Location-anonymous group voice chat this Friday

[David Huerta]

Hey all,

I mentioned this to Ryan and Jeremy, but for e'rebody else: I'm working on a project involving the idea of location-anonymous voice communication using mumble (http://mumble.sourceforge.net/) in tcp-only mode over tor (https://www.torproject.org/) and wrapped in 256-bit AES encryption. It will be demoed at the ITP Camp Shindig on Friday (tomorrow) at 7pm|et in NYC. The installation will basically be a weird monolith that looks like one of these: http://images.wikia.com/evangelion/images/4/4d/Seele_meeting_Ikari.png, a headset attached to a netbook and a prism on the floor attached to a pressure sensor which emulates the press-to-talk key for mumble (step on PRISM to communicate anonymously).

Anyway, it'd be cool if people checking it out could have other folks in the anonymous group chat to talk to, and you're all peeps I like having conversations with in particular, so if you want to join in, that'd be awesome!

To join, you'll want to install tor, mumble, and set mumble to Force TCP mode in advanced network settings (UDP is completely rejected from this mumble server). Server deets for mumble are:

IP: 54.251.183.65
Port: 8080
Room Name: SCHISM

Call me [anonymously] maybe?

--

david [.dh] huerta

davidhuerta.me

[Jasper Nance]

omg that is so sexy looking. Its like some dark brotherhood of phone calls

--
You received this message because you are subscribed to the Google Groups "HeatSync Labs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to heatsynclabs...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

--
----------------------------------------------
Jasper Nance - KE7PHI
Creative and Scientific Imagery
http://www.nebarnix.com/

[Corey Renner]

Yeah, but have you thought about how this project can be used for evil purposes?  Huerta is probably going to use it to Rickroll with impunity.

c

http://coreyrenner.tumblr.com/

[Jasper Nance]

We need to clone Rick Astley so one can stand at each little monolith

[Corey Renner]

YES!  Jasper, you have a lot of great ideas, but that is probably the single best idea that you've ever had.

c

[Ryan Rix]

Find enough pictures of him online or from his videos and splice the frames
together using 123DCatch then 3D print him.

Ryan Rix
http://rix.si

[Ryan Mcdermott]

I love you so much, David. This is brilliant. I love it. Please
post pictures.

[Corey Renner]

We could print Rick's body with Larry's heart in it, I think he just sent the files a minute ago...

c

On Thu, Jun 27, 2013 at 2:08 PM, Ryan Rix <r...@n.rix.si> wrote:

--

http://coreyrenner.tumblr.com/

[Zachary Giles]

Why not have the mumble server be a hidden service? Now we still rely on the public net to actually do the communications..

Zach Giles
zgi...@gmail.com

[AltF4]

That sounds cool, David. I'm just sort of interested in exactly how that works. It is "location anonymous" due to being proxied through Tor? (and the prism and physical setup is just eye-candy?) Or else what actually is going on there?

-Alt

[David Huerta]

The physical interaction part is there because it's technically in an art school and this is an interactive/conceptual art installation, although originally the monolith was supposed to house a raspi that ran a mumble client, but the raspi kept chucking while running it so it's just connected to my hacked Chromebook. :>

The clients are anonymous to the mumble server (tor exit relay ips show up in access logs, UDP is completely blocked server-side). The server itself is not anonymous, but seizing it wouldn't compromise the clients (in theory--I'd like to have it audited by srs bsns infosec peeps). Tor hidden services are designed for web apps, idk how well mumble would work as a hidden service since it's not [yet] built to handle a hash.onion address instead of an IP, but it's open source so we should totes make it do that. :>

I plan on posting a step-by-step guide on how to build the same setup soon, will link to the list once that's online.

On Thu, Jun 27, 2013 at 6:01 PM, AltF4 <al...@phx2600.org> wrote:

That sounds cool, David. I'm just sort of interested in exactly how that works. It is "location anonymous" due to being proxied through Tor? (and the prism and physical setup is just eye-candy?) Or else what actually is going on there?

-Alt

--
You received this message because you are subscribed to the Google Groups "HeatSync Labs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to heatsynclabs...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

--

david [.dh] huerta

davidhuerta.me

[AltF4]

I happen to be a "srs bsns infosec peep" :) Are you using client certificates to the mumble server? If so, that would identify the clients, even through Tor. Though perhaps still only pseudonymously, depending on what is actually put in the cert. (sometimes there's pretty uniquely identifiable info in an x509 cert) The server would have those certs, so seizing or otherwise compromising it would reveal those.

