Account Options

  1. Sign in
Google Groups Home
« Groups Home
soc.culture.iranian
+ new post
About this group
Subscribe to this group
This is a Usenet group - learn more
View this group in the new Google Groups
Post to USENET using anonymous, GPG/PGP encrypted email (#iranelection #neda)
Options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
flag
   1 message - Collapse all  -  Translate all to Translated (View all originals)
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
noauth  
View profile  
 More options Jun 24 2009, 2:15 pm
Newsgroups: soc.culture.iranian
From: noauth <Use-Author-Supplied-Address-Header@[127.1]>
Date: Wed, 24 Jun 2009 20:15:10 +0200 (CEST)
Local: Wed, Jun 24 2009 2:15 pm
Subject: Post to USENET using anonymous, GPG/PGP encrypted email (#iranelection #neda)
Print | Individual message | Show original | Report this message | Find messages by this author
How to post to Google Groups (old USENET) and send email anonymously
using GPG encryption and anonymous remailer chains (see also
http://email.about.com/cs/anonemailtips/qt/et041304.htm). If done
thoughtfully and carefully, this provides a Twitter-like
communications capability but with a secure (encrypted), anonymous
email channel and no character limit. You can even attach
photographs. Use the Twitter hashtag convention (#iranelection #neda)
for easy searchability at Google Groups
(http://groups.google.com/). Depending upon the remailer chain used,
there will be a time lag of one or more hours before your message
appears. This channel is not secure if your computer is susceptible to
keystroke logging.

0. Setup

0.0 Tools you need: A simple text editor (e.g. Wordpad on Windows,
TextEdit on Mac OS X, Emacs on Linux), GPG (GNU Privacy Guard,
http://www.gnupg.org/download/), a web browser. Use program fwipe
(Linux, Mac, http://freshmeat.net/projects/fwipe/) or Eraser (Windows,
http://www.heidi.ie/node/6) to securely delete files from your hard
drive -- unsecurely deleted files can easily be recovered from your
physical hard drive, even if the data has been written over once.  Use
the program md5 or equivalent to verify the authenticity of downloaded
software. If you want to attach photographs, use the program uuencode,
included on Mac and Linux, download for windows.

0.1 Depending on security and availability, choose whether to use a
direct internet connection (fast ethernet) or a dialup connection
(slow phone). It is very easy to monitor unencrypted communications on
both of these. For phone connections, use a trusted dialup number
outside the country. In either case, USE AN ANONYMOUS PROXY SERVER to
browse to your intended web site (e.g. TOR,
http://www.torproject.org/, or email m...@austinheap.com -- encourage
Austin and others to use GPG-encrypted emails). Learn how to use GPG
public key encryption (http://www.gnupg.org/documentation/index.en.html).

0.2 Download and install GPG from http://www.gnupg.org/download/ or a
mirror. If the MD5 hash of the downloaded file is available, verify
the authenticity of the file you downloaded using (on Linux) the
command

% md5 file.zip
MD5 (./file.zip) = 9b53ca8da2922ebb7b59115bca74328e

and compare the resulting 32 byte result to the published, authentic MD5 hash.

1. Secure Your Message

1.0 Write your message using your text editor in the file, say,
message.txt. Import any photos using the ASCII output from the
uuencode command, which looks like this on Linux:

% uuencode -o photo.txt my_source_photo_file.jpg my_destination_photo_name.jpg

1.1 Format your unencrypted for transmission using an anonymous
remailer chain
(http://email.about.com/cs/anonemailtips/qt/et041304.htm,
http://www.anonymous.to/anonymous_email/cypherpunk.html,
http://www.bananasplit.info/m2n.html,
http://feraga.com/library/howto_use_a_type_i_anonymous_remailer_cyphe...
http://www.faqs.org/faqs/privacy/anon-server/faq/use/part3/section-3....). If
you want to post to the USENET group soc.culture.iranian on the date
2009-06-24, your message should look like this. Use this exact format
-- any mistake in your formatting and the remailer will not know how
to read or send your message. The Latent-Time field (hr:mn format,
with a 'r' added for a random time between 0:00 and the time you
specify) adds some extra time before your message is sent to hinder
traffic analysis (comparing when your message was sent, which can be
determined, from when it appears, which may be determined) -- use
different amounts of time for each message.

