Jump to: navigation, search

Surfing Posting Blogging

Introduction[edit]

Tor Browser is installed to surf the Internet anonymously. It is optimized to surf the Web securely and anonymously and therefore configured in a rather restricitve way. Please, read the Tor Browser article for basics.

Posting, Blogging anonymously[edit]

Whonix-Workstation contains all necessary tools to run a blog anonymously. Some hints:

  • Step 0. Before doing anything make sure you understand and exercise a healthy dose of Operational Security (OpSec). Even the best anonymity tech in existence cannot save you if you mess this up.
  • For an anonymous blog hosted on third-party services, you will usually need a new and anonymous e-mail address (see separate E-Mail article) for registration. Partition your activities and use this address only for your blog. Always use Tor to login into this e-mail account.
  • You may register your blog at different providers anonymously. For example you could use https://wordpress.com/. Keep always the option to pay anonymously (e.g via BitCoin or cash cards, ex. Paysafecard) in mind if you are using a premium product. (See Money page.) Note that cash card codes differ by country and could theoretically also contain an ID to specific in which shop they have been bought. Usually you may administrate your blog using a web interface only. Always use Tor for all activities concerning your blog.
  • A browser is no safe environment to write stuff such as for example forum posts or e-mails, webmail or IMAP.
    • You could accidentally paste things you don't want to paste for example into the search or URL bar, which could trigger a search for text that you did not intend to sent into the public internet.
    • With JavaScript enabled, user behavior can be tracked and profiled. Tor Browser implements defenses against user behavior tracking.[1]
      • It reveals, how fast you type, how long your breaks are[2], which mistakes you make and how you correct them while writing the draft, also which type of local keyboard you are using.
      • Mouse tracking[3] analyzes your click speed, the position and speed of cursor movement unique to each person as they interact with webpages. [1]
    • Combined with stylometry which works with less data (final text only), keystroke fingerprinting will completely de-anonymize you. An adversary can compare statistics about user's typing over clearnet, then compares it to texts composed over Tor in real-time.
    • Write the text in an offline text editor such as KWrite and copy and paste the text into the web interface once you are done.
    • This is a variation of an older attack perfected during the Cold War where recording typewritter sounds gives enough information to accurately reconstruct what was typed. This still applies today and you should avoid typing in places where open mics are used.[4][5]
  • Mouse movements are potentially another biometric fingerprint. High accuracy is achieved in limited situations - active authentication during log-on. Does not clear EU false positive requirements however so they recommend it for combining with keystroke dynamics as extra confirmation.[6][7][8] It is good practice to keep JS disabled.
  • Mind your cookies! Remember to empty your browser's cookie and history cache periodically. When you are using Tor Browser, which is recommended for many reasons anyway, simply close Tor Browser after you are done working on your blog, then restart it. For more advanced separation use Multiple Whonix-Workstations.
  • Attention should be given to the password-retention policy of the browser. If the browser supports a master password that encrypts every password it saves, use that feature. It is however best not to save your blog password in the browser.
  • Every blog software offers the option to select the point in time when new postings shall be published. Do not publish a new posting "at once" but rather choose a point in time when you are not online anymore. [9]
    • Over time, pseudonymous activity can be profiled to give an accurate estimate of your timezone and reduce your anonymity set. Try to restrict your posting activity to a fixed time that fits the daily activity pattern of people across many places.
  • Stylometry (deanonymization using your spelling style) is a powerful tool long used by Intelligence services. It is possible to automatically analyze and attribute anonymous postings to an author. Countermeasures such as faking one's authorship style can work.
  • Use a spell checker to confuse Stylometry a bit. You could use KWrite. To start it, use Start menu button -> Applications -> Utilities -> Text Editor (KWrite). Once KWrite is open, click on Tools -> Automatic spell checking. Mistyped words will be underlined with red color.
  • Use random usernames and passwords for anonymous accounts. The pwgen tool included in Whonix can give output that you can customize length, capitalization, special symbols and numbers for. Its reliable enough that its used by Debian Installer to recommend stronger passwords.
  • Generally, before uploading to the blog pictures and other documents must get anonymized. Usually, pictures contain a unique camera id in the meta tags, which may deanonymize you, and perhaps GPS (location) coordinates. See Metadata for more information. See also #Anonymous Photo Sharing below.
  • Avoid places where people are likely to shoulder surf or where CCTV cameras are deployed.
  • Depending on your situation you are advised to shut off your speakers and microphone at all times as newer methods of ad tracking can link multiple devices via ultrasound covert channels. This works by playing a unique sound inaudible to human ears which is picked up by the microphones of untrusted devices - deanonymizing you completely. Watermarked audible sounds are equally dangerous. So hardware incapable of ultrasound is ineffective protection. To decrease risks its recommended to play video/audio from untrusted sources with headphones connected and adjusted at a low volume. [10] [11] [12]
    • For higher computing assurance you are advised to move all phones, tablets etc. out of the room to avoid them issuing watermarked sounds as well as listening to keystroke sounds and watermarked sounds.
  • Another keystroke snooping technique involves a WiFi signal emitter (router) and malicious receiver (laptop) that detects changes in the signal that correspond to movements of the victim's hands on their keyboard.[13] The attack has many limitations in the real-world that make it non practical and susceptible to noise but its important to keep in mind that public places are generally more risky computing environments. An attack variant using USRP (cellphone radio ranges) have performed poorly because of background energy interference.
  • Energy leaks that reveal sensitive information are a long studied area of cryptography research. There is no need for alarm as all attacks were foiled by software countermeasures in crypto libs and GPG. Side-channel research: Extraction of secret decryption keys from laptop computers, by nonintrusively measuring electromagnetic emanations for a few seconds from a distance of 50 cm. The attack can be executed using cheap and readily-available equipment: a consumer-grade radio receiver or a Software Defined Radio USB dongle.[14] Another involves measuring acoustic emanations. [15] A poor man's implementation of TEMPEST attacks (recovering crypto keys by measuring EM emissions) using $3000 worth of equipment was proven possible from an adjacent room across a 15cm wall. These attacks were only possible for adversaries with nation-state resources for the past 50 years.[16] Keep in mind this is still a highly targeted attack that requires dedicated and skilled attackers and not a drag-net surveillance threat.

