Re: blackmail / real world stego use
bear wrote: On Wed, 27 Aug 2003, Ed Gerck wrote: OTOH, it is possible that the dutch man was traced not by a one time download of the image but by many attempts to find it, since the upload time of the image to the site was not exactly known to him and time was of essence. In this case, the required tracing capability would NOT need a large capability for packet recording and correlation. It would just include finding 100's (or 1000's) of identical access occurrences in surfola's incoming server traffic, after surfola's server was tagged from the website's logs. The problem being here access to the website's logs. Getting the logs via a warrant and due process, No, the website's logs mentioned above belongs to the victim -- who had no problems in fully cooperating with law enforcement. which seems like a minimal exercise for a privacy server, is hard to do inside 24 hours. It's much easier to believe that the FBI is keeping its own logs at hubs, routers, and switches connected to surfola, thereby eliminating the need for warrant service. surfola connects upstream to someone, who is tapped before the victim posts the image. Ed Gerck - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: blackmail / real world stego use
On Sat, 23 Aug 2003, Barry Wels wrote: Hi, So far I have only found one English item in the news about this. http://www.expatica.com/index.asp?pad=2,18,item_id=33655 So let me translate some of the dutch information about this interesting case : snip - story of a dutch man who used surfola.com, an american anonymizing service claiming we will not give out your info to anyone ever, to browse a website containing stego data worth US$185K that he'd extorted a dutch company into placing there. FBI was apprised of situation, had his email address within 24 hours - he was arrested by (dutch?) police the instant he tried to touch the money. It is interesting to speculate about whether the FBI served surfola.com with a warrant. If the anonymizing service is transparent after the fact to the details recorded during the FBI's ordinary daily monitoring of the internet, then we live in interesting times indeed. That would imply packet recording and correlation on a level greater than we've ever considered to be in the arsenal of cryptographic threats, implying the emergence of forces (and inevitably of forces other than governments) that have eavesdropping capabilities that cannot be defeated except with time-delayed packet relay through many hosts and re-encryption/ redecryption at each step of the way. That is a model that does not permit realtime communication, meaning that monitoring may be impossible to escape for realtime activities such as web browsing. Bear - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: blackmail / real world stego use
- Original Message - From: bear [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, August 27, 2003 5:49 AM Subject: Re: blackmail / real world stego use [...] That would imply packet recording and correlation on a level greater than we've ever considered to be in the arsenal of cryptographic threats, implying the emergence of forces (and inevitably of forces other than governments) that have eavesdropping capabilities that cannot be defeated except with time-delayed packet relay through many hosts and re-encryption/ redecryption at each step of the way. That is a model that does not permit realtime communication, meaning that monitoring may be impossible to escape for realtime activities such as web browsing. That appears to be the conclusion reached by the developers of GNUnet: http://www.ovmj.org/GNUnet/faq.php3?xlang=English#GNUweb --- Q. Is it possible to use GNUnet via a browser as an anonymous WWW? A. There is currently no proxy (like fproxy in Freenet) for GNUnet that would make it accessible with a browser. It is possible to build such a proxy and all one needs to know is the protocol used between browser and proxy and a swift look at the sources in src/applications/afs/tools/. The real question is, whether or not this is a good idea. In order to achieve anonymity, GNUnet has a much higher latency than the WWW. Thus, the experience of browsing the web will usually be hindered significantly by these delays (potentially several minutes per page!). If you still want to write a proxy, you are welcome to send us code and join the developer team. --- Enzo - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: blackmail / real world stego use
-- bear That would imply packet recording and correlation on a level greater than we've ever considered to be in the arsenal of cryptographic threats, implying the emergence of forces (and inevitably of forces other than governments) that have eavesdropping capabilities that cannot be defeated except with time-delayed packet relay through many hosts and re-encryption/ redecryption at each step of the way. That is a model that does not permit realtime communication, meaning that monitoring may be impossible to escape for realtime activities such as web browsing. Enzo Michelangeli That appears to be the conclusion reached by the developers of GNUnet: Freenet's almost realtime nature probably means the authorities can figure out what you are browsing if they have universal monitoring However the potentially long delay between publication and appearance means that freenet could, if implemented correctly, prevent the authorities from knowing who published what, even with universal monitoring, and even if they did know who read what. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG HIFlk2xg8PcuQkPVphQIwlHu7paDKTZ7LIeE6d6f 42WEQReKUM4YG5+yuVLp3ddu8GwoARZ/Yb9coUEfi - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: blackmail / real world stego use
A guy in Google can do it. In short, if Bob would set up (or use internally) a www cache, reachable as a public service, which cache quickly downloads all the pages of several sites by multiple HTTP connections, the desired image being among them, and do this for a time window that overlaps the desired target time, then the desired image can be seen almost in real time by Bob, anonymously. OTOH, it is possible that the dutch man was traced not by a one time download of the image but by many attempts to find it, since the upload time of the image to the site was not exactly known to him and time was of essence. In this case, the required tracing capability would NOT need a large capability for packet recording and correlation. It would just include finding 100's (or 1000's) of identical access occurrences in surfola's incoming server traffic, after surfola's server was tagged from the website's logs. The lesson seems to be that, like with other security tools, anonymizing tools also need to be correctly used. Providing an action pattern can break an anonymizer -- to identify is to look for coherence. Cheers, Ed Gerck bear wrote: That is a model that does not permit realtime communication, meaning that monitoring may be impossible to escape for realtime activities such as web browsing. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]