Hacker News new | comments | show | ask | jobs | submit login
Anonymous Publishing is Dead (cryptome.org)
257 points by thesteamboat 1666 days ago | hide | past | web | 160 comments | favorite

Most of the author's problems seem to have to do with purchasing and running a VPS anonymously. But why bother? Do you really need to run your own Tor hidden service on your own VPS in order to publish anonymously? What happened to all the free blogging and pastebin services where you can sign up and/or post anonymously? All you need is Tor Browser Bundle and some extra caution. You can stay as anonymous as Tor's security allows, and no money ever changes hands.

Sure, it will be easier for the powers that be to take down something you posted on Tumblr than to take down a Tor hidden service. But that's a completely different matter from publishing anonymously in the first place.

The author also seems to think that publishing images and videos anonymously is harder than publishing ASCII text anonymously. This may be right, but not because of the reasons he cites. If you already have a medium where you can publish ASCII text anonymously, nothing stops you from publishing your media in a base64-encoded form. The real problem with publishing images and videos anonymously is that those media files often contain lots of entropy that could help identify the author, such as location information. No amount of Tor trickery will keep you anonymous unless you thoroughly scrub your media files.

I suspect that the author wants an anonymous VPS so that he has a computer that's not subject to physical seizure, e.g. TSA thugs grabbing it whilst entering or leaving the US. Plus the convenience of being able to access your VPS from anywhere you have a halfway trustworthy SSH connection.

You're thinking of Immigration and Customs Enforcement, which is in the Department of Homeland Security but is definitely not the TSA.

But anyway, they don't have the power to seize your US-based VPS as you cross the border. That would require an actual warrant which requires actual probable cause.

The author focuses on the US, UK, Australia, New Zealand, and Canada as the countries to avoid, but this seems crazy to me. The only common thread I can identify is that they all speak mainly English (sorry Quebec). There are lots of places I would avoid in addition to those; Iran, China, Syria, Libya, ... the list is nearly infinite.

Thank you for the correction, I said TSA when I meant DHS. I agree that they don't have the power to seize your VPS at the border: what I said is that they have the power to seize hardware that you have on your person, which is a non-trivial factor. They've proven themselves willing to abuse this power.

Another possibility would be to get one of the little computers that plug into USB or power socket and can do wifi, sneak one into a cafe or somewhere else with open wifi, and run TOR hidden service on that. It will get found and destroyed in time, but for some time, it might work. Or maybe solar powered Rpi that you put on someone's roof?

I'm not sure how well TOR hidden service would work behind a NAT though.

EDIT: another way would be to go to the dark side, and get your own botnet.

> I'm not sure how well TOR hidden service would work behind a NAT though.

Just as well as tor works normally.

> sneak one into a cafe

There are cameras everywhere. If they really want to find you, they will see your face.

Install server. Wait a few months. Start publishing. No one is holding onto records that long and even if they do no one is going to go through that much video to find you. As long as you disguise your plugin server as something common no one will think to unplug it. Add a fake wire going behind something big for extra effect.

Wear a mask.

I've been tempted to get ahead of the game and start wearing facial-recognition-jamming face-paint just as a fashion statement. Unfortunately, for this particular use case, the makeup makes you memorable in its own way.

Why not just walk around with a silly face all the time, and maybe a mustache?

So we should all steal Sacha Baron Cohen's schtick?

Illegal in some major US cities I believe. At least that is what my university used to claim to students every year around Halloween.

"media files often contain lots of entropy that could help identify the author, such as location information"

Please, please, explain this.

Hidden image data in photos that I know about:

(1) Exif meta-data (Exchangeable image file format) which are things like resolution and dates, but can include serial numbers as well. Here's a handy list of cameras (usually high-end ones) that betray your privacy by embedding a serial number:


(2) IPTC meta-data (International Press Telecommunications Council), though I have yet to see a photo "in the wild" that uses it.

(3) XMP meta-data (Adobe Extensible Metadata Platform). This is added by Photoshop for example. It's two long numbers (DocumentID and InstanceID) which are different for each image.

(4) DRM and anti-counterfeiting stuff that might be added by image editing tools. (Many color copiers do this in the case of paper prints, for example.)

Sensor noise can also be used to identify pictures taken with a specific camera:


If I were being truly paranoid, I'd use some steganography software to write random "data" across all the low-order bits of any images I _really_ didn't want traced back the the sensor in my camera/phone/videocamera...

I want to add some tips:

Exif is the one everyone knows, but don't discount #3 and #4 (i.e., identifiers added by image editing tools).

To keep a photo untraceable:

Delete the Exif data using a tool like IrfanView.

To edit the photo, download a fresh copy of an open source editing program or a commercial editing tool that does not need registration or activation. After you're done working on the photo, delete the editing program.

For a higher level of security (to guard against the possibility of a GUID or hostname from the OS being embedded in the image), do all of the above on a computer that is not traceable to you, or on a fresh install of the OS, which you wipe after you are finished.