------------------ begin message.txt ------------------
::
Anon-To: mail2news_nospam-20090624-soc.culture.iran...@m2n.mixmin.net
Latent-Time: +0:01r

##
Subject: An informative subject with hash tags (#iranelection #neda)

Type your message your here, perhaps with hash tags (#iranelection
#neda). Small photo attachments can be included using the uuencode-d
ASCII text from the file photo.txt above:

begin 644 my_destination_photo_name.jpg
M+2TM+2U"14=)3B!01U`@34534T%'12TM+2TM"E9E<G-I;VXZ($=N=5!'('8Q
M+C0N,R`H1TY5+TQI;G5X*0H*:$EW1$YE571(8FYE.41K0D$O.61R=$PO3S!6
M3W1N+V1:>D%W-DA%9$53:BMS62]K=W!M-CDT,50S5'IB6E=+=PI924-!0FQ&
M0U=X;V%+96Y#3T1P<EIH87I&=E!5:5(T1E,X;')*=T1%;6=:-&0Y97!.>5IV
M;FM'2FTX3DE02EIV"E=S=5@R+T%:4S=H:'AD4V9O.%1"1$EW;4Q-,CEL,'<]
A"CUX4S!H"BTM+2TM14Y$(%!'4"!-15-304=%+2TM+2T*
`
end

------------------- end message.txt -------------------

1.2 Encryption Chain for Anonymous Remailers

1.2.1 First Encryption. The message above will be emailed and posted
anonymously when it is sent to one of the anonymous remailers, BUT IT
IS NOT SECURE -- anyone monitoring your internet connection can
intercept it. To securely encrypt your message, you'll need to use the
public key from one of the anonymous remailers to which you will email
your message. Look at the most recent remailer reliability statistics
(Google "Remailer Reliability Stats", http://www.noreply.org/echolot/rlist.html,
http://stats.melontraffickers.com/rlist.html), choose a reliable one
based upon (1) the flag pgponly in their $remailer properties list;
(2) their previous history. Retrieve the remailer's key by sending
it the email, say:

To: mixmas...@remailer.cyberiade.it
Subject: remailer-key
<No body>

Some remailer choices are:

mixmas...@remailer.cyberiade.it
remai...@mangrin.org
a...@remailer.gabrix.ath.cx
mixmas...@firenze.linux.it
remai...@kroken.dynalias.com

If the remailer is up, you should receive, probably in a few seconds
to a few hours, the message:

------------------ begin text ------------------
$remailer{"cyberiad"} = "<mixmas...@remailer.cyberiade.it> cpunk max mix pgp pgponly repgp remix latent hash cut test ek ekx esub inflt50 rhop5 reord post";

Here is the RSA PGP key:

Type Bits/KeyID     Date       User ID
pub  1024R/7DFEC1B9 2006-09-11 Cyberiade.it Anonymous Remailer <mixmas...@remailer.cyberiade.it>

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: Mixmaster 3.0b2 (OpenPGP module)

mQCNA0UE/x4AAAEEAKe6Oc1dgcLcWgZW2CbxmoQWFoKeOAJOwrjb5cYUv8+Q92h2
og3uosjF8KvU/ilQ8tC2BHWavAh98+TxFVIhbgf7z160Z62RELZ0TUm3fuWv6lpN
GGLLHuWtGRErN6P5j1n1eu1B9h4B9vQMWmIt8n9LccvMjkok6HgrDDB9/sG5AAUR
tEFDeWJlcmlhZGUuaXQgQW5vbnltb3VzIFJlbWFpbGVyIDxtaXhtYXN0ZXJAcmVt
YWlsZXIuY3liZXJpYWRlLml0PokAlQMFEEUE/x54Kwwwff7BuQEB7IMD+wb3UdB6
vxsu4l8R62lPkPudu/pDfL8t+QZ3rd24UdjHvf2mF0/51cevbfsP9c/AhfrnpvUY
jpxZ5mrgCkkeNzknUnk1MF/L1UyHAkqKKnF2rw+voaOtkFjDd1midf9aEWQ0wX/S
DgDXkhxZ5wdAK8Jv7xhImHxn63adNsgUEE8+iQEcBBABAgAGBQJFBQAiAAoJEHCk
r+X+kMzIcDYIAJwJj/B7rB4RToF+yyYpTqkNQIHhyjji2G1a3O1IbYV3Hhvhs8Cq
0GzXNQ+My+tiNXKURa/ZeJekHwbEOPPT7uNAgsT9bW6CQF97OhHoMBr6xkDRfU+N
e/FSQw9yqVaIRtT4SVDGQVTaF3s2PiTPyetrHsEDGFtA6KayYiJC+WXgZ1BEFGnV
il1Qkc9DVYHNr/6RqCYSrm0xN1iOnOqb4ZPiSII7AZuOMO0BhuaQ7pH+OlcJ3p04
KJ4R/hxgGf68wGGDwEvW/4h06n3wxpEb6eG1X6ezyH7xj8Bw5B5SamBX7FNHa6Uj
HwIh4B1JVVfYk16nuhH2zDZalvudpferxqs=
=GV1H
-----END PGP PUBLIC KEY BLOCK-----