Anonymous Photo Sharing[edit]

Every camera's sensor has a unique noise signature because of subtle hardware differences. The sensor noise is detectable in the pixels of every image and video shot with the camera and could be fingerprinted. In the same way ballistics forensics can trace a bullet to the barrel it came from, the same can be accomplished with adversarial digital forensics for all images and videos. [17] [18] Major data mining corporations are starting to use this technique to associate identities of camera owners with everything or everyone else they shoot. [19] It follows that government's have had the same capabilities for some time now and can apply to their vast troves of data.

Note that this is different from file Metadata that may be sanitized with the Metadata Anonymization Toolkit.

There are no known countermeasures for this attack. Research on the question of spoofing sensor fingerprints in image files has proven non trivial and easily defeated.[20]

Operational Security Advice:

  • This advice assumes wanting to preserve anonymity when publicly sharing media in the face of even the most sophisticated adversaries on the internet. Examine your threat model. These steps don't apply for communications that never leave anonymous encrypted channels between trusted and technically competent parties.
  • Its almost a certainty that you've shared photos and videos from your current devices through non-anonymous channels. Do NOT use any of these devices to shoot media you intend on sharing anonymously.
  • You will probably want to avoid phones altogether and use tablets but for most situations they are a reasonable choice. Buy a new Android phone with cash if possible. Avoid other choices because proprietary operating system is a non starter. You MUST flash a freedom and privacy respecting ROM before using your camera. Beware that the corporate malware infestation that comes with the phone out of the box siphons your data to the cloud aka spy heaven.
  • Do NOT mix up purposes of this camera and keep it reserved for anonymous media only.
  • Do NOT do obvious stupid mistakes like taking selfies or photographing places or people associated with you.
  • Do sanitize EXIF data with MAT before sharing anonymously online.
  • Do blot out faces completely with solid fills using an image manipulation program because advancements in neural nets and deep machine learning makes pixelated or gaussian blurred faces reconstructable.[21][22]
  • Consider using the ObscuraCam app from The Guardian Project to protect the identities of protestors. It pixelates images using a technique resistant to facial reconstruction. ObscuraCam also offers a full pixel removal "black bar" option.[23]

Anonymous Audio Recording Sharing[edit]

A similar threat for linking audio recordings to a microphone's hardware is also a valid possibility though no research has been done on this yet. The same opsec measures as for #Anonymous Photo Sharing should be applied.