Also, seed the network card with a fresh random MAC on eevery reboot, or more often.

"betray your privacy" is a pretty loaded way to say that.

As an example, take a photo with a relatively new digital camera and open the JPG up with an EXIF reader. In all likelihood, you'll see GPS coordinates, the exact time you took the picture, along with the unique identifier of your camera.

See http://en.wikipedia.org/wiki/Exchangeable_image_file_format#....

Even if you scrub the EXIF data (which you absolutely should do of course) remember that it's likely possible to identify if you took a particular photograph with a particular device.

That isn't a danger that you'll be identified from the photo, but it prevents plausible denial at a later date.


blur and threshold.

This can be easily overcome by adding random noise.

Random noise only means you need more samples; it can't block a consistent pattern.

You can add a consistent random pattern.

You need a method that can't be distinguished from the native pattern. How much trust do you want to put in your algorithm being invulnerable to future analysis?

That's surely not what kijin was referring to; that can easily be stripped out. Rather there's the problem of being able to determine location purely from the picture itself -- a picture contains a lot more information than just the particular thing you intend to point out in it.

Quick and dirty:

  cat imagefile | strings | less
To obfuscate meta-data in media files, use two different editors to covert file formats three times. eg Use Picasa to convert original to high quality jpeg, then use Gimp to convert jpeg to png

I gathered that he wants to be able to host a site like wikileaks anonymously.

IMO the author is right: truly anonymous publishing is an unattainable goal for most people today, because they have little choice but to rely on one or more third parties to obtain all the layers of hardware and software necessary to publish online, and such third parties either cannot fully protect or ensure the protection of their anonymity or (more commonly) need to know the identity of their customers.

However, I disagree with the author about the impossibility of buying bitcoins anonymously. Bitcoins can be purchased anonymously via local dealers and over-the-counter venues. One sends cash along with a Bitcoin address; one gets bitcoins delivered to an address in the blockchain in return.

Examples: http://www.tradebitcoin.com/ , http://localbitcoins.com/ , http://bitcoin-otc.com/

Also you can mix your bitcoins using some laundry service or web wallet. Of course then you have to trust the third party (mixer/anonymizer)

ps. I'm the author of localbitcoins.com, thanks for linking to it :)

If you're willing to wait and are willing to throw down some initial capital you can also mine bitcoins directly. Freshly mined bitcoins are difficult to impossible to trace (not even to the machine that mined them) (with small variation in anonymity depending on whether you mine using a pool, and I think whether you can assume that your enemy doesn't control the vast majority of bitcoin miners).

Yeah; that was my first thought when the OP wanted to obtain bitcoins anonymously. Of course, getting access to compute power is probably easier for me than for most people, but eh, even so, it seems like the easiest way to go.

Yes and buy with bit instant

There are two ways to do this from the perspective of a journalist.

The first, is to do as the author attempted: that is to find every way possible to hide your identity. It's a lot of work, and maybe impossible.

The second is to put yourself out there. Be a public figure, unafraid of what you are publishing. Allow people to know who you are and what you stand for. Use your fame to your advantage. Call me an optimist, but the powers that be will have a tough time keeping you quiet if you represent a populist movement. In fact, it's eventually to their advantage to support the cause if it's meaningful and popular enough; the game of politics is won by catering to the masses.

At the end of the day, if you want to be a muckraker you can't be scared to get in the muck. I realize there can be repercussions. But it's far easier to support a face than it is some anonymous text.

In the countries where investigative journalism would do most service to the public, putting yourself out there will get you jailed, beaten up or shot. Entire governments keep their reign in part by controlling media. And some organisations too, like the drug gangs in Mexico. One blogger was literally beheaded by a local Mexican gang. From this perspective it is more than a little naive to stipulate that "if you want to be a muckraker you can't be scared to get in the muck". The need for true anonymity is not fiction, it is very real in the world we live in, right now.

I'm not naive. I realize there are repercussions to it. It isn't unique in history, and I'm grateful people have and continue to do so.

When you're publishing things about the Mexican drug cartels, you have to expect that you're going to piss off the gangs. That's part and parcel with what you're doing. Unfortunately, it's sort of how progress is made; if you publish something and get jailed, beat up or even killed, that becomes part of your message. I'm not trying to sound flippant. It's reality. What passes for "anonymity" won't save you, and true anonymity makes it unlikely that what you publish can make a difference. Besides, did truly anonymous publishing ever really exist?

When it comes to getting your message out to make a difference (which I assume is the underlying point), fame and anonymity are opposite sides of the same coin. If you can't achieve one, you're best bet is to focus on the other.

The thesis of the linked article is "publishing with strong anonymity is impractical with current internet services".

You seem to be saying "getting yourself beaten, imprisoned, tortured, and killed is just part of exposing corruption, get over it".

I don't see that comment as particularly constructive.

I'm questioning the reason behind the need for strong anonymous publishing, as well as whether it ever really existed.

I don't agree that fame and anonymity are opposed to each other. Most famous writer´s names are just ´handles´ invented for some measure of anonymity.

>Most famous writer´s names are just ´handles´ invented for some measure of anonymity

Most? That is utterly untrue. I bet you'd be hard pressed to name any.

Besides, if you write under a pseudonym, and participate publicly under that pseudonym, you are no longer anonymous.

You probably think it is utterly untrue because you don't even realise that such well known names like Mark Twain, are, in fact, just handles.

What if you don't represent a populist movement and your views don't cater to the masses?

That's a good question.

Would you like it if people could anonymously publish and distribute hate speech? It's tricky.

I'm making an assumption, but in most scenarios it's the powerful few controlling the masses, and doing so through controlling the flow information.

It extends far beyond hate speech as well, if it was only hate speech on the table there might be a useful conversation. Religious people have had success with that same phrase against atheists to censor them. (There was a somewhat large "youtube scandal" a while ago.) But plenty of people just want to censor unpopular views regardless of whether the person with those views is emotional about them. Do you sense any hate in this?

"It never occurred to either the enemies or the apologists for slavery, that if no one would employ the free laborer, his condition was infinitely worse than that of actual slavery--nor did it occur to them, that if his wages were less than the allowance of the slave, he was less free after emancipation than before." --George Fitzhugh

Can one argue for the return of a more civilized form of slavery without being called evil, a racist, bigot, hate monger, etc.?

It's because so many views that "don't represent a populist movement" and "don't cater to the masses" also don't fall straight into a single bucket ("hate speech", "encouraging violence", "ignorant flaming", "hard truth", "trolling", "devil's advocacy") that I like the American view expressed by geuis. If you're not being forced to listen (because while one may have the right to speak, one doesn't have the right to be heard), change the channel. Starting from this point lets us discuss the potential exceptions like whether we ought to allow television personalities to ask the public to kill someone, and if we do, if someone acts on it does the asker receive some amount of punishment? I think it's important in having a useful discussion to start from a solid position rather than starting from "it's tricky".

There's nothing tricky about it. Hate speech is a vile thing, but you or I have as much right to say it as we say anything else. Freedom of speech should ensure that no one is silenced for their viewpoint. Whether we like what other people have to say depends, but they always have the right to say it.

Very american perspective. Here in Canada (and many other places in the world) we have laws against hate speech. The definition is here (http://en.wikipedia.org/wiki/Hate_speech#Canada).

Words have an impact on the world. If you call for violence against a group of people, you can be held accountable for that in Canada. Nobody is saying you can't say "I hate <group of people>", but when you say "<group of people> should be killed" you've crossed a line and can be held legally accountable.

It's a tricky issue, but personally I think our system is more in line with most people's natural sense of morality. If I call for violence, and violence happens, am I not at least partially culpable in that violence? Especially if I am a community leader, or other person of influence.

You'll still get in trouble in the US if you're inciting specific crimes. But "all them ___ should be shot" is just a (bad) opinion. And you can impotently rant about those all you want.

I disagree that "all them ___ should be shot" is always impotent ranting. That's ignoring the influence people can have over other people.

People who are so weak-minded should be shot.

Context does matter. However, I think that we should err on the side of caution when it comes to preventing people from doing things.

>"There's nothing tricky about it. Hate speech is a vile thing, but you or I have as much right to say it as we say anything else."

That's an opinion, and precisely why it's tricky. I understand "freedom of speech" is a fundamental representation of liberty, especially to Americans. There is also a school of thought that believes in looking at the normative angle of policy; when things can be determined, objectively, to be hateful or vile, why allow them? I'd rather live in a world that didn't allow hate speech than a world that does. Of course, how do you determine "hate speech" objectively, at the margin? That's the tricky part.

>when things can be determined, objectively, to be hateful or vile, why allow them?

And what is the objective criteria used to determine hatefulness and vileness? I am interested in how such a thing can be formulated in a definitively objective way.

I think by "objective" you probably mean "almost universally agreed", not actually "objective", because I don't think that any truly objective measurements of hatefulness and vileness are known.

There's no free speech in USA. Try threatening the president, even outside of USA. You'll be visited.

That presumes you get famous before you start publishing stuff.

Come on!

Just get a fake account in wordpress, blogger or whatever and post using a public wifi. They will do the hosting for you for free and you will be virtually untrackeable. If you need to publish some video, post it on youtube or a clone using the same procedure as before.

You can even use facebook for hosting (!) if you fake the email.

I really don't get why this guy needs to purchase a VPS to publish.

Most of these things are subject to being taken down at the whim of U.S. law.

That's a great way to get out a single message, like a video or a photo or document. If you wanted to publish regularly and develop a following, you wouldn't be able to do that on these sites without constantly being taken down and having to re-find your audience. I think that might be the kind of anonymous publishing he is talking about.

