BLAG

BLAG Forums
It is currently Fri Dec 19, 2014 9:29 am

All times are UTC




Post new topic Reply to topic  [ 10 posts ] 
Author Message
PostPosted: Thu Aug 04, 2005 9:56 pm 
Offline

Joined: Thu Aug 04, 2005 9:33 pm
Posts: 1
A few weeks ago, after the violation of the cryptographic services offered by the Autistici/Inventati server by the Italian police and the more recent and misterious "unauthorized hardware manipulation" of the Antani remailer's server, Punto Informatico, Italy's most popular Internet magazine, published a reader's proposal for a Linux/*BSD distro able to provide an easy and secure solution for those interested in turning their machines in anonymous remailers. What the author of the article dreams about is essentially a "remailer in a can," an idea that already appeared in remailer operators' mailing lists a few years ago, but that was not able to stimulate enough interest in the community of developers that may still not know about it.

There is no need to say that with more people running anonymous remailers the quality of the anonymous network would greatly improve, thus making attacks way more difficult.
The fact that people could run anonymous remailers at their houses would also reduce the danger of physical violations: while the likelihood of a violation stays the same, its damage is drastically diminished as the remailer operator can quickly notify users of the incident. On the contrary, Autistici/Inventati, whose server was remotely hosted by a private company, knew of the police violation only ONE year later.

I believe that there is a great need for a distribution that can make people run an anonymous remailer easily and reliably. Could BLAG do it?

Currently there are about 40 anonymous remailers in the world, distributed in various countries. Imagine how many could be added with a distro that would make the installing and maintenance of an anonymous remailer dead easy!


Links of Reference
On the Autistici Inventati violation: http://makeashorterlink.com/?Y6F424E8B
On the Antani manipulation: http://makeashorterlink.com/?H20522E8B
Punto Informatico article: http://makeashorterlink.com/?X11525E8B (in Italian)


Top
 Profile  
 
 Post subject:
PostPosted: Fri Aug 05, 2005 2:07 am 
Offline
Site Admin

Joined: Sun Mar 14, 2004 3:17 pm
Posts: 4492
Location: Loveland, Colorado, USA
I support the idea of being able to use the 'net anonymously (and most blaggers probably do too), but how would spam abuse be prevented?

Also, how would this technically be implemented? I suppose I should do some reading... :)

-Jeff


Top
 Profile  
 
 Post subject:
PostPosted: Fri Aug 05, 2005 2:34 am 
Offline
Site Admin

Joined: Sun Mar 14, 2004 3:17 pm
Posts: 4492
Location: Loveland, Colorado, USA
Also, I remember a distribution that's goal is anonymous/secure stuff. I came across it when reading about Tor ( http://tor.eff.org/ ), but I don't remember its name. Some googling should find it.

-Jeff


Top
 Profile  
 
 Post subject:
PostPosted: Fri Aug 05, 2005 3:34 pm 
jebba wrote:
I support the idea of being able to use the 'net anonymously (and most blaggers probably do too), but how would spam abuse be prevented?


Remailing software generally has spam and flood filters. Of course, it would be utopian to say that such filters block every case of abuse, but it must be said that spammers do not seem to use anonymous remailers. I do not have statistical evidence to support my assertion, but given the strict limits imposed by remailer operators on the number of addresses in headers and crosspost, anonymous remailers do not appear as the favourite tool of spammers. And more empirically, in my 8 years of Internet use I have never received spam coming from anonymous remailers (mail coming from anonymous remailers is easily recognizable looking at the sender's address which may for example state "dingo, anonymous remailer").

jebba wrote:
Also, how would this technically be implemented? I suppose I should do some reading... :)


Well, the distribution should include the tools necessary to run a remailer, which essentially means GnuPG/PGP, a remailer (such as Mixmaster and/or Mixminion), mail2news gateways, pinger services. Ideally, a way to easily configure the various services should be implemented. Having an encrypted filesystem would be a great plus.

Wikipedia has a good section on anonymous remailers and Mixmaster has a great FAQ.
http://en.wikipedia.org/wiki/Anonymous_Remailer
http://mixmaster.sourceforge.net/faq.shtml


Top
  
 
 Post subject:
PostPosted: Fri Aug 05, 2005 3:39 pm 
jebba wrote:
Also, I remember a distribution that's goal is anonymous/secure stuff. I came across it when reading about Tor ( http://tor.eff.org/ ), but I don't remember its name. Some googling should find it.


I don't know if you are referring to this, but yesterday I came across a great project that unfortunately seems to have slowed down recently and has never released any information publicly.
It's called Privacy BOX and looks very promising.
http://www.winstonsmith.info/pbox/index-e.html


Top
  
 
 Post subject:
PostPosted: Fri Aug 05, 2005 8:00 pm 
Offline
Site Admin

Joined: Sun Mar 14, 2004 3:17 pm
Posts: 4492
Location: Loveland, Colorado, USA
Anonymous wrote:
jebba wrote:
I support the idea of being able to use the 'net anonymously (and most blaggers probably do too), but how would spam abuse be prevented?