Here is the DSA PGP key:
 . . . . . . . . . . . . . . . . . . . . . . . .
------------------- end text -------------------

The "PGP PUBLIC KEY BLOCK" is the digital key you will use to "lock"
(encrypt) your message. The remailer has a secret, unique, tightly
held, PRIVATE key block that is the only key that can be used to
"unlock" (decrypt) your message. This remailer uses a 1024 bit key,
which is very difficult to break. Save the remailer's email reply to a
file, say, key.txt.

Now use GPG to import the remailers key into your keychain and encrypt
your message to send to the remailer mixmas...@remailer.cyberiade.it with the
(Linux) command:

% gpg --import key.txt
% gpg -ea --recipient mixmas...@remailer.cyberiade.it --output message.txt.gpg message.txt

(Answer 'y' to the GPG queries about the authenticity of the key if
you obtained it over an anonymous proxy.) The only people that will be
able to decrypt this encrypted message are those who have access to
the remailer's *private* key (*not* the public key that you just used
to encrypt, or someone who has the resources to break this
cryptographically strong PGP code.) If you use two or more remailers,
no remailer will be able to determine simultaneously the source of the
message and its content, and only the last remailer in the chain will
have access to the message itself.

1.2.2 First Remailer Message. Format your encrypted message to send to
the anonymous remailer. You should *only* use remailers that accept
"pgponly" -- any unencrypted email sent to these remailers will be
ignored.  The message body to the pgponly remailer (in this case
mixmas...@remailer.cyberiade.it) should look like:

------------------ begin message.txt ------------------
::
Encrypted: PGP

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.3 (GNU/Linux)

hIwDNeUtHbne9DkBA/9drtL/O0VOtn/dZzAw6HEdESj+sY/kwpm6941T3TzbZWKw
nJM8785ZEtXQ03qGEMx/J29MgGxFTgeQjOiKmosjJibTyboppu9Jd8dEmKAjwJVh
BCp5hdxXyqGl4k4VDpZJnNZM0OcMjg+8FyUhGhzqZ5vK8vLD8K6WucalYWl4tsl3
YICABlFCWxoaKenCODprZhazFvPUiR4FS8lrJwDEmgZ4d9epNyZvnkGJm8NIPJZv
zG0XGeM8ROXYMevETo6N03eD8eGKjcFe84Rw8KGU5tex/G7Uvl6q6YxYVN4y7qlD
WsuX2/AZS7hhxdSfo8TBDIwmLM29l0w=
=xS0h
-----END PGP MESSAGE-----

------------------- end message.txt -------------------

1.2.3 Second Encryption. For additional security, you can repeat the
first encryption process with a *second* independent, anonymous
remailer, preferably from another country. Your encrypted message will
first be sent to the second remailer, decrypted by it, (revealing the
encrypted text above for the first remailer), sent to the first
remailer, decrypted, then sent to your original Anon-To: recipient, in
this case a mail2news gateway that will result in a post on Google
Groups. This second encryption process can be repeated the third,
fourth, etc. time, but a remailer chain more than two or three links
long is more likely to break, resulting in the loss of your message,
and will have a longer latency. For the second encryption, choose
another remailer, say, remai...@mangrin.org, get their key, import it
to your keychain, and encrypt the following message, pasted from the
one immediately above:

------------------ begin message.txt ------------------
::
Anon-To: mixmas...@remailer.cyberiade.it
Latent-Time: +0:02r