-Alt

[David Huerta]

A cert is used server-side, I haven't seen anything on the client or
server side side indicating a cert being sent from the client to the
server, but would be good to look into it. Would client certs generally
include the client's IP?

> --
> You received this message because you are subscribed to the Google
> Groups "HeatSync Labs" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to heatsynclabs...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>


--
david [.dh] huerta
davidhuerta.me

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org

mQENBFDlBaMBCADDRmcSL+YpVzawcjwCtm61lQT32VILEPE3o9mZMAfKlYiEtfJY
8r4ggOCdWRoqglPUGOoTSANsQfahxxmyLylFz1D9iNerx9/23iQ8hcFcokoOAdwA
fhmNHEdkgyQg9Lyy5KcfGsrzJyxd7SBwMOvbRGudWpuA0+Dp84sQXTxHawp/LUVU
G+zCrrc39jeyHWVLdNESxXCW7nOSRe/jU92/PiMTS0VAYZuHE9j93bH37JjLvXZx
MgozTZImBxB9SmvT8ztuU1BS9jdmtO9/XD/XjWdvdbWS7z6fjambB8zWWAOkQvz/
TbCeaIVqYEaQspDaAs4jhdzfpRYRUAfk20cpABEBAAG0IkRhdmlkIEh1ZXJ0YSA8
aHVlcnRhbml4QGdtYWlsLmNvbT6JAT8EEwECACkFAlD9jbgCGyMFCQlmAYAHCwkI
BwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRA11ya9rgnzKGv1CACBZzhAEGpA5IAB
k58CbcDJ4hXg8OSoay24SNi7jdCemp0CEbr1EhHGw3s05sUExl/KRgeQxgazvXtk
+Y0ynyguA39U+nu/kkRVhB7vNPXj2GKdcsO9cw92KmCcRhKZiYL3OEAiGXYa/kvl
6YqXxzbw7oshcceDmSAKctsiBHhS/zwpdb4Co1v260H8HXAf+tsDPbkZHVRSNX/V
PyhxQFtnFvdEiLE6D6hsMXJWAvNBoeaGb/xaQnU9Elu0JqY+n2372oc2F9ZYsg/D
WcwcKb5SkucyXnlph8AXTx3SCTISVVN95Pj8anv2Z1XwKV0iM+K3dp/v0bWsIvRq
07ZFT/hKtCREYXZpZCBIdWVydGEgPGh1ZXJ0YW5peEBvcGVudGlsLmNvbT6JAUIE
EwECACwCGyMFCQlmAYAHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAUCUP2N2gIZ
AQAKCRA11ya9rgnzKBPcB/4ltGkLGpzhH+4OxI+zRk7qRnF3sFLYJUh/VUSSDU8l
Bu8eEYPol1DJ/MGIKqZytvLC6kvevHBRGT3YpEWJ3q97Iqvzpg52RftN8IZpN8dQ
6L8Tr1DLCcIl+F3J0rHBxrU54pXBlPpeo2Yppv2nGo+plFwKkg711A4ZJIUSaG6V
hmslIovxoUxo4F0QyRNZ9dPqCzzTP63xJCgh0Ez+WVT8gaan1iE4Ck4xlEH6vMZB
8tVjXx0tCYPyNRwl0DDXkIfX+9s92stIQVDt4srNKcu6yjjQs7f+0UiULotZ3fKX
skykx4wBk59BT92VQwBM/tFxgf+p0BLcbasFhCpfTNepiQE/BBMBAgApBQJQ5QWj
AhsjBQkJZgGABwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQNdcmva4J8yj6
/gf/f4lSeMMK3yHLxcRQ7vqHJ+TrWCh62AxTHbbabnozGaug42ekZUJWqf+O97DT
TpKRhknaTleXWontnotIdHcv/ciFM85SSlO2+k3jouxnyPEIP45wgabAAG55zUZ4
lUGH9z4OZo0j/OuxfTj/EWc1AciuJAONd5Cz6wFpbPMQ4811cB7IrDKPd5pTOe7M
B+Y3SpWo95i0DWWeoa3MfXoBUjTjF8c79ZRel+M/9Qxqi9GkD+NWrJbSh1G9Rrkf
4FXFDO2tYadsnXV8+PnR0hoHXHoXSpWQzmbNhYa/OZOhPdgqAuOKTgAoT8rR9ELq
vSHsuacDQOli8WqWd/IR4Szi8rkBDQRQ5QWjAQgA0oAIKM8AFYqHIrQocHmTGR/j
YybKQ41u+RUkrhzQPGm9lNSIR7MdD+DEwyEPeZLezNzuUk/huA2eZrjI7P/6aire
0CtUePzkrY93/OuDS5Tb9FtduyclCFMVm+OlOkMjBiqUofQsei4mB6FLKKtKRdiH
0jng3UUkTbJY7iAlKannKBWtsuDCTQuguLh1+Z9bQmINiKSefYgYGJgCklhvYahc
kX/NKnisepYOwiCldwvbGs6ify962qG14xPf1y/Q4dSCxgSjzLdXDxpp90XEZNiT
5YATzZrPJUrcFZX8/ep6I0COtIE+FnjMDKQ2VLCbC8lOJDcTtJdzXUIALrL69wAR
AQABiQElBBgBAgAPBQJQ5QWjAhsMBQkJZgGAAAoJEDXXJr2uCfMoxs0H/j9YpD4m
urSQZh8d6yQahM57sxmqBNer4YyZqHzNBVt6jUJ60wM90Yfn2m7mGjcD/GK6/fLq
PzLv3VsQmMM+aVcCRGiFR5P/bLx5/t90PAgprrA7/ld3g0yN+5TGkI/fdOXQmApl
bnKDy1q9a9CmtD5M+cOU7adIMEI8ymW2t2Cnw/aTEDNIss/eg2IcfvqirgkBuqw4
TtYAZiMhY38zifjTu0n2aUcKv64K4PGZVklo3BWdqN3bpt2cviB/kQCC/9JZNmqs
WfZkK1q9rzo0wkJKTCAtmYYGDzOTYHDCXcOaviexnnq2+DDdfngcu1YpBclf2S4P
J9HbchaaZTsCADw=
=mmiq
-----END PGP PUBLIC KEY BLOCK-----