Anonymous Document Sharing[edit]

Watermarking is a subset of the science of steganography. It can apply to any type of digital media. Goals of watermarking are to trace back information leaks to a source. This is done by embedding covert data into the "noise" of data imperceptible to humans. A digital watermark is said to be robust if it remains intact even if modifications are made to the files.[24]

A good countermeasure is to run documents through an OCR and share the output instead.

According to a talk by Sarah Harrison from WikiLeaks, source tracing can happen through much simpler techniques such as looking at access lists for the materials. For example if only three people have access to a set of documents then the hunt is narrowed down considerably.

Redacting identifying information in electronic documents by means of image transformation (blurring or pixelization) has proven inadequate for concealing the intended text. The words can be reconstructed by machine learning algorithms. Solid bars are sufficient but care must be given to expand their size beyond the original text they cover. Failure to do so gives clues about how long the underlying word(s) are and makes it easy to guess what it based on the context of surrounding text.[25]

Footnotes[edit]

  1. 1.0 1.1 User Behavior

    While somewhat outside the scope of browser fingerprinting, for completeness it is important to mention that users themselves theoretically might be fingerprinted through their behavior while interacting with a website. This behavior includes e.g. keystrokes, mouse movements, click speed, and writing style. Basic vectors such as keystroke and mouse usage fingerprinting can be mitigated by altering Javascript's notion of time. More advanced issues like writing style fingerprinting are the domain of other tools.

  2. https://en.wikipedia.org/wiki/Keystroke_dynamics
  3. https://en.wikipedia.org/wiki/Mouse_tracking
  4. https://freedom-to-tinker.com/2005/09/09/acoustic-snooping-typed-information/
  5. https://www.schneier.com/blog/archives/2016/10/eavesdropping_o_6.html
  6. User re-authentication via mouse movements
  7. On Using Mouse Movements as a Biometric
  8. http://www.cs.wm.edu/~hnw/paper/ccs11.pdf
  9. This will trick smaller adversaries, who can not force the blog service provider to reveal the fact, when and for how long you log in. It won't trick the blog service provider nor someone recording all internet traffic.
  10. https://www.schneier.com/blog/archives/2015/11/ads_surreptitio.html
  11. https://www.newscientist.com/article/2110762-your-homes-online-gadgets-could-be-hacked-by-ultrasound/
  12. https://trac.torproject.org/projects/tor/ticket/20214
  13. Keystroke Recognition Using WiFi Signals
  14. Stealing Keys from PCs using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation
  15. RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis
  16. CDH Key-Extraction via Low-Bandwidth Electromagnetic Attacks on PCs
  17. http://dde.binghamton.edu/download/camera_fingerprint/
  18. Fingerprintable Camera Anomalies
  19. https://www.google.com/patents/US20150124107
  20. Sensor Noise Camera Identification: Countering Counter-Forensics
  21. https://github.com/david-gpu/srez/blob/master/README.md
  22. Defeating Image Obfuscation with Deep Learning
  23. https://lists.mayfirst.org/pipermail/guardian-dev/2016-September/004895.html
  24. https://en.wikipedia.org/wiki/Digital_watermarking
  25. On the (In)effectiveness of Mosaicing and Blurring as Tools for Document Redaction

License[edit]

Thanks to JonDos (Permission). (w) (w) [1] The Surfing, Posting, Blogging page contains content from the JonDonym documentation Surfing and Blogging page.


Random News:

Interested in becoming author for Whonix blog? Writing about anonymity/privacy/security? Get in touch!


Impressum | Datenschutz | Haftungsausschluss

https | (forcing) onion
Share: Twitter | Facebook | Google+
This is a wiki. Want to improve this page? Help welcome, volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.

Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted above, content of this page is copyrighted and licensed under the same Free (as in speech) license as Whonix itself.
  1. Broken link: https://anonymous-proxy-servers.net/forum/viewtopic.php?p=31220#p31220