::
Encrypted: PGP

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.3 (GNU/Linux)

hIwDNeUtHbne9DkBA/9drtL/O0VOtn/dZzAw6HEdESj+sY/kwpm6941T3TzbZWKw
nJM8785ZEtXQ03qGEMx/J29MgGxFTgeQjOiKmosjJibTyboppu9Jd8dEmKAjwJVh
BCp5hdxXyqGl4k4VDpZJnNZM0OcMjg+8FyUhGhzqZ5vK8vLD8K6WucalYWl4tsl3
YICABlFCWxoaKenCODprZhazFvPUiR4FS8lrJwDEmgZ4d9epNyZvnkGJm8NIPJZv
zG0XGeM8ROXYMevETo6N03eD8eGKjcFe84Rw8KGU5tex/G7Uvl6q6YxYVN4y7qlD
WsuX2/AZS7hhxdSfo8TBDIwmLM29l0w=
=xS0h
-----END PGP MESSAGE-----

------------------- end message.txt -------------------

% gpg --import key.txt
% gpg -ea --recipient remai...@mangrin.org --output message.txt.gpg message.txt

1.2.4 Second Remailer Message. Format your encrypted message to send
to the second anonymous remailer, in this example to
remai...@mangrin.org. The email message should look like:

To: remai...@mangrin.org
Subject: <empty>
------------------ begin body ------------------
::
Encrypted: PGP

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.3 (GNU/Linux)

hIwDOzGW2RFRuwkBA/96M+wsYKTu027x4VfFoJH16nG2DfWQsv8g85zXo7fcbc21
/bx9gm+Cv+zhZrImpIljAQZCAMSQN7xOgPBYMD0/F9nx0AnhII1Nby9vtrq7WvC5
oI8oLJLVAxIWY3d610PVBMPLETqW62sesu0uOOIegc57USztHnTq7DiBjHOxuMnB
Dm/vZdsBy75QPTNLiEzjwL6SwGDior46wmiarHVD0AJ/cUNeY4wON/pawPsxTKwG
oDibp1ETNQY6xtc7DRD4qFtyQO6EPB/lbuEPc24hwIAYr/9MYhl3kgWaIRyderLS
mkQ7LUzkVWC9vCUpax+VGVd4E4FNB/r195gpo2fkTAaJxPKazL/J5zTsg+amp0kH
+Ih7FwiTvB1N7UZmbej5yCoKJ0fila2fZN/wYgt2bg6MBGbYFru3WpaZzAwadK2E
QTXZ8tqUzhcRhjFgGt3qFTWyEzYS7W2Asz36nFsUNOL5aRyyMB/ZCE6pUz+YR8+y
57ltZKo6qL30ND8tiFkXeiCIkBHnO3VRlXRgiC9gQthpuppCbHdCEDzsH+Ps4Tp9
HuPit5rifYDVNUvhvsKVjQtkeIPzWfD1IZK7+T1iJ7VtGusMHsDA5AONEjpjFVaQ
Rs6xTYVy2rQSSKzNRJBnV0e2GSizzN7XX8nxyG8AenjeXMzb2NaBgF1xM6p6CO3m
0dNDEgTbyaas7jFovKRFKQiQda2FUizXodjMTlgHSKovv57mnGGA6mozrdCIWTSP
aLhKU8SYDpM70ZVICWSz1ih9HsAsjQgGUqJUL+Ry6A==
=ohYQ
-----END PGP MESSAGE-----

------------------- end body -------------------

2. From your mail server across an anonymous proxy server, email the
encrypted message you created in step 1.2.4. If you formatted
everything correctly and the remailers and mail2news gateway are up,
your message should appear after the cumulative latency that you
specified in your encrypted messages.

This post was generated in exactly this way, which, if you are reading
it, is proof that it works.

3. Secure clean up using fwipe or eraser. Using fwipe on Linux:

% fwipe message.txt
% fwipe key.txt
% gpg --delete-keys mixmas...@remailer.cyberiade.it remai...@mangrin.org

If you copy-and-pasted your edits above (C-c C-v), then highlight and
copy some innocuous text to clear the copy buffer of any sensitive
information. Quit from all your applications and reboot your computer.

You can add other useful features this to the basic GPG functionality
described in this post, like generating a private key that identifies
you personally and with which you can digitally sign your messages --
anyone with access to your public key can verify that the message came
from you.  You can also encrypt a return email address and send it
along to your final email recipient, who can then use that encrypted
PGP block to reply to you using the anonymous remailer chain. However,
each of these features have obvious security holes: if your physical
computer or storage is ever compromised and someone takes your private
key, they will be able to identify any messages signed by you.

There are also several tools that automate this process, but at the
cost of you not really thinking about the security inherent in each
step.

The bottom line is to use these tools thoughtfully and be aware of
what you are doing.


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
End of messages
« Back to Discussions « Newer topic     Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2012 Google