FAQ   Search   Memberlist  
Profile    Log in to check your private messages    Register    Log in
A Free Distro for Free Speech - Remailer in a Can

 
Post new topic   Reply to topic    BLAG Forum Index -> open discussion
View previous topic :: View next topic  
Author Message
belbo
PostPosted: Thu Aug 04, 2005 9:56 pm    Post subject: A Free Distro for Free Speech - Remailer in a Can Reply with quote

A few weeks ago, after the violation of the cryptographic services offered by the Autistici/Inventati server by the Italian police and the more recent and misterious "unauthorized hardware manipulation" of the Antani remailer's server, Punto Informatico, Italy's most popular Internet magazine, published a reader's proposal for a Linux/*BSD distro able to provide an easy and secure solution for those interested in turning their machines in anonymous remailers. What the author of the article dreams about is essentially a "remailer in a can," an idea that already appeared in remailer operators' mailing lists a few years ago, but that was not able to stimulate enough interest in the community of developers that may still not know about it.

There is no need to say that with more people running anonymous remailers the quality of the anonymous network would greatly improve, thus making attacks way more difficult.
The fact that people could run anonymous remailers at their houses would also reduce the danger of physical violations: while the likelihood of a violation stays the same, its damage is drastically diminished as the remailer operator can quickly notify users of the incident. On the contrary, Autistici/Inventati, whose server was remotely hosted by a private company, knew of the police violation only ONE year later.

I believe that there is a great need for a distribution that can make people run an anonymous remailer easily and reliably. Could BLAG do it?

Currently there are about 40 anonymous remailers in the world, distributed in various countries. Imagine how many could be added with a distro that would make the installing and maintenance of an anonymous remailer dead easy!


Links of Reference
On the Autistici Inventati violation: http://makeashorterlink.com/?Y6F424E8B
On the Antani manipulation: http://makeashorterlink.com/?H20522E8B
Punto Informatico article: http://makeashorterlink.com/?X11525E8B (in Italian)

jebba
PostPosted: Fri Aug 05, 2005 2:07 am    Post subject: Reply with quote

I support the idea of being able to use the 'net anonymously (and most blaggers probably do too), but how would spam abuse be prevented?

Also, how would this technically be implemented? I suppose I should do some reading... :)

-Jeff

jebba
PostPosted: Fri Aug 05, 2005 2:34 am    Post subject: Reply with quote

Also, I remember a distribution that's goal is anonymous/secure stuff. I came across it when reading about Tor ( http://tor.eff.org/ ), but I don't remember its name. Some googling should find it.

-Jeff

Guest
PostPosted: Fri Aug 05, 2005 3:34 pm    Post subject: Reply with quote

jebba wrote:
I support the idea of being able to use the 'net anonymously (and most blaggers probably do too), but how would spam abuse be prevented?


Remailing software generally has spam and flood filters. Of course, it would be utopian to say that such filters block every case of abuse, but it must be said that spammers do not seem to use anonymous remailers. I do not have statistical evidence to support my assertion, but given the strict limits imposed by remailer operators on the number of addresses in headers and crosspost, anonymous remailers do not appear as the favourite tool of spammers. And more empirically, in my 8 years of Internet use I have never received spam coming from anonymous remailers (mail coming from anonymous remailers is easily recognizable looking at the sender's address which may for example state "dingo, anonymous remailer").

jebba wrote:
Also, how would this technically be implemented? I suppose I should do some reading... :)


Well, the distribution should include the tools necessary to run a remailer, which essentially means GnuPG/PGP, a remailer (such as Mixmaster and/or Mixminion), mail2news gateways, pinger services. Ideally, a way to easily configure the various services should be implemented. Having an encrypted filesystem would be a great plus.

Wikipedia has a good section on anonymous remailers and Mixmaster has a great FAQ.
http://en.wikipedia.org/wiki/Anonymous_Remailer
http://mixmaster.sourceforge.net/faq.shtml

Guest
PostPosted: Fri Aug 05, 2005 3:39 pm    Post subject: Reply with quote

jebba wrote:
Also, I remember a distribution that's goal is anonymous/secure stuff. I came across it when reading about Tor ( http://tor.eff.org/ ), but I don't remember its name. Some googling should find it.


I don't know if you are referring to this, but yesterday I came across a great project that unfortunately seems to have slowed down recently and has never released any information publicly.
It's called Privacy BOX and looks very promising.
http://www.winstonsmith.info/pbox/index-e.html

jebba
PostPosted: Fri Aug 05, 2005 8:00 pm    Post subject: Reply with quote

Anonymous wrote:
jebba wrote:
I support the idea of being able to use the 'net anonymously (and most blaggers probably do too), but how would spam abuse be prevented?