[AltF4]

So, mumble will automatically generate a client side certificate, but then it's up to server settings as to what happens from there. The server usually needs pseudonyms (usernames) for each of the clients, which are associated with these certificates. So these client certs will be stored on the server. But since they're automatically generated, it's likely that they don't have much or any personally identifiable information. But it's possible that they could have info like time zone, OS info, client software version, etc... Which could be identifiable in the same way that user agent strings are highly identifiable. I'll look into it more tonight.

-Alt

[David Huerta]

I tried looking for somewhere client certs would be stored, but wasn't able to find anything server-side, at least not in the three sqlite DBs in /var/lib/mumble-server:

mumble-server.sqlite: users table with only the superuser account and hashed password
murmur-server.sqlite: empty
murmur.sqlite: empty

Honestly though I have no clue where client certs would normally be stored in this sort of setup. Mumble wiki seems to not mention this.

On Fri, Jun 28, 2013 at 12:52 PM, AltF4 <al...@phx2600.org> wrote:

So, mumble will automatically generate a client side certificate, but then it's up to server settings as to what happens from there. The server usually needs pseudonyms (usernames) for each of the clients, which are associated with these certificates. So these client certs will be stored on the server. But since they're automatically generated, it's likely that they don't have much or any personally identifiable information. But it's possible that they could have info like time zone, OS info, client software version, etc... Which could be identifiable in the same way that user agent strings are highly identifiable. I'll look into it more tonight.

-Alt

--

[PHLAK]

I run a Mumble server on my personal VPS for use by friends and aquaintences.  By defualt the Mumble client will generate a certificate on the first run.  The user can then optionally generate another certificate or import one provided by a CA. Similarly, a Mumble server will gnerate a default certificate on it's first run and you can optionally use one provided by a CA.  A Mumble server administrator can view any connected client's certificate.  I'm not sure if a non-administrative user can view other users certs.  Here's the info available in a default Mumble client certificate:



I'm no Mumble expert but I believe this is how Mumble server/client communication works on a default installation.  When you connect to a Mumble server your outbound traffic is encrypted with the servers public key and the server decrypts it with it's private key.  Trafic to the clients are encrypted with the clients public key and decrypted on their end with their public keys.

I believe it's possible to turn off the client cert requirement, however this would hinder or completely remove encryption.

[PHLAK]

Sorry, here's the image I tried to attatch in that message: http://i.imgur.com/RQnGkVd.png

[David Huerta]

Cool, looks like my Mumble client certs are also pretty free of personal info. I'll be posting a howto on my setup (the software side anyway) on my blag soonish. The actual construction of the monolith/prism-stomp-switch will come later once I get mumble working as a client on the raspi.

