See if you can IMPROVE on THIS privacy plan!

Hey Forum,

Someone in this forum remarked that no matter HOW secure you may think you are... if the NSA wants you... you're dead meat....

Well....

Please consider the following scenario and tell me if you find any flaws in my strategy, unnecessary redundancies.... and any improvements you would make.

Let's say I want to discuss (via email) controversial "civil disobedience" issues with another person relating to the constitutionality of the IRS, or Federal DEA harassment of individuals who are in compliance with state laws (ie., medical marijuana)....or politically incorrect social issues like abortion or freedom of speech....

First, both of us, in order to safeguard our communication, would go to www.the-cloak.com and each pay $10 for a year's worth of anonymous surfing. (see http://www.the-cloak.com/anonymous-surfing-faq.html)

From the-cloak's browser, we would both sign up for a hushmail account

To send an email, I would go to stealthmessage.com and send an encrypted message to his hushmail account, one that self-destructs after it is read. He ofcourse, would know the key (password) in advance.

I would also use XeroBank, (hello Torrify)

AND advanced encryption software found at secureaction.com, so that even if my hard-drive were confiscated, it would be impossible to crack by the cyber-forensic-CSI types.

Heres some copy from their site:

1. Encrypt your sensitive files using 20 encryption algorithms including well-known AES 256 bit
2. Securely delete your sensitive files using 20 wiping algorithms including Peter Gutmann algorithm and NATO Data Destruction Standard.
3. Create self-decrypting versions of your files (password protected) to send them via email
4. Use Public and Private encryption keys (RSA algorithm) when necessary.
5. Keep all your encryption keys on USB Flash Drives. iPOD is also supported
6. Encrypt not only files but text messages. AEP PRO has special Text Encryption Assistant to encrypt important messages being sent via e-mail/ICQ.
7. Automate your encryption tasks. AEP PRO includes fully featured command line utility to process files in a batch.


Then I would go to a Wi-Fi Hotspot for connecting.


NOW. Let's say YOU work for the NSA, the IRS, or the DEA, and you believe that the two of us may be communicating in such a way as to violate a law.

Is there ANY way for you to intercept the communication?

Let's say you bullied your way into both of our homes and confiscated our hard drives. You also got a court order for both of our ISPs and both WiFi hotspots.

Would you be able to connect the dots?

Are any of the tools I described unneccesary? Redundant overkill? Any more I should add?

Thanks for your consideration and contribution

 

LMAO!What are you,a terrorist or 007 agent?Two post and you ask that crap,too funny.It does not matter what you read here or any other place using your computer,you put it on the net and power/money will find you if they want,period!

 

Fair enough..... but actually one doesn't have to be a terrorist, or danger to society, to desire privacy in one's communications....

IF what you say is true... (and it may very well be...)

then there is no NEED for this forum...

Anybody with the cash or the clout...

can find you out?


What about the rest of you folks?

And to pugmug..... Ok... nobody can be 100% safe... BUT...

Is my strategy.... the safest?.... and .... lets say you are right...

with their money and their cash.... HOW would they do it?

This is theoretical.... but speculation.... is entertaining...and educational

There is alot of depth and creative intelligence in this forum. I am eager to hear more from you seasoned bloggers.

In deference to pugmug, I often think, we can never have 'absolute' anything. Any one of these privacy peddlers could be a front for some outfit (govt or otherwise) that has a back door that only they know about.

 

I am sure there are ways to mask your activities and to make it difficult to track what you did in the past. If you put up enough roadblocks, it may make it that much more difficult for an investigator to try to tie all of the pieces together. There are crimes committed where too many loose ends exist or all of the evidence cannot be retrieved or tied together properly. The same could possibly be applied to PCs as well. Regarding your "covert" communication regarding "controversial issues", I don't believe that the mere discussion of them would necessarily result in you being targeted and then tracked. There are many people who have diverging opinions about taxation, abortion, illegal drugs, homosexuality, racial issues, etc. There have been a lot said in the media regarding Government "wiretapping" into phone conversations and internet activity. Some of it is most likely true. For example, people that are targeted on a terrorism list are usually monitored in some fashion (computer, phone, etc.). Can they implement ways to try to hide their discussions? Maybe so, but there have been people who have been arrested since 2001. They have only limited resources to track every single person in the US and a lot has to do with what that particular person is involved in. Things like terrorist links and pedophilia usually rank high on the list. The topics that you list I think rank much lower and would not be in the cross hairs of most government monitoring systems. Just discussing the issue, I don't think would merit you to be tracked, but if you actually implemented your opinions in your daily life, then of course, you would be treated as a common criminal and be subject to the normal civil penalties relating to your illegal activity. And then they would then try to issue warrants to confiscate everything that you came across in your life.