Really, what the OP really wants is unclear to me. Anonymity is one thing, but accessibility in the face of governmental restrictions (especially targeted, rather than general) is quite another.

You are right. But you can use several different free hosts managed by different laws and it would be quite resilient.

That could deanonymize you. Lots of public places have cameras. On the other hand, have you ever tried creating a Google/YouTube or Facebook accout over Tor? They want SMS verification. So you have to buy a prepaid phone somewhere and that store will likely have cameras too. It's more difficult than you think.

Just wear some makeup and a wig. Cameras will not be as important. Pay cash.

At least for the hosting part I guess he didn't search hard enough. Hosts like http://www.mediaon.com/ are accepting even cash via regular mail to start an anonymous website/register a domain.

https://www.nearlyfreespeech.net/about/mailing seems to allow anonymity as well.

Looks like they don't (except under very specific circumstances which include not living within the USA)


How? Don't checks have your name on them, or doesn't the bank know it?

Cashier's checks and money orders would just have the merchant's name on them, or no name at all. You can purchase either one with cash.

Ah, thank you. That's pretty handy, too bad I'm not in the US.

As far as I know, it's impossible to anonymously pay for anything over the Internet.

He tried to use a prepaid credit card, paid for in cash, but since the PATRIOT act, prepaid credit cards only work in person (and not even always then).

You can't use prepaid credit cards online without supplying your address and SSN to the prepaid credit card provider first, which most prepaid card providers don't even support in the first place.

Question: doesn't Bitcoin provide for anonymous transfers? Or no?

If you want to pay for something anonymously on the internet, you can use a prepaid gift card. It will generally be accepted just like a credit card (though there do seem to be exceptions). It doesn't require registering your address or SSN. Or at least not in the case of Vanilla Visa (they require, IIRC, a name and zip code, but there's nothing preventing you from faking those). You can't refill it, so you'll have to keep paying for new ones if you intend to do it a lot, but I guess that's the price.

You got lucky. Most sites won't let prepaid gift cards go through. For example, neither Amazon nor PayPal, IIRC. Vanilla Visa was exactly the one I had, that ran into the problem, and I'd even put in my name and ZIP on their web site.

The problem seemed to be the lack of a billing address -- what are you supposed to put? Nothing worked. On another site that processed their credit cards via PayPal, it didn't work either. I called PayPal customer service and they explicitly told me they don't support cards that don't provide a means to verify a valid billing address and 3-digit security code.

Every time I get a VISA prepaid gift card, I simply buy an amazon gift card with it. I've never had any problems doing this.

Now, it's not like I don't have other identifiable information on my amazon account (a real credit card, a previously used shipping address, etc), so it's not anonymous, but they do accept prepaid cards.

Hm. I just used an arbitrary address consistent with the zip code. But I must admit that though it's worked in most of the cases I've tried, I have no idea what fraction of online merchants take such things in general.

Not true, you'll likely have to go through a bunch of prepaid providers but there are certainly providers where all you have to provide is your postal code.

I run pretty much everything through these cards online to avoid fraud / identity theft issues and prefer the ones that are easiest to register for online purchases.

Bitcoin transfers are anonymous but not untraceable, eg. with enough circumstantial evidence surrounding the transfer you can be fairly certain who made it... if you use a wallet service then its not really anonymous at all if you have access to the wallet providers database.

Bitcoin transactions are all public. If you want to be safe, you have to use a laundry service, and I don't know how good those are.

Here is a thought though: what if you got a prepaid credit card in another country? I suspect somewhere in Europe would be your best bet.

Also, how would the card company know that the transaction was online? It would be shady as all hell, but couldn't the merchant open a cornerstore and ring up all the online orders as chips and a smoothly?

I'm not an expert, but I think credit card companies themselves may be pretty unhappy with something like that. It's a tricky proposition in the first place, accepting CCs as an online (or even brick & mortar) merchant. You are effectively assuming some funky risk. Fraudulent transactions mostly your problem, at least more yours than the credit card company's, the bank's, the credit card owner's or even the fraudster's (in practical terms).

I wouldn't be surprised if by breaking or even nudging their rules comes with a high enough price to kill the whole thing. You would be open to being ripped off painfully and your merchant account would probably be shut down pretty fast.

Good point, I didn't take into account fraud on the part of the customers.

The legitimate but non-US prepaid card is still something I think could work though. I tried googling about it and didn't really find anything at all though.

What you've described is essentially how credit card processing for online gambling works. Except it's shoe stores and other places that sell stuff similarly priced to what an online gambler might charge his card.

I used a prepaid VISA gift card online last week, without supplying any personal information whatsoever.

Prepaid American Express is pretty easy, you can call and give them an address, they don't ask for a SSN (many legitimate people won't have one). Just say that you're making an online purchase and need an address for verification.

What about freenet?

The problem with anonymous publishing in a world where you have an authoritative server and DNS is clear. Some server is serving a file. And that server's operator apparently wants to know things.

What about uploading static content to various sites under free accounts?