--

You received this message because you are subscribed to the Google Groups "HeatSync Labs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to heatsynclabs...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

--

david [.dh] huerta

davidhuerta.me

[Zachary Giles]

Interesting input by PHLAK. Even if you don't know where the client is or who it is, you can still identify when that client speaks. Still anonymous, I guess, but with more than needed interesting info along for the ride.

Zach Giles
zgi...@gmail.com

[David Huerta]

The howto on my setup, at least the software side of it: http://huertanix.tumblr.com/post/55261352264/location-anonymous-voice-communication-a-step-by-step.

Also added it to the graveyard of links that is Hacker News: https://news.ycombinator.com/item?id=6033467.

On Fri, Jul 12, 2013 at 12:28 AM, David Huerta <huer...@opentil.com> wrote:

[David Huerta]

Indeed; It might also indicate whether you're awake or not and might hint at which side of the planet you might be on. Maybe a bot could add fake calls into the mix at random intervals? Sounds like a familiar idea. ;)

[Robert Bell]

Here's some lunchtime tinfoil to chew on.

If the 50/60hz background hum from an audio stream is isolated, could it be used as a fingerprint representing an electric system's transformer chain?

http://www.bbc.co.uk/news/science-environment-20629671

[Larry Campbell]

fascinating.... I wonder if cheap UPSes pass that hum along? I would expect properly filtered high end ones dont...

LC

[Tony Brenke]

A ups will pass all of that along.... Unless you pull the power cord and have it operate in backup mode. There are relays, they are a pass through unless you lose power.

[Larry Campbell]

The ones I wondered about were the $100K+ high end isolated type such as in computer rooms, I would fully expect that a lower end ones (under $3000) would not have decent filtering..

[Zachary Giles]

isolation of harmonics vs changing the base frequency of the electrical system you need (and removing the hum from the room) are different things. If you want to make it so no one knows what the base electrical frequency of your country is, then you need to go DC or something. DC in an isolated room with isolated harmonics?

[Robert Bell]

At core, the technique is an exploit of acoustics. Electric network frequency analysis is a process for identifying when a recording was made. My ponderings orbit similar methods for answering where an audio signal is generated. Do the isolatable signals generated by street lighting carried via anonymous mobile voice sessions have sufficiently distinct characteristics mappable to particular tangibles? Does the database exist? Does Mumble have a humspoofer? 

[Larry Campbell]

Higher end UPS systems rectify say 480v 3phase into 480v DC, then pull back off that into an inverter that would create a "fresh' 50/60hz output, my concern was if the presence of the batteries,and the superimposing of the 3 phase signals, filter caps etc etc would be enough to suppress and or mask upstream patterns to a immeasurable point. Would the UPS itself create a unique fingerprint or would merely the type of UPS be capable of being identified? I would assume different UPS circuit designs would be able to be recognized.

[Jasper Nance]

Why not just comb filter the audio for both frequencies in software or inject both as well?

[Robert Bell]

Because phase wobbles. They make comb filters fail. 

See image for details. http://i.imgur.com/UvTlrd0.jpg

[Will Bradley]

Maybe this is why military-grade encrypted audio is notoriously poor quality; perhaps they process the audio so heavily that it's audible but missing huge chunks of predictable spectrum.

[Zachary Giles]

<3 rb.

[Robert Bell]

By "phase wobbles" I was suggesting an electric system might not cycle at a pure 60Hz. 

A static comb filter on 8kHz audio reveals a slice of the hum in phase offsets spaced ~each 133ish samples.

A full sweep for a fingerprint might require a lot of audio, but a usable partial could be constructed in near real-time.

Yes?

[Robert Bell]

you forgot my birthday

[Ryan Rix]

http://feedly.com/k/15gm7Dk relevant hackaday?

[Robert Bell]

Nice find. It's perfectly relevant.

With capable hardware, applying this moving-average filter to 48kHz (Mumble's native sample rate) audio, we get an effective 8kHz signal with a 1/120th second (half hum) delay. 

For a given sample, the hum is neutralized by subtracting the average 400 preceding and 400 following samples.

If I further understand correctly, this masks the hum out to its 400th harmonic. 

I still think the hum could be extracted. Perhaps by spatial analysis of a stereo signal?

[Robert Bell]

There's a detailed comment at http://feedly.com/k/15gm7Dk posted by Remy Dyer worth looking at.

Like Jasper, he suggests the efficiency of a comb filter.

On Mon, Jul 15, 2013 at 12:30 PM, Ryan Rix <r...@n.rix.si> wrote: