

Steps to Anonymous and Secured Communication - grecs
https://www.novainfosec.com/2012/12/03/4-steps-to-anonymous-secured-communication-aka-what-petraeus-should-have-done/

======
rdl
All he really needed was a "legitimate seeming" site which didn't keep logs at
all. It is more important to not arouse suspicion through the act of using the
tool vs. to be secure once targeted and subverted -- basically, forward
secrecy would suffice.

He would have been fine with...a phone. "Talking about my book." Or, maybe, IM
with OTR without logging, but that might arouse suspicion if non-default, and
might also fall prey to crazy counterparty either not disabling logging or
intentionally recording and blackmailing.

~~~
losvedir
> _Or, maybe, IM with OTR without logging, but that . . . might also fall prey
> to crazy counterparty either not disabling logging or intentionally
> recording and blackmailing._

I thought this was one of the benefits of OTR over, say, PGP. That is, with
PGP if you sign a message the counterparty can wave it around and say "look at
what this poerson said", while with OTR, since the encryption is done with a
shared key, it could be just as likely that the counterparty made it up.

At least, that's what I gleaned from this wonderful video[1] someone linked to
on HN yesterday.

[1] <https://www.youtube.com/watch?v=eG0KrT6pBPk>

~~~
rdl
The problem is your _client_ can still log the pre or post crypto plaintext. I
believe pidgin or some other shitty IM client does that by default, even with
OTR.

So, I mean "use OTR, and ALSO disable client logging".

~~~
kbaker
It's Adium that logs by default, not Pidgin (which correctly disables
logging.)

<http://trac.adium.im/ticket/15722>

------
epoxyhockey
Without knowing the full set of parameters & restrictions that Petraeus was
operating under, it's impossible to say _this is what he shoulda done_. The
likely explanation is that he knew exactly what his options were and the gmail
'alias' account draft-email-scheme was the best option for communication for
him while sitting in his office.

------
btilly
And he can use this on his heavily monitored work computer through the day
without arousing suspicions?

Step 1 is for him to develop an official need for untraceable email with
covert agents.

Step 2 is to use that for the affair as well. (Which under the hood could be
something like the above.)

------
sown
Instead of using Hushmail, he should use a mail service that is hosted in tor-
space/hidden service. Eliminate the temptation to not use tor to get to open-
internet email by making that difficult.

Also, change the ethernet/hardware address everytime you connect to an open
wi-fi hotspot.

------
georgeorwell
Do I need to go to the Starbucks across town for the initial setup only or for
every subsequent time too? Why does using an anonymous IP matter if I'm using
Tor? If things can be easily traced back to the originating IP, don't cameras
in the coffee shop matter?

------
StavrosK
And all of this, just to avoid the intermediaries. Why not just put the PGP
encrypted messages on a pastebin and text the id (or, hell, agree on it
beforehand).