Remailing software generally has spam and flood filters. Of course, it would be utopian to say that such filters block every case of abuse, but it must be said that spammers do not seem to use anonymous remailers. I do not have statistical evidence to support my assertion, but given the strict limits imposed by remailer operators on the number of addresses in headers and crosspost, anonymous remailers do not appear as the favourite tool of spammers. And more empirically, in my 8 years of Internet use I have never received spam coming from anonymous remailers (mail coming from anonymous remailers is easily recognizable looking at the sender's address which may for example state "dingo, anonymous remailer").


Good to hear. :)

Anonymous wrote:
jebba wrote:
Also, how would this technically be implemented? I suppose I should do some reading... :)


Well, the distribution should include the tools necessary to run a remailer, which essentially means GnuPG/PGP, a remailer (such as Mixmaster and/or Mixminion), mail2news gateways, pinger services. Ideally, a way to easily configure the various services should be implemented. Having an encrypted filesystem would be a great plus.

Wikipedia has a good section on anonymous remailers and Mixmaster has a great FAQ.
http://en.wikipedia.org/wiki/Anonymous_Remailer
http://mixmaster.sourceforge.net/faq.shtml


Ok, if you post some URLs to specific applications you want included, that would be cool. Or even better, you can put it in bugzilla: http://bugzilla.blagblagblag.org which will pester me until it's done. ;) Even if it doesn't fit on the CD, we could put it in the repository for easy apt-getting.

As for filesystem encryption on BLAG, I wrote up this: http://wiki.blagblagblag.org/Encrypting_Root_Filesystem

It is not easy and you have to know about encryption and filesystems in general. Hopefully, someday it will be able to encrypt right from the installer.

Thanks,

-Jeff


Top
 Profile  
 
 Post subject:
PostPosted: Fri Aug 05, 2005 10:55 pm 
jebba wrote:
Ok, if you post some URLs to specific applications you want included, that would be cool. Or even better, you can put it in bugzilla: http://bugzilla.blagblagblag.org which will pester me until it's done. ;) Even if it doesn't fit on the CD, we could put it in the repository for easy apt-getting.


I wasn't too confortable with the Bugzilla interface so I'm posting here the references you have requested. Hope it's okay.

ANONYMOUS REMAILER

Mixmaster (Type II Anonymous remailer)
http://mixmaster.sourceforge.net/

Mixminion (Type III Anonymous remailer)
http://mixminion.net/

Clearly Mixminion is technically superior, but its code is still under development. For the moment it would be safer to stick to Mixmaster.
Mixmaster is also a server/client program. It is the software which allows you to run a remailer, but with it you can also send anonymous emails using the chains of existing type II anonymous remailers.


PINGER

Echolot
http://www.palfrader.org/echolot/

A Pinger in the context of anonymous remailers is a program that regularily sends messages through remailers to check their reliability. It then calculates reliability statistics which are used by remailer clients to choose the chain of remailers to use.

NYMSERVER

Nymserv
http://sourceforge.net/projects/nymserv

Pseudonymous remailers, called "nym servers", take messages addressed to the pseudonym (an email address in the form of someone AT nymserver DOT com) and send them to the pseudonym's 'real' email address or post them to newsgroups (such as alt.anonymous.messages), while forwarding messages addressed to others as though from pseudonym's address on the server. Unlike truly anonymous email, replies can be sent to the pseudonymous sender, and the pseudonyms can establish digital reputations.

MAIL2NEWS

Mixmaster includes support for Usenet posting, but doesn't have this functionality in-built. It can either pass messages to a Mail2News gateway, or to a locally run posting program.
Check http://www.bananasplit.info/mixmaster/ for choosing the best option and the related applications to include.

jebba wrote:
As for filesystem encryption on BLAG, I wrote up this: http://wiki.blagblagblag.org/Encrypting_Root_Filesystem

It is not easy and you have to know about encryption and filesystems in general. Hopefully, someday it will be able to encrypt right from the installer.


Yes, I did know about your very useful guide for filesystem encryption. Many more famous and well established distros make reference to it. Certainly, the possibility of choosing to encrypt partitions from the installer would be ueber cool. To my knowledge, only Suse 9.3 currently supports this option.

Thanks for your attention and for providing such a great distro!


Top
  
 
 Post subject:
PostPosted: Sun Aug 07, 2005 12:18 am 
Offline
Site Admin

Joined: Sun Mar 14, 2004 3:17 pm
Posts: 4492
Location: Loveland, Colorado, USA
Anonymous wrote:
I wasn't too confortable with the Bugzilla interface so I'm posting here the references you have requested. Hope it's okay.


