very low "signal to noise" ratio (at least, I think "low" is the right term here...)  Basically, if a sniffer were to be installed at his ISP and triggered on traffic from his IP address, all it would capture would appear to be "noise" - like clockwork, a "block" of text goes out to a remailer.  Every now and then, however, one of those "noise" packets actually contains "signal", but due to the use of strong encryption, the "signal" packets are indistinguishable from the "noise" packets to the casual observer (and, hopefully, even to the trained observer)

By taking in a steady feed from alt.anon, he is also thwarting, or at least making it rather difficult, to do any form of "profiling" based on his browsing habits.  Again, to the casual observer, it is unknown or uncertain what messages he actually reads vs. messages that are discarded.  (sort of like trying to determine what channel a TV is tuned to based on the back-EMF coming from the antenna, except he has enough TV's attached that every channel is being "watched")

There are risks associated with this, not the least is the fact that he's doing it in the first place (by your own comments on this thread, as a "casual observer" I take it you've already come to this conclusion anyway...)  For instance, if one of the remailer decryption keys gets compromised (and that fact kept secret from the owner and users of the remailer), then it would quickly become evident which packets he sends are "signal" and which are "noise"; and in turn those doing the surveilance would know what he's taking on the inbound side.

Of course, there is another tactic that "big brother" could use to force John to surrender his equipment for inspection: "poison" the alt.anon stream with questionable (i.e., ilicit) content [kiddie porn would be a sure-fire bet...] then issue a warrant or subpeona based on un-encrypted bits entering his premises...  (and come in with "live capture" devices so that they wouldn't have to violate the DMCA by guessing/breaking his passwords)  Even if they don't find anything "objectionable" in what John has actively captured, chances are good that some of the "poison" is cached "somewhere" in his system [read buffers that haven't been flushed, for instance] and he could get a good roasting for that just because "they" don't want to admit overstepping their jurisdiction...

[but I'm sure you've already thought about those scenarios, right John?]



More information about the SGVLUG mailing list