Guide for paranoid on the web
There is no doubt that there is a global conspiracy (total control, zombing and control technologies) of the bloody gebni ( masons , world backstage , CIA , NSA , RAND corp. , Right). So how can we defend the remaining bits of our freedom? So, we are not alone: ​​there are strong and courageous people who have challenged the dictates of corporations and governments. Consider the typical invasion of our freedom and methods of self-preservation.
If you believe in total control, and still, God forbid, you work as a private entrepreneur or chief accountant, you always have the ghost of masked people, a red book, and search and seizure orders. How not to let them get possession of the most valuable information on your computer. The first echelon of defense is cryptographic file systems. Given the incomprehensible popularity of Windows - this is primarily the Encrypting File System. EFS encrypts, on the fly, all files marked with the corresponding attribute. For encryption, symmetric Tripple DES or AES algorithms are used, but you can also connect your cryptographic provider. However, the FSB (or NSA) launched its hands in the Microsoft management, as the default key storage system easily breaks down with several types of attacks. To prevent this from happening, you must use the SYSKEY system utility, physically delete the original file from the disk after encryption, and not use the paging file. In addition, your passwords and your administrator, such as "vasya" or "password123" do not guarantee you complete security. When using the specified encryption algorithms, the password length must exceed 20 characters. Yes, if you do not have a lightning reaction, then the system should log out on its own, after a timeout.
It should be noted that in Linux there are also similar file systems: Reiser4, CryptoFS, EncFS, EVFS, and others. In addition, there are many third-party software that more or less successfully performs similar functions. When choosing the right one should pay attention to the key lengths and key management system. Keys that are less than 128 bits long should be used only by self-reliant optimists with a clear conscience, and more than 128 bits - if your paranoia has reached the final stage.
OK. THEY came, seized and see - everything is encrypted. Perhaps somewhere in England or Sweden, THEY will apologize, they will return everything and compensate for moral damage. But they are insistent and they begin to use the next type of crypto attack "rubberhose attack" or "use a rubber hose to calculate the key." To combat this type of attack using steganography, or hiding information. Information can be hidden by a quasi-random arrangement of blocks of information on the disk ( StegFS ), adding information to images, by slightly changing the color or lightness, adding chunks to WAV or AVI. Unfortunately, all stegonography tools have low efficiency and are subject to possible loss of information.
All this is good, but we know what their ingenuity comes to when it comes to our secrets. For people and organizations with a neglected form of paranoia, there are means of physically destroying HDD, CD, DVD discs, such as magnetic OCA series shredders, which are built into the computer and are triggered by radio or from external influences. One minus - the computer becomes similar to a complex explosive device, with many fuses. To plant such an accountant girl is just scary.
I think that even users with an easy, initial stage of paranoia have heard of SORM (Operational Investigation System) - “a set of technical means and measures designed to conduct operational investigative activities on networks of telephone, mobile and wireless communications and personal radio calling for general use and the Russian segment of the Internet. " Perhaps someone has heard of the Echelon system performing similar functions, only at a higher technical level, in English-speaking countries. However, to securely transfer information, it is not necessary to arm yourself with a pair of books and encode a message using page numbers and phrases or transmit messages through a cache disguised as a stone. There are much more convenient methods, for example, message encryption programs using an asymmetric or symmetric algorithm ( PGP ). Despite the widely publicized benefits of asymmetric public key encryption, the main problem with this encryption method, like symmetric encryption, is reliable and secure key exchange. The fact is that the exchange of public keys via communication networks is easily amenable to the “man-in-the-middle” attack . In other words, a specially trained person sits with your provider and waits for you to publish your public key, intercepts it and changes it with your own, after which it decrypts and encrypts all messages coming to you. The only means of protection against this attack is reliable authentication of the key holder, which is carried out by a reliable intermediary, mutual authentication or biometric information. But we know that there are no reliable intermediaries, no one can be trusted, and any prints and retinas can be faked.
By the way, there are means to counter the interception of the message through a rubber hose. This is the so-called ambiguous encryption , in which there are several decryption keys for an encrypted message, each of which gives a plausible result (only one, as you understand, hereby). There is an OTR protocol for instant messaging encrypted using ambiguous encryption.