Not being an investigator nor familiar with tracking tools, I could not answer whether you could conceal your discussions or not. When you post things online or send electronic communication, you leave a record of that communication on another computer located somewhere else. Even though the communication was encrypted between the two of you, that does not mean the "unlocking" mechanism could not be ascertained to retrieve the communication. The only 100% privacy level that I know of is to be offline completely. When you dial out, you automatically leave a "footprint" of what you did. So to not leave footprints, you don't dial out and only talk face to face.

 

Hello,

The questions you ask cannot be answered simply:

1. I doubt anyone working for a security agency would tell you if they can or can't.
2. I doubt too many of those are Wilders regulars.
3. Is there a way? How much effort do you want invested?

It is possible to do a lot - but if it takes 400 years to crack a password, then it's not really feasible, right?

All in all, anything electronic can be recorded and analyzed. But if you are going that far, how about a microphone near your location, listening to keyboard strokes, and deciphering them by their unique pitch? Or a camera installed below your retina, of which you are not even aware of?

This can be tricky ...

Mrk

 

Yes, maybe I'm watching too many Bourne conspiracy movies...

Thanks to both of you for the thought-provoking responses...

Does anybody know anything about the encryption software shown at secureaction.com?

 

DEAD MEAT YOU ARE

If the circumstance require it
I can say for fact that if more than one of you know something that information is not safe.
I can also say if you are the only person that knows the information there are ways and means of getting that info from you regardless of who you are.

 

MrDuane, see: https://www.wilderssecurity.com/showthread.php?t=190737

 

The key to 1000% privacy if that's your preogative is to hire a special code encrypter to fashion the algorithms and not depend on commercial or other apps for that chore and store your secrets deep in a reserved area of the disc only YOU can access via password restrained by a time period where access even to you is confined within limits.

I like this 007 methology although i hardly doubt i will ever find a use for it.

 

Not a good idea. Only a newbie who doesn't know even the most basic thing about crypto would say this. Building good cryto algo is HARD, very hard. The best ones are the public ones that have being attacked and tested by the brightest minds (those not working for NSA anyway) and have surivived.

Any private cryptography that has not being subject to public test is very unreliable and could be easily broken by academics (much less the NSA).

Not sure what the second thing means. I suppose you could rig it up such that it would only be accessed at the right time, right place (GPS tracker), right password, and right token..... lol..

 

I would say take all of that you wrote about doing....and add your own cryptic messaging to it. Have your "codes" written on a piece of paper, or plain and simply memorized, so that only the two of you know what it means. Even have a certain character represent "space" so that you can just have a message genggoe9ngegh (and the 9 is a "space" separating words). I know there is much more to it, but that is the point. You and your buddy need to come up with it. So like...any number means space and blah blah blah.

Just a thought. Encryption keys can be cracked but to figure something like that out would be much harder because it is just randomness from your brain.

 

So, you have both gone and paid (I guess with a credit card) at the cloak. So, if I am suspicious already that you and your buddy are talking, there's some nice evidence that I could get to build my case. (And the post asking for advice about how to do this stuff).

and

There are also statements about turning over logs to the authorities on their site.

If you know the password, and they want it then they will have it, one way or the other.

Leaving further traces in the logs of the hotspot, or traces if it's a paid service.

Almost certainly, yes.

Almost certainly, yes.

If I were you, I'd just discuss things over a beer and at a barbeque? Probably heaps more secure, less expensive and harder to track.

 

Not necessarily accurate. It's the algorithms NOT PUBLISHED that can't be bested. Do you really believe that goverment agencies rely on publicly commercial encryption programs? And i never said a private source wasn't tested. Yes it is difficult programming at best but there are plenty of sharp coders in the world and some are in an elite class, especially in this field.

But for sake of this topic of course commonly popularly tested programs would be more than enough for that purpose.

