With the U.S. Government trying to shut down websites and stealing gold, I feel the need to discuss communications security, surveillance and anonymity as the U.S. collapses further into overt fascism.
I need to get this off my chest, once and for all, because people, who don’t know much about computers, are being bombarded with nonsense, and they’re bombarding me with nonsense as a result. I want a single post that goes all the way, and this is it.
“Have you heard about Tor?” I am routinely asked via clear text email.
Yes, I know about Tor, but we need to take a much closer look at what remaining anonymous online really requires.
First of all, since this is a long post, I don’t want to waste your time. If you’re a computer expert or network engineer, etc. you will already know this stuff. If, however, you’re a casual computer user who doesn’t know much about the underlying principles of information systems, this will be way over your head. If you’re a casual computer user who is thinking about anonymity online, this article might be useful for letting you know some more about what you don’t know.
A lot of times, ignorant people refer to things they don’t understand as “tinfoil.” (The gatekeeper Left loves this term.) What follows, however, is so far out that it seems like tinfoil even to me. But then again, I haven’t been targeted by a death squad for my activities online, like some people are in many countries around the world. So, is it tinfoil? For you, maybe. For people struggling against repressive regimes, maybe not.
When I use the term “tinfoil” below, I’m not making fun of you, I’m making fun of myself, and the roles I’ve had to play in corporate IT departments. You don’t know tinfoil unless you’ve worked in a corporate IT department. Corporate IT is a technocratic pyramid built on paranoia, surveillance and fiefdoms of specialized knowledge and privileges (rights and permissions). Since all modern fascist organizations are essentially the same, I hope that my grim experiences within these organizations will help you understand more about the nature of the dire situation that we’re all facing.
If you think that you’re thinking outside of the box, my main purpose in writing this is to inform you that there are actually boxes within boxes, and that if you plan on engaging an opponent as powerful as the American Corporate State (or any other maniac fascist regime), it’s not going to be easy. I don’t know how many boxes within boxes there are. What I do know is that the U.S. Department of Defense built the underlying technologies that make the Internet possible. They built “this” world.
So, you want to be anonymous in a world that was thought up by the U.S. Department of Defense?
Most computer users don’t have what it takes, in terms of technical skills, or discipline, to pull it off. I’m sorry if that sounds harsh, but it’s absolutely true. I’m not claiming to be any kind of expert at all. If knowledge of computers and networks represented all the grains of sand on a beach, I’d say that I was familiar with about 5 of those grains of sand. I would like to hear from people who know more than me about any flaws in this information.
A long time ago, as a sort of theoretical challenge to myself, I tried to define a reliable protocol for remaining anonymous online. Why? Ask any nerd, “Why?” and the nerd will usually respond: “Why not?” If the nerd is unusually honest, he or she might respond, “Because I can’t help it.” So, somewhere between, “Why not?” and “Because I couldn’t help it,” I set out on this quest.
As you might already know, I studied information warfare in college and I did several years of time in corporate IT environments. I knew about the types of surveillance and control that are possible at the client, server and network levels.
I looked at the challenge as all IT people look at all IT related challenges: Assume the absolute worst.
I went even further with this. I made irrationally negative assumptions.
I assumed that everything I did online was compromised. I assumed the worst tinfoil nightmares about commercial operating systems. I assumed that my ISP was a subsidiary of the NSA, etc.
Got the idea?
Let’s look at each level in a bit more detail (in no particular order):
Servers: Potential Honeypots
Many technologies that amateur anonymity fetishists are attracted to are actually designed to harvest information. Put yourself in the shoes of the NSA. If you wanted a concentrated haul of the most interesting information what would you do?
You would establish a honeypot: a service (free or paid) that purported to provide an anonymous web browsing/email capability. Who knows what people might get up to if they thought nobody was looking? That, of course, is the idea with honeypots.
If you’re relying on a proxy server, how will you know that it’s not simply recording your entire session for examination by acreages of the Homeland’s supercomputers that are running advanced statistical Magic 8 Ball algorithms? Because the company or individual providing your proxy service says that they don’t keep logs? HA
Am I saying that all proxies are run by the NSA. No. Am I saying that some number of them are. I’d bet my life on it. How many of them are run by governments? I don’t know. Unless you know which governments are running which proxies, you must assume that all of them are compromised.
In reality, the NSA would probably be the least of your worries when using a proxy server or open base station.
Nerds with too much time on their hands get up to all kinds nonsense. Do they set up anonymous proxy servers and open base stations just to see what people do with them? Yes. Do criminals do it to find out personal information about you? Yes.
So even if the proxy or base station you’re on isn’t run by the NSA, who is running it? And why?
Maybe you’re eLitE and use several proxies. You can probably assume that the proxies aren’t colluding directly, but what about the networks? Which leads us to the next level…
Networks: If You Feel Like You’re Being Watched, It’s Because You Are
The network providers are keeping end to end records of every session. The question is: Are the network providers colluding with the U.S. Government? Since you can’t assume that they’re not, you must assume that they are. I would assume that the U.S. Government has end to end coverage of every IP session that starts and ends on U.S. networks. With corporate collusion and off the shelf hardware and software, this isn’t a stretch at all. For non U.S. networks, the NSA gets in with multi billion dollar tools like the U.S.S. Jimmy Carter, and who knows what else…
There are dozens of off the shelf products that you would swear were designed for use by intelligence agencies, but they’re routinely peddled to—and used by—corporations. If corporations have and use these surveillance capabilities, what are the intelligence agencies running on the service providers’ networks? I’ll be buggered if I know, but I know it’s not good. That recent ATT/NSA thing is just a tiny/trivial tip of the iceberg.