The only difficulty is having DYNAMIC server generated content, i.e. executing programs to handle a request.

freenet is probably the most reasonable alternative since the content is distributed amongst clients, and therefore there is no central point that can be "shut down" by governments. The downside, of course, is that almost no one will see your content on freenet (or a smaller darknet) and whether that still counts as "publishing" in the same sense as getting a publicly-available server connected to the internet. If you are doing something like WikiLeaks where you're really relying on normal news outlets to do the real legwork for you, this may be feasible, but if you aren't doing that for whatever reason, it practically would be the same as saving a text file to your hard drive -- i.e., no one, or almost no one, will ever read it.

Yeah but as I said, you can upload your html to http://pastehtml.com and upload files to some free accounts, and references them. And bam, anonymous publishing. What's so hard?

What about writing a letter, with pictures and everything, and sending it to a bunch of people who then scan it with or without OCR and then post it online? There could even be a group of such people that, as a kind of public service, agree to do this. They could, for example, burn the original.

Better make sure your printer isn't leaking any identifiable data: https://www.eff.org/issues/printers

That's not a problem if your recipients are OCR'ing or transcribing the document and make sure the original is destroyed.

Yeah, that's why you burn the original.

You don't burn anything, you hope your recipients are diligent and follow up on their promises. Making this one of the less safe ways to get out data, because it's not self-reliant.

Actually, I meant that the recipient burns the letter after transcription. That protects the sender in case someone comes snooping after the sender and tries to hit up the recipient for more details.

Regarding self-reliance: theoretically, there is no self-reliant way to "get data out". Every method requires at least the involvement of the recipient. This sounds pedantic but it's a serious point. If you really don't want to rely on anyone, why are you bothering sending people messages anyway?

If the message is persistent, then some lasting mark on the world has to be made - and there will always be a non-zero chance that that mark can be associated with you.

Methods requiring computers require an unusually large amount of reliance on others, actually. You rely on the hardware and software one is using, up to and including all of the infrastructure between you and your recipients. Computers are fundamentally microscopic phenomena, and yet controlled by other humans: how do you know that your hardware and software is doing what you think it's doing? Without an electron microscope and a great deal of time, you cant. (And even then, the microscope is subject to manipulation, so you can't be fully certain).

There's another problem with persistent distribution of anonymous data, which is the denial of service attack. An entity wishing to stop another from speaking can either stop the speech, or they have the option to parrot the speech, but altered enough to constitute noise, and weaken the opponents position, generally confuse the issue. No system is going to prevent a noise counter-measure, since presumably the system is available for anyone for anything.

Not breaking the law: Public library, ask to use the computer while someone else is using it with the excuse for it just taking a minute. (If they have logs, its the guy's name)

Breaking the law: Break into someone's house, use internet.

No need to break in, just find an open WLAN.

Libraries have cameras.

Access is free at libraries in the UK.

Just crack their wep key :)

I can beat that: here in Portugal our main paid hotspot provider (PT) doesn't know how to secure them - free unauthenticated HTTPS access to everyone!

Coupled with a free VPN over port 443 and you can get access to the whole web.

Nice :) Good for you!

Silly boy. You started with a centralized model, and with trying to set up a contract for ongoing service in another country, and you wonder why you failed at anonymity?

1) Choose a suitable pseudonym. Heinlein, Orson Scott Card, or Orwell references in the pseudonym get you extra cool points.

2) Generate a gpg key pair and publish the public key.

3) Write stuff. Sign said stuff with your private key.

4) Using Tor, free wifi four towns away, a small computer stashed in a coffee shop set to log in when you aren't there, or whatever methods make you feel safe, post the signed material to several dozen file sharing, pastebin, or other suitably public sites in several different countries.

5) If anybody cares about what you've written, it won't die there. It'll get passed on from person to person long after anybody gets it taken down from anywhere you originally posted.

In the UK you can get pay-as-you-go internet dongles. I'm not sure if you can buy them for cash in a shop, without ID.

Yes, but then they can trace it to where you exactly are. Makes it easy for yourself to get raided.

That's true, but anonymousperson90 has specified that he was willing to use the phone in an "geographically ambiguous location", so he/she would probably willing to do so with an internet dongle as well.

Drive somewhere. Use dongle. Throw away dongle.

That's good for sending. But you cannot host a server like that.

Of course not, but you could use it for signing up etc.

You can. Currys allow you to buy in cash.

Replying to my own post here (the shame!) but it's relevant and hopefully slightly interesting:

You can purchase SIM cards from most supermarkets in the UK for around the £1-5 mark and a basic Nokia handset for £10-15. You can top these up using cash at any supermarket checkout with "topup vouchers".

If you top up £15 that gives you 100% unlimited O2->O2 calls and texts for a month.

I reckon with a one time pad system such as the one described at [1], it is the most reliable, anonymous, secure point to point country-wide messaging system that you can create and it's not expensive or complicated.