Another problem for the paranoiac on the web is the constant internal struggle with their IP address. In the fight against the ability to trace the physical location above you will be helped by anonymous communications. The most famous of these are the “multi-layer routers” ( TOR ) networks, which wrap your packet in a new cipher layer and send it to a randomly selected next router. At some stage of routing, the packet "lands" on the regular Network and follows its destination. The main problem with these networks is that there are probably few such altruists who will take responsibility for your communication with Al-Qaida colleagues. By the way, well-known anonymous proxy servers, in fact, are a special case of these networks.
When you publish a hard-to-find video of famous events in the Oval Office during the Clinton years, or the party of the intense student youth of George Bush Jr. on YouTube, you naturally have a suspicion that the life of this publication will be no more than five minutes. To fight for freedom of speech against THEM, and any RIAA that have joined them, there are peering networks that are not confined to all known file sharing sites, but include messaging networks ( Usenet ), voice traffic ( Skype ), and video traffic ( Joost ). For paranoids with experience, there are anonymous peer-to-peer networks like Freenet , operating on the principle of "multilayer routers". The main problem of widespread peer-to-peer networks like BitTorrent , eDonkey is the need for central server (s) that are vulnerable to THEM. Therefore, the main trend in recent times is the introduction of encryption, entanglement (obfuscation), masking of traffic, anonymization (pseudonymization) of users, and the introduction of fully distributed peer-to-peer networks. It should be noted that the creation, production, distribution and maintenance of encryption tools in Russia belongs to activities requiring mandatory licensing. Thus, that Ballmer from Microsoft with Windows crypto-providers, that paranoid hacker Vasya, who made and distributed his immortal creation SuperPuperPGP, can be fined up to 500,000 rubles and get up to 5 years in the teeth. Thanks to them that we can at least enjoy all this.
What are the immediate needs of an experienced paranoid on the web? The main ones are:
PS: The article does not consider such methods of invasion as electromagnetic intelligence, spyware, since the first does not belong to the Network, and the second, unfortunately, is not the privilege of only paranoids.
ZZY: Hard paranoid on the web ...
Basil naivel
Come and take it away ...
If you believe in total control, and still, God forbid, you work as a private entrepreneur or chief accountant, you always have the ghost of masked people, a red book, and search and seizure orders. How not to let them get possession of the most valuable information on your computer. The first echelon of defense is cryptographic file systems. Given the incomprehensible popularity of Windows - this is primarily the Encrypting File System. EFS encrypts, on the fly, all files marked with the corresponding attribute. For encryption, symmetric Tripple DES or AES algorithms are used, but you can also connect your cryptographic provider. However, the FSB (or NSA) launched its hands in the Microsoft management, as the default key storage system easily breaks down with several types of attacks. To prevent this from happening, you must use the SYSKEY system utility, physically delete the original file from the disk after encryption, and not use the paging file. In addition, your passwords and your administrator, such as "vasya" or "password123" do not guarantee you complete security. When using the specified encryption algorithms, the password length must exceed 20 characters. Yes, if you do not have a lightning reaction, then the system should log out on its own, after a timeout.
It should be noted that in Linux there are also similar file systems: Reiser4, CryptoFS, EncFS, EVFS, and others. In addition, there are many third-party software that more or less successfully performs similar functions. When choosing the right one should pay attention to the key lengths and key management system. Keys that are less than 128 bits long should be used only by self-reliant optimists with a clear conscience, and more than 128 bits - if your paranoia has reached the final stage.
OK. THEY came, seized and see - everything is encrypted. Perhaps somewhere in England or Sweden, THEY will apologize, they will return everything and compensate for moral damage. But they are insistent and they begin to use the next type of crypto attack "rubberhose attack" or "use a rubber hose to calculate the key." To combat this type of attack using steganography, or hiding information. Information can be hidden by a quasi-random arrangement of blocks of information on the disk ( StegFS ), adding information to images, by slightly changing the color or lightness, adding chunks to WAV or AVI. Unfortunately, all stegonography tools have low efficiency and are subject to possible loss of information.
All this is good, but we know what their ingenuity comes to when it comes to our secrets. For people and organizations with a neglected form of paranoia, there are means of physically destroying HDD, CD, DVD discs, such as magnetic OCA series shredders, which are built into the computer and are triggered by radio or from external influences. One minus - the computer becomes similar to a complex explosive device, with many fuses. To plant such an accountant girl is just scary.
Trace and intercept ...
I think that even users with an easy, initial stage of paranoia have heard of SORM (Operational Investigation System) - “a set of technical means and measures designed to conduct operational investigative activities on networks of telephone, mobile and wireless communications and personal radio calling for general use and the Russian segment of the Internet. " Perhaps someone has heard of the Echelon system performing similar functions, only at a higher technical level, in English-speaking countries. However, to securely transfer information, it is not necessary to arm yourself with a pair of books and encode a message using page numbers and phrases or transmit messages through a cache disguised as a stone. There are much more convenient methods, for example, message encryption programs using an asymmetric or symmetric algorithm ( PGP ). Despite the widely publicized benefits of asymmetric public key encryption, the main problem with this encryption method, like symmetric encryption, is reliable and secure key exchange. The fact is that the exchange of public keys via communication networks is easily amenable to the “man-in-the-middle” attack . In other words, a specially trained person sits with your provider and waits for you to publish your public key, intercepts it and changes it with your own, after which it decrypts and encrypts all messages coming to you. The only means of protection against this attack is reliable authentication of the key holder, which is carried out by a reliable intermediary, mutual authentication or biometric information. But we know that there are no reliable intermediaries, no one can be trusted, and any prints and retinas can be faked.
By the way, there are means to counter the interception of the message through a rubber hose. This is the so-called ambiguous encryption , in which there are several decryption keys for an encrypted message, each of which gives a plausible result (only one, as you understand, hereby). There is an OTR protocol for instant messaging encrypted using ambiguous encryption.
Another problem for the paranoiac on the web is the constant internal struggle with their IP address. In the fight against the ability to trace the physical location above you will be helped by anonymous communications. The most famous of these are the “multi-layer routers” ( TOR ) networks, which wrap your packet in a new cipher layer and send it to a randomly selected next router. At some stage of routing, the packet "lands" on the regular Network and follows its destination. The main problem with these networks is that there are probably few such altruists who will take responsibility for your communication with Al-Qaida colleagues. By the way, well-known anonymous proxy servers, in fact, are a special case of these networks.
They will cover and arrest ...
When you publish a hard-to-find video of famous events in the Oval Office during the Clinton years, or the party of the intense student youth of George Bush Jr. on YouTube, you naturally have a suspicion that the life of this publication will be no more than five minutes. To fight for freedom of speech against THEM, and any RIAA that have joined them, there are peering networks that are not confined to all known file sharing sites, but include messaging networks ( Usenet ), voice traffic ( Skype ), and video traffic ( Joost ). For paranoids with experience, there are anonymous peer-to-peer networks like Freenet , operating on the principle of "multilayer routers". The main problem of widespread peer-to-peer networks like BitTorrent , eDonkey is the need for central server (s) that are vulnerable to THEM. Therefore, the main trend in recent times is the introduction of encryption, entanglement (obfuscation), masking of traffic, anonymization (pseudonymization) of users, and the introduction of fully distributed peer-to-peer networks. It should be noted that the creation, production, distribution and maintenance of encryption tools in Russia belongs to activities requiring mandatory licensing. Thus, that Ballmer from Microsoft with Windows crypto-providers, that paranoid hacker Vasya, who made and distributed his immortal creation SuperPuperPGP, can be fined up to 500,000 rubles and get up to 5 years in the teeth. Thanks to them that we can at least enjoy all this.
Problems and requirements ...
What are the immediate needs of an experienced paranoid on the web? The main ones are:
- Lack of reliable means of anonymous authentication. Examples of OpenID and others like them for paranoiac with experience look ridiculous.
- The lack of a fully distributed, reliable, anonymous, encrypted database with reliable user authorization. Here you should pay attention to the university (so far) development: the Cleversafe project, based on the work of the RSA cipher creator Abi Shamir “How to share a secret” , and the project of the fully distributed peer-to-peer network OceanStore based on Tapestry .
PS: The article does not consider such methods of invasion as electromagnetic intelligence, spyware, since the first does not belong to the Network, and the second, unfortunately, is not the privilege of only paranoids.
ZZY: Hard paranoid on the web ...
Basil naivel
')
Source: https://habr.com/ru/post/9328/
All Articles