No problem, bugzilla is a bit overwhelming somtimes. ;)

Anonymous wrote:
ANONYMOUS REMAILER

Mixmaster (Type II Anonymous remailer)
http://mixmaster.sourceforge.net/

Mixminion (Type III Anonymous remailer)
http://mixminion.net/

Clearly Mixminion is technically superior, but its code is still under development. For the moment it would be safer to stick to Mixmaster.


I'd rather go for mixminion if it is the "future".

Anonymous wrote:


There doesn't appear to be any source code there, nor a web page. Just a kinda empty SF page.

Anonymous wrote:
MAIL2NEWS


Usenet? That still exists? ;) I'd kinda think it would be worth leaving out since it's pretty Internet 0.2.

Later,

-Jeff


Top
 Profile  
 
 Post subject:
PostPosted: Sun Aug 07, 2005 2:15 am 
jebba wrote:
I'd rather go for mixminion if it is the "future".


It is your choice of course, but at the moment Mixminion looks more like a concept with very little practical use... While Mixmaster has been extensively tested. Also, due to the fact that Mixminion is in a testing phase, some security features are NOT implemented. And nobody is going to put up an anonymous remailer that falls below the reasonable standards of security and reliability. And today Mixminion does not provide these standards.

Anonymous wrote:


jebba wrote:
There doesn't appear to be any source code there, nor a web page. Just a kinda empty SF page.


Sorry, I posted a link without fully checking it... You can obtain the source of the original software (Nymserv was a modification) by mailing source AT nym DOT alias DOT net BUT as far as I know the code you'll get doesn't natively support GnuPG but only PGP 2.x. It is not a tragedy, though. At the moment the existing nym servers seem to be enough. What we really need are basic anonymous remailer. You can skip it.

Anonymous wrote:
MAIL2NEWS


jebba wrote:
Usenet? That still exists? ;) I'd kinda think it would be worth leaving out since it's pretty Internet 0.2.


I'll take it as a joke... No seriously, Usenet is VERY alive and it is fundamental for any decent remailer. Most people using Nym servers don't provide a real email address at the end of the chain of anonymous remailer because it could potentially reveal their identity (even a pesudo-anonymous hotmail address is considered insecure) but choose instead to post their encrypted messages to a dedicated newsgroup (alt.anonymous.messages... Have a look!).

On a side note, Usenet at the moment is perhaps the last free corner of the Internet where profit-driven corporations and authoritarian regimes haven't infiltrated... yet =(


Top
  
 
 Post subject:
PostPosted: Sun Aug 07, 2005 2:25 am 
Offline
Site Admin

Joined: Sun Mar 14, 2004 3:17 pm
Posts: 4492
Location: Loveland, Colorado, USA
Anonymous wrote:
jebba wrote:
I'd rather go for mixminion if it is the "future".


It is your choice of course, but at the moment Mixminion looks more like a concept with very little practical use... While Mixmaster has been extensively tested. Also, due to the fact that Mixminion is in a testing phase, some security features are NOT implemented. And nobody is going to put up an anonymous remailer that falls below the reasonable standards of security and reliability. And today Mixminion does not provide these standards.


Ok, I'll go for the stable one. ;) I haven't looked at any of this code yet, btw.

Anonymous wrote:
Anonymous wrote:


jebba wrote:
There doesn't appear to be any source code there, nor a web page. Just a kinda empty SF page.


Sorry, I posted a link without fully checking it... You can obtain the source of the original software (Nymserv was a modification) by mailing source AT nym DOT alias DOT net BUT as far as I know the code you'll get doesn't natively support GnuPG but only PGP 2.x. It is not a tragedy, though. At the moment the existing nym servers seem to be enough. What we really need are basic anonymous remailer. You can skip it.


Skipping.

Anonymous wrote:
MAIL2NEWS


Anonymous wrote:
jebba wrote:
Usenet? That still exists? ;) I'd kinda think it would be worth leaving out since it's pretty Internet 0.2.


I'll take it as a joke... No seriously, Usenet is VERY alive and it is fundamental for any decent remailer. Most people using Nym servers don't provide a real email address at the end of the chain of anonymous remailer because it could potentially reveal their identity (even a pesudo-anonymous hotmail address is considered insecure) but choose instead to post their encrypted messages to a dedicated newsgroup (alt.anonymous.messages... Have a look!).

On a side note, Usenet at the moment is perhaps the last free corner of the Internet where profit-driven corporations and authoritarian regimes haven't infiltrated... yet =(


Ok, I'll include it. :)

Don't hold your breath for these to be packaged in the next day or anything. It's a bit longer term, but they'll get there eventually. If you find them packaged on Dag, fedora-extras, Freshrpms, ATrpms, etc. including them from there will make it go much faster.

-Jeff


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 10 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group