I might write the whole thing up as an experiment and hopefully I won't get chucked in jail for doing so!

[1] http://users.telenet.be/d.rijmenants/en/onetimepad.htm

and if the SIM has international roaming, it can be used in countries like Australia (where prepaid SIMs must be registered).

1. Drive to coffee shop.

2. Change MAC address?

3. Create new account on Blogger/Tumblr/etc.

4. Publish.


In China coffee shop wifi requires citizen ID to use. At least in Beijing.

Yes fuck Chinese government, but 5 years later western governments will follow this way

> but 5 years later western governments will follow this way

I don't want to minimize the assault on our privacy and anonymity from all directions, but the one positive trend in the US and Canada has been toward less ID or no ID for using Internet cafes.

I remember the early days of Internet cafes in North America, and they very often wanted to see ID.

These days there are lots of public wifi hotspots, where at most they ask for an email address (a throwaway email address works fine). The purpose of collecting an email address appears to be CYA -- they get some assurance that you've agreed to their Terms and Conditions.

But I have also seen a trend where cafes and bookstores are moving towards brand based wifi service. For example, Barnes and Noble stores offer free wifi through at&t. This require not only for you to be a at&t customer, but also to give up a good amount of your privacy.

I am an AT&T customer, but I have never, ever been asked about my AT&T subscription on B&N's wifi. Or anywhere else that uses AT&T's hotspot service.

Perhaps you already have the cookies.

On machines that access the Internet at home via Verizon and at work via Comcast?

I was in Beijing a few days ago and in most of the restaurants/cafes I only had to ask the waiter for the wifi password. No id checks required.

Some of the "western" bars even have a vpn running so you can browse facebook when connecting to their wifi.

Do you look western or Chinese?

I'm western looking but they gave the password to anyone who asked (including locals)

That's oddly similar to network access in Ender's Game.

Meh… It's not a good idea, but thanks to camcorders.

This would be problematic if there was not rampant corruption in China.

Somehow doubt this will happen - as other posters pointed out, it's not even as strictly enforced as you make it sound.

see: http://www.cbsnews.com/8301-501465_162-20027837-501465.html title: Obama Eyeing Internet ID for Americans

Your MAC will only be known to the router of the coffee shop and the router's MAC will only be know to their ISP's router/modem. The ISP MAC will be in the logs of all the servers you and other cafe customers access.

I don't think this is correct. The servers you connect will see an IP address only. This could only be converted into a MAC if the IP was resolvable locally via ARP (i.e., you're on the same LAN).

The danger of retaining your real MAC should be obvious; it's a unique identifier specific to your machine that will at least significantly narrow the scope of the machine/owner your adversaries are looking for if it doesn't give the investigators a direct link back to you (e.g., manufacturer records MAC addresses next to serial numbers, adversary gains access to manufacturer's data and sees "MAC X / Serial No Y sold to consumer Z online").

Depending on the configuration of the router on the open access points, it may be possible to retrieve a list of all connected MACs over the whole lifetime of the router. Then they simply have to correlate, "OK, which machines had a lease when the access from this machine was made?", and then investigate the 5 matches that come up.

This is not very safe, clearly.

Thanks cookiecaper, I was thinking of DHCP. httpd doesn't log MAC.

That aside, MAC addresses can be easily changed and spoofed.

If one was really concerned, a throw away USB WiFi dongle could be used.

Thanks, good to know.

A coffee shop somewhere in africa would be ideal,

That works. There are shit loads of open WiFi networks in London as well. You could wardrive 10-15 of them in a few hours.

Would this work at starbucks?

I don't see why it wouldn't.

I don't know why the author dismisses Bitcoin as an anonymous payment mechanism. He says he doesn't "trust the blockchain to provide anonymity" but doesn't elaborate as to why.

> I don't know why the author dismisses Bitcoin as an anonymous payment mechanism.

As he said: "No bitcoin service accepts any anonymous funding source; most only accept bank transfers." The problem here isn't bitcoin per se, but the initial trading of bitcoin for USD.

Every bitcoin trade can be traced through the blockchain. So if he does use his true identity to buy bitcoins, they will be able find the seller. And you never know how easily the seller will reveal your identity…

Wow, I was under the mistaken impression that Bitcoin was anonymous, but researching it more, it's not really.

Does anyone know if this was a deliberate political choice in designing Bitcoin (so it wouldn't solely turn into a network for money laundering), or if there just wasn't any way to make the cryptography work for truly anonymous transactions that could still be verified?

1. I don't think it was a deliberate choice in the design of Bitcoin. I think Satoshi was hoping for full anonymity. That said, this ability to track Bitcoin payments to the payee has been leveraged by some of the present Bitcoin principals to convince governments that Bitcoin is kosher. (Satoshi is no longer involved in the development of Bitcoin)

2. That said, it is possible to use bitcoin anonymously, you just have to be careful and use some of the techniques described above: buying btc anonymously with cash, buying bitcoins via regular channels and "mixing" them via some online btc mixing sites, and/or generating your own btc but taking care to keep the client on a trusted vpn (like Mullvad, for example). Also, it's interesting to note that -- as far as I'm aware -- none of the perpetrators of the large bitcoin thefts have been tracked down, despite the best efforts of many smart people. And these are people that can be clearly tracked to very specific bitcoins. This may have changed in recent months, but it's certainly not a trivial task to track down even someone who has not used the techniques I describe above.