Remailing software generally has spam and flood filters. Of course, it would be utopian to say that such filters block every case of abuse, but it must be said that spammers do not seem to use anonymous remailers. I do not have statistical evidence to support my assertion, but given the strict limits imposed by remailer operators on the number of addresses in headers and crosspost, anonymous remailers do not appear as the favourite tool of spammers. And more empirically, in my 8 years of Internet use I have never received spam coming from anonymous remailers (mail coming from anonymous remailers is easily recognizable looking at the sender's address which may for example state "dingo, anonymous remailer").


Good to hear. :)

Anonymous wrote:
jebba wrote:
Also, how would this technically be implemented? I suppose I should do some reading... :)


Well, the distribution should include the tools necessary to run a remailer, which essentially means GnuPG/PGP, a remailer (such as Mixmaster and/or Mixminion), mail2news gateways, pinger services. Ideally, a way to easily configure the various services should be implemented. Having an encrypted filesystem would be a great plus.

Wikipedia has a good section on anonymous remailers and Mixmaster has a great FAQ.
http://en.wikipedia.org/wiki/Anonymous_Remailer
http://mixmaster.sourceforge.net/faq.shtml


Ok, if you post some URLs to specific applications you want included, that would be cool. Or even better, you can put it in bugzilla: http://bugzilla.blagblagblag.org which will pester me until it's done. ;) Even if it doesn't fit on the CD, we could put it in the repository for easy apt-getting.

As for filesystem encryption on BLAG, I wrote up this: http://wiki.blagblagblag.org/Encrypting_Root_Filesystem

It is not easy and you have to know about encryption and filesystems in general. Hopefully, someday it will be able to encrypt right from the installer.

Thanks,

-Jeff

Guest
PostPosted: Fri Aug 05, 2005 10:55 pm    Post subject: Reply with quote

jebba wrote:
Ok, if you post some URLs to specific applications you want included, that would be cool. Or even better, you can put it in bugzilla: http://bugzilla.blagblagblag.org which will pester me until it's done. ;) Even if it doesn't fit on the CD, we could put it in the repository for easy apt-getting.


I wasn't too confortable with the Bugzilla interface so I'm posting here the references you have requested. Hope it's okay.

ANONYMOUS REMAILER

Mixmaster (Type II Anonymous remailer)
http://mixmaster.sourceforge.net/

Mixminion (Type III Anonymous remailer)
http://mixminion.net/

Clearly Mixminion is technically superior, but its code is still under development. For the moment it would be safer to stick to Mixmaster.
Mixmaster is also a server/client program. It is the software which allows you to run a remailer, but with it you can also send anonymous emails using the chains of existing type II anonymous remailers.


PINGER

Echolot
http://www.palfrader.org/echolot/

A Pinger in the context of anonymous remailers is a program that regularily sends messages through remailers to check their reliability. It then calculates reliability statistics which are used by remailer clients to choose the chain of remailers to use.

NYMSERVER

Nymserv
http://sourceforge.net/projects/nymserv

Pseudonymous remailers, called "nym servers", take messages addressed to the pseudonym (an email address in the form of someone AT nymserver DOT com) and send them to the pseudonym's 'real' email address or post them to newsgroups (such as alt.anonymous.messages), while forwarding messages addressed to others as though from pseudonym's address on the server. Unlike truly anonymous email, replies can be sent to the pseudonymous sender, and the pseudonyms can establish digital reputations.

MAIL2NEWS

Mixmaster includes support for Usenet posting, but doesn't have this functionality in-built. It can either pass messages to a Mail2News gateway, or to a locally run posting program.
Check http://www.bananasplit.info/mixmaster/ for choosing the best option and the related applications to include.

jebba wrote:
As for filesystem encryption on BLAG, I wrote up this: http://wiki.blagblagblag.org/Encrypting_Root_Filesystem

It is not easy and you have to know about encryption and filesystems in general. Hopefully, someday it will be able to encrypt right from the installer.


Yes, I did know about your very useful guide for filesystem encryption. Many more famous and well established distros make reference to it. Certainly, the possibility of choosing to encrypt partitions from the installer would be ueber cool. To my knowledge, only Suse 9.3 currently supports this option.

Thanks for your attention and for providing such a great distro!

jebba
PostPosted: Sun Aug 07, 2005 12:18 am    Post subject: Reply with quote

Anonymous wrote:
I wasn't too confortable with the Bugzilla interface so I'm posting here the references you have requested. Hope it's okay.


No problem, bugzilla is a bit overwhelming somtimes. ;)

Anonymous wrote:
ANONYMOUS REMAILER

Mixmaster (Type II Anonymous remailer)
http://mixmaster.sourceforge.net/

Mixminion (Type III Anonymous remailer)
http://mixminion.net/

Clearly Mixminion is technically superior, but its code is still under development. For the moment it would be safer to stick to Mixmaster.


I'd rather go for mixminion if it is the "future".

Anonymous wrote:
NYMSERVER

Nymserv
http://sourceforge.net/projects/nymserv


There doesn't appear to be any source code there, nor a web page. Just a kinda empty SF page.

Anonymous wrote:
MAIL2NEWS


Usenet? That still exists? ;) I'd kinda think it would be worth leaving out since it's pretty Internet 0.2.

Later,

-Jeff

Guest
PostPosted: Sun Aug 07, 2005 2:15 am    Post subject: Reply with quote

jebba wrote:
I'd rather go for mixminion if it is the "future".


It is your choice of course, but at the moment Mixminion looks more like a concept with very little practical use... While Mixmaster has been extensively tested. Also, due to the fact that Mixminion is in a testing phase, some security features are NOT implemented. And nobody is going to put up an anonymous remailer that falls below the reasonable standards of security and reliability. And today Mixminion does not provide these standards.

Anonymous wrote:
NYMSERVER

Nymserv
http://sourceforge.net/projects/nymserv


jebba wrote:
There doesn't appear to be any source code there, nor a web page. Just a kinda empty SF page.


Sorry, I posted a link without fully checking it... You can obtain the source of the original software (Nymserv was a modification) by mailing source AT nym DOT alias DOT net BUT as far as I know the code you'll get doesn't natively support GnuPG but only PGP 2.x. It is not a tragedy, though. At the moment the existing nym servers seem to be enough. What we really need are basic anonymous remailer. You can skip it.

Anonymous wrote:
MAIL2NEWS


jebba wrote:
Usenet? That still exists? ;) I'd kinda think it would be worth leaving out since it's pretty Internet 0.2.


I'll take it as a joke... No seriously, Usenet is VERY alive and it is fundamental for any decent remailer. Most people using Nym servers don't provide a real email address at the end of the chain of anonymous remailer because it could potentially reveal their identity (even a pesudo-anonymous hotmail address is considered insecure) but choose instead to post their encrypted messages to a dedicated newsgroup (alt.anonymous.messages... Have a look!).

On a side note, Usenet at the moment is perhaps the last free corner of the Internet where profit-driven corporations and authoritarian regimes haven't infiltrated... yet =(

jebba
PostPosted: Sun Aug 07, 2005 2:25 am    Post subject: Reply with quote

Anonymous wrote:
jebba wrote:
I'd rather go for mixminion if it is the "future".


It is your choice of course, but at the moment Mixminion looks more like a concept with very little practical use... While Mixmaster has been extensively tested. Also, due to the fact that Mixminion is in a testing phase, some security features are NOT implemented. And nobody is going to put up an anonymous remailer that falls below the reasonable standards of security and reliability. And today Mixminion does not provide these standards.


Ok, I'll go for the stable one. ;) I haven't looked at any of this code yet, btw.

Anonymous wrote:
Anonymous wrote:
NYMSERVER

Nymserv
http://sourceforge.net/projects/nymserv


jebba wrote:
There doesn't appear to be any source code there, nor a web page. Just a kinda empty SF page.


Sorry, I posted a link without fully checking it... You can obtain the source of the original software (Nymserv was a modification) by mailing source AT nym DOT alias DOT net BUT as far as I know the code you'll get doesn't natively support GnuPG but only PGP 2.x. It is not a tragedy, though. At the moment the existing nym servers seem to be enough. What we really need are basic anonymous remailer. You can skip it.


Skipping.

Anonymous wrote:
MAIL2NEWS


Anonymous wrote:
jebba wrote:
Usenet? That still exists? ;) I'd kinda think it would be worth leaving out since it's pretty Internet 0.2.


I'll take it as a joke... No seriously, Usenet is VERY alive and it is fundamental for any decent remailer. Most people using Nym servers don't provide a real email address at the end of the chain of anonymous remailer because it could potentially reveal their identity (even a pesudo-anonymous hotmail address is considered insecure) but choose instead to post their encrypted messages to a dedicated newsgroup (alt.anonymous.messages... Have a look!).

On a side note, Usenet at the moment is perhaps the last free corner of the Internet where profit-driven corporations and authoritarian regimes haven't infiltrated... yet =(


Ok, I'll include it. :)

Don't hold your breath for these to be packaged in the next day or anything. It's a bit longer term, but they'll get there eventually. If you find them packaged on Dag, fedora-extras, Freshrpms, ATrpms, etc. including them from there will make it go much faster.

-Jeff

Display posts from previous:   
Post new topic   Reply to topic    BLAG Forum Index -> open discussion
Page 1 of 1

Protected by Anti-Spam ACP