 

There's a difference between algorithms and applications. Yes, the government uses the AES (Rijndael), that's what AES is all about. As for applications, they use many off-the-shelf programs, including PGP and SecureDoc.

As for using wireless Hot Spots for anonymity - that's about as anonymous as you can get. Especially the freebies. Logs don't mean a thing when they haven't a clue as to who was on X computer - which might actually have been next door sitting outside the pet store instead of sitting in their cafe.

Actually, the plan isn't all that bad if you used throw-away pre-paid credit cards totally unconnected to you and did all the signing-up at a hot spot. And don't EVER go back and use it from someplace associated with you. As for "SecureAction" or whatever it is -- forget it. Truecrypt or AxCrypt (open source applications).

 

awesome responses so far....

my time is limited.. but....

I think Hushmail claims to be very obstinate about turning over their info to authorities... I think they're out of Canada...

Prepaid cards ..... good idea.... bought at a convenience store with no cameras or atleast one that re-uses their tapes (vs digital) when no need for them arises (ie, no robberies)

I am thinking about writing a novel about this, along the lines of Bourne, but with the hero being an average Joe....

 

If you're concerned about AES's strengh against attacks, you may want to use the Serpent cipher together with the RIPEMD-160 hash algorithm
Truecrypt docs

 

I'm not worried about it. I was responding to another post where EASTER said he didn't believe the government used public algorithms. There is such a lack of understanding about cryptography on Wilders. I wish people would post answers to things they actually know something about, instead of feeling like they have to have something to add to everything. EASTER's post was factually incorrect on several counts and it's very frustrating to see things written with such certainty when they don't know jack. But, that's how it is.

 

My quote was incorrect. I should have specified that my post post was directed to EASTER and his concerns about government's use of public crypto algorithms using your post as a reference.
Theoretically, Serpent is more secure than AES-256 (Rijndael)

You might me right on this

 

I did not read this whole thread, but start off with free anonymous services like TOR and use them to register pay services with gold and work your way up.

 

Nice to see I'm not the only one to feel that way.

 

Oh come on guys, its easier than any of that.

If we already suspect the two of colluding, we can just install physical logging devices inside their computers or optic-fiber cameras to watch everything you type, track their location with their phones or any sort of generic surveillance, and use Van Eck equipment to read the message remotely from the computer screen at the wifi hotspot. Or better yet, just pick them up and torture them because that is now legal if we declare you an 'enemy combatant', right?

 

Mr Duane:

I concur with all the advice already given but would like to rant a bit on this issue.

The only 100% way to avoid the risk on the www of loss of privacy and information is to NOT use the www. That is 101% true.

In fact, going back to snail mail won't work either, talk to your postman like I did it is horror story of stolen mail.

You could restrict talking about these subjects to in person? the phone?
Any of these methods can be broken.

So then it seems the only true way for privacy is to keep our thoughts to ourselves!

Your concern is real for you, but are you really worried that your email and files are anymore at risk than say any other user?

I suggest you use 2 PC's. One open for free flowing in and out of non sensitive data. Meet me for lunch, here is a good new movie etc.

The other PC is not on line ever, it is used for banking, taxes and recording your private thoughts in encrypted strong psw protected files.

How you share these private files is well subject to all the issues of www, snail mail and verbal discussion.

End of rant!

 

Well, i stick with my earlier summations that commercial encrypters also carry the same equal limitations as even AV's. They might been tested publicly and proven well enough to guard against compromise, but there remains a very grey line between total encryption commonly taken as acceptable and those that are lab tested and released to private entities.

Public/Commercial Encryption programs are sutiable enough for the everyday joe and maybe some businesses, but i challenge anyone to bring up the most secure encryption app that can't possibly be deciphered.

 

Hushmail is not so secure for what you describe.

http://www.itnews.com.au/News/65213,hushmail-turns-out-to-be-anything-but.aspx
http://blog.wired.com/27bstroke6/2007/11/encrypted-e-mai.html

It far safer to setup your own email server with SSL encryption/certificate in place and cut out any 3rd party.

 

I have a total newbie question about this "privacy plan". If only both parts are aware of the password used to decrypt all emails received, who cares if you're being anonymous or not, since only you and the other guy are the people who knows the correct password to read the whole contents of the messages?

Assuming, of course, you didn't send the password along with the message.