It's certainly a hell of a whole lot more anonymous than Paypal or credit cards.

Expediency. The novel part of bitcoin is the usage of the proof-of-work to also perform probabilistic byzantine agreement, and Satoshi didn't wait to invent two new things. I read the paper when it first came out, saw that it was based on signature chaining, and dismissed it as uninteresting. Didn't forsee the social echo chamber of everyone telling each other it was anonymous due to the present lack of identification. Oh well.

I would agree with the others who already replied that it was the latter, i.e., there wasn't a way to make all transactions totally anonymous. If you look at the protocol, you can see that there is no obvious way to modify the protocol so that it doesn't have transaction history.

For anyone reading this thread, I highly recommend the original Bitcoin paper:


It easily understood by anyone with the equivalent of first year university courses in computer science and mathematics, and it is just nine pages long.

Bitcoin isn't inherently anonymous, but neither is TCP. However, that doesn't mean you can't send data anonymously over the internet through services like Tor, and the same applies to bitcoin.

Bitcoin can be made anonymous by swapping coins of equivalent value between accounts; as there's nothing that connects an account to a person, you can muddy the waters enough so that it's impossible to know which coins belong to you.

It takes some effort to make the laundering believable, especially if you use an exchange to get your bitcoins (which most do).

I think that online laundry services have the potential to be much more effective than an individual operator in most cases, but then you have to decide if you trust btc mixers/launderers and most of them charge a significant fee.

Once you buy an amount of bitcoins, you can trade those for other bitcoins of equal value from other individuals, or just swap the coins between temporary accounts you've created. Do this several times over the course of a few weeks or so and there's nothing to connect you back to the coins in your account.

Perhaps because it's just a big list of who gave what to whom? sigh.

All that the blockchain does is say that code UVW signed code XYZ. Tracing that to individual transactions is a lot tougher, especially considering that one person can have multiple randomly generated bitcoin wallets. Who's to say that when 123 signs 456 that he didn't pay for some service somewhere, as opposed to just sending coins to another wallet under his control?

There's no "who". There's a cryptographic hash that may or may not be under the control of a specific person at any given time. If you're smart, the only link an attacker can make is that you used your traceable money to purchase BTC sent to this wallet. Once that BTC leaves that wallet, the chain is broken, because you have no way of tying an identity to that second wallet.

Tracing mass flows, the concept of guilt by association, and general investigation say otherwise.

Please take a look at the properties provided by a system based on http://en.wikipedia.org/wiki/Blind_signature for a perspective on the guarantees that Bitcoin lacks. (Unfortunately, such schemes require a Bank and are thus not practical for adoption. still it's instructive to see what other properties are actually possible rather than devolving into the technicalities of performing various degrees of untraceable btc transaction in the immediate future)

It's really a matter of time until all exchanges routinely report their customers and a list is made of all the major above-board merchants. For the sake of the naive users, let's hope this is done openly rather than covertly. FINCEN has decades of experience tracing pseudonymous transactions.

> Tracing mass flows, the concept of guilt by association, and general investigation say otherwise.

Those arguments could also be applied to Tor. In fact, I'd contend that bitcoin is easier to anonymise than a TCP connection, as you don't need to obscure the transfer in real time.

Anonymous publishing isn't dead, but rather anonymous payment.

I'm sure we could create an anonymous payment system, however, it would come with a lot of constraints. For example, everyone in the network would pay X dollars to be a part of the anonymous network. Each person cannot pay more than X dollars so that money is conserved. When a transaction is executed, use a service like PayPal to choose a random account and transfer the funds where they need to go.

Yes, this is very insecure for various reasons, and your credit card statement will show up with something you didn't actually buy, but, anonymous payments could be achieved.

Of course, you would have to access the service with Tor for it to be completely anonymous.

What would a "geographically ambiguous location" be? An airport or a train station, like in the Scotland Yard game maybe?[1]

[1] A team of players tryies to track down a solo player on a map with taxi, bus and subway lines. The solo player is invisible and has to give his location every five moves. The best place to be for this is on a subway station, because it means one can get away in many directions quickly.

I think author meant not from one's home, office, friend's home/office, or local star bucks.

Here is how you do it:

Put on gloves

Stuff cash into an envelope

Send it to the guys at prq.se



What happend to Freenet and I2P? They aren't dead, are they?

I think the key to doing anything where you want plausible deniability is not cleaning up after yourself, but in creating so much noise that it becomes cost and time prohibitive to establish your identity.

The more you clean up, the more little clues you forgot to wipe out stick out to a forensic investigator. The best shot you have is to produce so much noise that it requires hundreds of forensic investigators working full time to find evidence that you were there among the noise.

I sent this reply to cryptome:

Avoiding Echelon & DMCA

( response to http://cryptome.org/2012/06/anon-pub-dead.htm and I assume reader is in USA )

TL;DR: Emulate spammer ecom hosting techniques and/or look at the Privly project

To resist echelon style wire tapping one must use strong non-AES/DES crypto. Stego is a good idea, too. To resist DMCA style censorship and legal liabilities, publish on servers hosted in one of the BRIC countries (Brazil, Russia, India, China) -- China being the most resistant unless material is related to China. This should be a linux based webserver with a non-AES encrypted file system. Set up a ‘workstation’ in a different BRIC country than where you publish. For less technical people, a MS windows VPS is easiest -- just connect with a remote desktop client. Then run your tools in the remote environment to manage the publishing server. Or just run a ssh server on linux, perhaps with port forwarding. ALWAYS delete the 'workstation' VPS instance when you are finished and create a new one for each use. ISP’s do not retain this type of log data for long and constantly restarting the VPS makes it hard to track because MAC and IP address info can change.

To connect to your ‘workstaion’, start at an internet cafe outside of the district you live in. From there get an account at a Canadian ISP to be your VPN server. Avoid accessing this VPN server from the same cafe/place twice or within 20 miles of your home. Follow published VPN server setup howtos.

On the publishing server, create a fake but plausible cover website for the casual browser. Create a sub-folder that is not linked to or indexed and publish your content here. Hide your content using public key non-AES/DES algorithms with non-standard key length. Publishing with stego inside of image files is one example. Publish links to your stego encrypted files on public classified ad sites like craig’s list. Publish info on how to find the craigslist.org ads on forums your audience reads. Research ‘fast flux DNS’ as a way of mapping urls to your published content and/or use a publishing server that is configured via DHCP if possible. Configure the firewall to block all IP addresses on the 'anti-P2P' and government lists that are published.

Payment is tricky, but not impossible. Look into USPS international money orders as a form of payment. The longer a pre-paid cell phone number is active in the system, the more it is trusted by automated fraud services. Use your ‘workstation’ and pre-paid cell phones to create free email accounts as needed, avoiding major services like hotmail, yahoo, and google.

One could also publish by uploading stego’d pictures to a free porn site via one’s ‘workstation’. The high volume of porn traffic is useful chaff.

Ideally, boot your mobile PC from a Linux live CD and use that environment to work from. Any stored data should be on removable media that has a non-AES encrypted filesystem like Trucryp.

Consider hiring forum spammers to publish links to your content. These folks will not be picky about your debit cards or friendly to law enforcement.

Four layer encrypted connection diagram as proposed:

[mobile PC at cafe, vpn & remote desktop clients] >>> [VPN server at outside USA ISP] >>> [‘workstation’ VPS at BRIC ISP] >>> [publishing server at Chinese ISP]

Essentially each legal jurisdiction one crosses makes government action very difficult. Beware, government corruption can be exploited in these countries if your opponents have enough resources!

I wonder... is there anything like geocities anymore?

I mean, I'm thinking that the hosting costs would be close to zero. (now, the phishing prevention... that is probably effort directly in proportion to how anonymous you let the users be, and could be quite expensive.)

But yeah; Yahoo shuttered geocities while I was there. Is there anything analogous now?

Angelfire and Tripod still exist.

This makes me think that an analog to steganography could be a fruitful direction for privacy efforts to take - not looking like nothing, but looking like something unremarkable. If I remember correctly, Tor is already working on something like this, but what if this concept permeated the whole stack?

In Europe you can buy a prepaid phone card and use your mobile phone/modem to get online anonymously. Phones can be identified by IMEI id but you can physically hide the device or likely swap IMEI when needed using software. Not sure if other ways to remotely identify phone/modem exist.

I may be thinking too old school, but isn't there some way of posting to newsgroups anonymously?

I realize access to binaries groups these days is 99% pay, but at least the stuff would be out there.

Could someone create a TOR-like network using mobile devices connected to various WiFi networks? Flunkies could be hired to place and retrieve these devices.

You can use Tor on mobile devices.

I don't see much point in ensuring that all the nodes are on Wifi networks.

Well, for one thing, you could put the exit nodes on such devices.

One of the advantages of such devices is being somewhat proof against search warrants. (To use one café's Wifi, you might be next door or around the block on the next street.)

create a honeypot ID and use that as a disposable cost of anonymity. i'm assuming that a suitably motivated person can find a passport and then create a persona around that. then you can use all the 'normal' channels but there is a name to go with them, a credit card, an email etc. the fact that it's not you is the whole point. i think it's shneir that said it's not identity that's important, it's intent...

Pastebin + Tor?

niggah please http://artcrimes.org/

how about bitcoin based vps services ?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact