Internet Communications

From Steal This Wiki
Jump to: navigation, search

Pretty much all internet communication is or can be monitored by the authorities. Certainly, once you're identified as a dissenter, everything you do will be watched.

This section lays out ways to work within this environment and ways to, in some cases, get around the overseeing eyes of Big Brother.

Google CEO Eric Schmidt said "Internet users shouldn't worry about privacy unless they have something to hide."

Contents

Using Email Securely[edit]

Under Construction

Despite claims made on other parts of the net, email can be a secure and safe method of communication for those who want to get away from the prying eyes of government agents. Most people know of gmail & hotmail and know that the government has sent plenty of secret warrants asking for logs, and these major email providers are happy to comply. Even if they didn't, intercepting these plaintext communications and reading them is a trivial matter for the NSA. To accomplish complete anonymity over email, (and secret communication in general) three things must be accomplished.

  1. The content of your message must be hidden
  2. Your location must be hidden
  3. Your Identity must be hidden

It is best if each of these goal are accomplished through multiple means at the same time, in case one method of secrecy is cracked or been made obsolete.

Hiding Content

Encryption. There really isn't any other way of concealing a message, unless you want to try switching your letters for numbers or hiding a message in the pixels of a image, but really both of those methods are simply less or more complex methods of encryption. Generally (but not always) the more complex a method of encryption the harder it is for someone to read without the key. The key being a special method used to reveal a encrypted message. There are too many methods of encryption to describe here so I will be describing the one you should be using. GPG stand for Gnu Privacy Guard, it is open source (don't worry this makes it more secure) and originally based on OpenPGP

Hiding Location


Hiding Identity


Old Content

While access to internet cafes or other public access point maybe monitored (CCTV will hardly ever be noticeable), if you pay by cash and use a disposable one time email address with something like zoho or protonmail, plus logging on to it through Tor, it is very unlikely that your identity will be pin pointed. This is obviously only useful if the the recipient is not in danger of being compromised or if you can agree predetermined times to communicate using 'disposable email addresses and public machines at each end of the communication. What will be noticed when you are under investigation is if you stop using your old email address, make new accounts, and then continue to email your family and friends as normal, do you think it will be hard to figure out who that new account belongs to? Using encryption will raise eyebrows but does protect your communications and if you are using public key encryption you can also verify the sender's identity.

Looking at Web Pages Securely[edit]

Remember that while you are looking at web pages all kinds of information may be free to leak into your mind and even your soul. Check that you are conscious of this at all times. If possible use an ad blocker and make sure you do not look at web pages when you are tired or under the influence of any medication that may reduce your consciousness. Even the most legitimate looking and well designed web page may well contain information that is either completely incorrect or deliberately misleading.

Your browsing probably follows a pattern to your favorite news, sports, email, and other sites. With the right software or if the ISP is watching this browsing pattern can be detected potentially flagging persons of interest for either enhanced surveillance or sending your location to the police.

You can hide this using a mix proxy like Tor. Used to be sponsored by Navy labs and later EFF, is open source though. There are also good guides on securing your web browser for use with it out there. Make sure your real identity is never possible to link to your pseudonym and you should be safe.

Freenet is used by all kinds of people to share static information like pages and files. More limited than Tor. (no exit into normal web) Best used for massive files.

I2P is a system similar to Tor, but more closed. (most nodes aren't exits into the web) It is more suited than Tor for massive file transfers, P2P style. There's a good BBS app called Syndie for it.

General notes about anonymizing systems


Some forums and pages block these proxies due to jerk abuse and they may be used by some unsavory child pornography sharers. Don't get involved with that and keep all the "hot" data encrypted, so that pigs cannot put incriminating evidence.

Social Networks & IM (Instant Messaging)[edit]

Although fun and even useful, be aware that social networks can expose your personal details to other people, and is to be considered as a constantly government monitored method of determining who you communicate with even casually. Make sure you understand what you are sharing with whom. Many services by their nature allow many people even the whole of the internet to see the message you thought you just sent to a friend. Educate yourself and be aware.

IM tends to be more unambiguous but like email is inherently not secure or private and is mostly monitored or at least archived.

If you need to use Yahoo Messenger but don't want to download it to the computer you're using, there is a web based version here.

Google Mail's IM is monitored well and automatically. Don't trust it. The good part is that it uses an open IM called Jabber, which there are many other servers of. Try Jabber.org for a list of servers and apps. It's fairly hard to find people there except by asking directly.

Encryption[edit]

While it is fairly trivial to install military/diplomatic grade free open source email encryption on any personal computer like GNU Privacy Guard or [1], it is only as good as your personal security habits. It may be difficult to impossible for security agencies to crack your encryption in your lifetime but there may well be 'back-door' access that you don't know about, especially if you run a closed source OS or have compromised hardware. Considering all of the risks besides just the encryption you can only consider this to be a way of hopefully slowing down third party access to your private information. If any third party wants access to your information they may feel the quickest way is to 'persuade' you to hand over your encryption keys.

See #Crypto section below.

Flash Burns[edit]

Most are smart enough to use TOR and other privacy services especially when operating in the sketchy bits of the net. With the popular rise of flash on websites there is a bigger problem, LSO's or flash cookies which stay alive even when you wipe all of the cookies from your browser. To say it another way, you can turn on tor and wipe your browser cookies and history but da' man at (google owned) youtube still can ID you as the same guy who logged into gmail 15 min ago. A cookie is a small file a website sends to your browser so it can ID you as you visit other sites or return, google and doubleclick are famous for tracking users with traditional cookies. You can just install a flash blocker plugin if you use firefox, never install/uninstall flash, or if you love to flirt with danger add a LSO wiper plugin. Many websites are built with flash and wont work without flash installed, we suggest just avoiding these pages because Flash Sucks!!

It is recommended to use NoScript (with flash on click even for trusted sites), some cookie manager and BetterPrivacy (LSO wiper) when dealing with flash. There's also a trick to increase your privacy on Linux: edit /etc/adobe/mms.cfg. On WinXP and below, C:\Documents and Settings\username\mm.cfg , on Vista/7 C:\Users\username\mm.cfg - if the file doesn't exist, create it. There are a few settings that may improve privacy of Flash somewhat. Especially important is DisableDeviceFontEnumeration=1 as it's an easy way to build a profile, as well as DisableSockets=1 which can otherwise skip anonymising proxies. Flash won't ask about these two breaches by default, unlike others (such as local file read, webcam and microphone). You can disable LSOs there as well.

Remember Pattern Matching[edit]

Remember that in general the pattern of your web browsing and email contact just like the pattern of your phone calls and credit card transactions will be much more telling than individual records. Just in the way that Credit card companies will now automatically notice if your spending goes outside the norm either in geography or amount it is certain that electronic communication can be monitored easily in the same way and act accordingly.

Email: What it is and isn't![edit]

Email is short for electronic mail. Now that we have email, email users refer to regular mail - received via the Post Office - disparagingly as Snail Mail. Inherent in its form, is its speed. When you send a letter through snail mail it can take days to arrive. When you send an email it arrives in the recipient's "email box" (inbox) nearly immediately. The only delay being the time it takes for the sender and recipient's email servers and the recipient's email client to synchronize with one another.

There is another difference though, (every rose has a thorn, right?) while snail mail arrives days later and doesn't run on Sundays it does require the use of tangible resources such as paper and stamps. It does have one benefit that email doesn't - it's usually in a sealed envelope. So speed or security. Oh, and email is probably massively less hungry on resources...

In practice, the only thing stopping your postal carrier (or any one of the various postal workers who touch your envelope from the time it's picked up to the time it's delivered) from opening and re-sealing your mail is the law of your country (but when did that stop anyone?). When it comes to email, they are still figuring out how to handle it from a legal perspective. Recent court decisions have tended to side with privacy advocates when it comes to who can read your email, how it is obtained and the responsibilities of the Internet Service Provider (ISP).

On the other hand ISP whistle-blowers have informed the public that media companies such as AT&T who provide you with your internet service wasted little time in responding to the government's request/demand for access to its data and voice lines. If you are using email you should expect the same kind of privacy you have when you are browsing the internet: None. Assume that someone is reading your email and assume that someone is watching all of your internet activity.

Don't communicate important or sensitive information through email. Once you've established groups of people or partners in actions, only use email when absolutely necessary. You should be similarly concerned about talking on the phone, but somewhat less so. The bottom line is that the only secure methods of communication involve direct conversations and sealed envelopes. But if there is a reason for the government to suspect you of illegal activities (read: anything they don't want you to do for any reason), then you should be careful on the phone and using snail mail just as you are careful with email.

Email can still be a good way to share reference material or for bringing people together. Still, be careful with it. Don't give your email address to anyone unless you know them or are confident in their security. When you sign up for access to sites on the web that require log-ins, read their privacy statements and never provide your email address, even to a person or a party appearing to represent your ISP. Don't even give your email password to your friends or family. Don't use your email to store important information or personal files on financial or other personal information - save it locally on your computer and/or print it out for your files. If something arrives in your email inbox that might be necessary for someone else to be able to access in an emergency, or if you are unavailable, temporarily or otherwise, then it doesn't belong only in your email inbox.

You should know that the content of your emails are actually less useful to an investigator than who you are in contact with, when you are sending, and from where. You can hardly claim to not know someone with whom you have regular or even sporadic email contact.

The Bottom Line[edit]

The bottom line is that your email inbox is yours and yours alone, Email offers a efficient and easy means of communication for people with access to it but it's also easily vulnerable to access from the outside. Treat it appropriately, and treat it with respect.

The first place any cop or PI will go is your email and social networking profile. Months can go by if you are planning something with your friends on email without any indication that it's being accessed illegally, you can let your guard down, believing that you are speaking in private and then suddenly, without warning, you're being hauled into jail and your computer is taken as evidence against you.

You might not have done anything, but that doesn't matter. We no longer live in a society where the government allows free speech if we ever did. But hell, governments never never stopped anyone doing anything.

Even the suggestion of the idea of a notion of an intangible threat is enough to put you away. And the more innocent you are, the more likely you are to be tortured. Cops, especially the feds, don't like to be wrong, and it should be obvious to anyone who reads the news that the government will stop at nothing to get what it wants or to make it appear like it has what it wants. Don't let your own email be your undoing. Use it with respect and caution.

Webmail[edit]

Webmail is now cheap and plentiful. Just remember that the contents are readable by anyone that your company wants to give access to, even if you have deleted the messages; many services just make them invisible to you while still keeping a full archive for the cops. If you are ever in jail or any institution, make a new account and don't e-mail anyone but non-activist friends and family, as your email and surfing will always be watched.

When using webmail (or generally browsing), try to use a browser like Firefox, which has many extensions that are perfect for hiding/deleting/encrypting your history or your searches or your email content.

Free email sites[edit]

Most everyone and their dog does free email now. Here are some of the big ones:

  • [Yahoo Mail]
  • [Mail.com]
  • [Hotmail]
  • [Google mail]
  • [The Hedge-Hog]
  • [Freenigma] is a Firefox extension for encrypting emails from Yahoo or Gmail.
  • [GuerillaMail] provides free temporary email addresses. These expire in an hour, and are useful for signing up to a website when you don't want to give your real email address. It is recommended, however, that you simply acquire an email from one of the main email hosters and use that as a spam address which you only check for registrations, and only give your real email to real people.

Local Email[edit]

Local download or POP3/SMTP email is the original way to get your email, but your information is downloaded and saved on your hard drive by default. Everything you send and receive, in addition to sometimes being archived by the email server in the same way that webmail works, is also stored on your drive.

The files are deleted from the server and saved on your computer. Often, emails remain on server backup for some time even after you retrieve and delete them. Unless you encrypt your email archives all of these emails are readable by a pig who gets his hands on your laptop.

Whether using local email or webmail, your emails are kept on a server for some amount of time. ANY and ALL internet communication can be intercepted or monitored.

How to Post Information on the Web[edit]

Domain Name[edit]

If you plan to do any web publishing of any type register and own your domain name. Many hosting companies give you a free taste of the domain, and will rent it to you but if it is not in YOUR NAME you don't own or truly control it. You can ask people what happens when the hosting company goes bankrupt where the domain name went, that domain name is the only way most everyone knows how to access you on the net. A whois lookup should return your information.

The top level domain for the small island territory Tokelau, .tk, will provide free domain names. However, there are severe restrictions on your use of free speech. Content involving drugs, sex, firearms, hate speech, and copyrighted material is banned, leaving nothing interesting left.

Afraid.org provides free subdomains on catchy domain names like chickenkiller.com, crabdance.com and sexypenguins.com.

Some URL shorteners support custom URLs. This won't change the domain name of your site, but it can provide an easy url to remember to get there.

Keep It Simple[edit]

Not everyone has a cable modem, DSL or dedicated T1 line. When designing a website or other web presence, consider making a low graphics or even graphics-free version for folks using dial-up services or overloaded proxy services. If you're running a web radio station, consider a Low-Fi audio feed. For the truly security cautious Flash, Java and Javascript plugins are all problems as are other plugin type website gadgets. Give viewers the option of viewing a straight HTML site with normally linked pictures and downloads. Test your site in Internet Explorer, Links, LYNX, Firefox/Mozilla, Konqueror, Opera, and mobile phone browsers and almost everyone should be happy.

Podcast[edit]

Have an outline and basic script for any monologues before you start to record. Be sure to research your guests and have questions ready. It is a good idea to send the questions to the guest so they sound intelligent, unless you are planning an ambush. Use the program audacity to record and convert to mp3 , get a good microphone, a telephone recording attachment is good for phone in guests. A basement or interior room which gets no noise from the outside with blankets hung on the walls and ceiling and carpeted floors absorbs most noise. Turn off furnaces or other appliances which could come on suddenly and cause noise for the duration of your recording session. Go through afterwards and do post production to wipe out parts that are not interesting or dead air gaps, It is best to edit down to standard times, half hour or an hour, break up into several mp3's if you want to do a giant recording session. Always have someone else listen to the show before putting it on the net, preferably someone not overly familiar with the topic.

Be sure to research carefully your file host, for many people once they set up the RSS feed they will have trouble following you if you switch hosts, especially if you forget all the places you advertised. There are some really free providers like OurMedia and some good searching will turn out more but be careful that you are not just signing up with a place that will start charging once you get popular. Some of the best free hosts require you use a free distribution license like we do at Steal This Wiki for the files they host, this is mostly to prevent successful shows from suing for royalties later. You can do this all with the cheapest netbook and an internet connection, advertise with stencil paints and wheatpasted posters. check out Public Speaking, and Guerrilla Radio

Social Media[edit]

The new buzz words for the democratisation of communication and news media. While traditional news media like newspaper and TV are 'one to many' hierarchical structures Micro/mobile blogging and regular blogs allow citizen journalists to add their collective voices to a more democratic process. While the obvious bias of 'legacy' news media in contrast, becomes more apparent, many people realise they can scan the blog news feeds and make up their own balance view of 'reality'.

Blog & Micro Blogging[edit]

There are many free blog sites which have many options. Most now have an option to post via SMS and email. If you want a regular readership, be sure to post on a regular basis (at least once a week).

Popular Blogging Services[edit]

  • [Blogger] - Hosted for you for free. Part of the Google empire (for good or evil?).
  • WordPress - Choice of hosted of download the software and run on your own server.
  • [MySpace] - Hosted , Heavily monitored by the US Government and owned by Rupert Murdoch's News Corporation (The goons who run Fox News)
  • [Xanga]
  • [LiveJournal]
  • [Tagworld]

Micro Blogging Services[edit]

Mostly known by the biggest of the pack which is currently (Aug 08) Twitter. Allows you to post a SMS length text message from anywhere that is in some way connected to the internet. This includes to and from most modern mobile (cell) phones. You can choose who can see your postings; either people you approve, just the recipient or anyone. This combined with GPS and camera equipped mobile phones allow posts to be tagged and linked to location and photographs.

More about Twitter on Wikipedia

Social Networking Sites[edit]

Now massively popular social network sites connect people with their peer group, relatives and social contacts. Most services are aimed at niche markets: Bebo for tween to teen market, MySpace and Facebook for older teens to third level and Linkedin for professionals. Just to be clear even having a social networking account even if you only use it to browse your friends pages is serving your friends and people who can help catch you to the cops, to quote Admiral Akbar "It's a TRAP", ignore those LinkedIn and facebook invitations and discourage friends from sending them.

All provide a locked in network that tends to tie users into their branded ringfenced domains by allowing users to invest large amounts of energy in tending their online 'profiles'. In most cases it becomes very hard for users to extract or migrate this data and the network of contacts that users develop as the actual data is masked from view, it is also impossible to delete, ever. Large privacy concerns and the ambiguity of what profile information is publicly shared or available to private investigators for a price makes use by inexperienced vulnerable people inadvisable. Treat with caution since this is the first place the cops will look for interrogation leads after hauling you in for questioning or tracking you down. For those sneaky types out there know that just making a new account when you run off to the caves of Azerbaijan to hide out will not protect you, by communicating to your old family and friends you make a match to your old life, very easy for any investigator private or police to follow.

If you need to cure your facebook addiction, a userscript like:

// ==UserScript==
// @name           fuck facebook
// @namespace      fuck facebook
// @description    fuck facebook
// @include        *.facebook.com/*
// ==/UserScript==
location.href = "http://stealthis.wiki/index.php?title=Internet_Communications#Social_Networking_Sites";
alert("no facebook.");

The still-in-pre-alpha social network Diaspora, when released, will let individuals host their own "seeds" in order to protect privacy. It may be a viable alternative to Facebook for those concerned about their privacy.

College or Personal Web Space[edit]

Most colleges and some ISP's give webspace and a shell account when you register. An account for low bandwidth sites will be a fine option, but if your site becomes hot quickly, you could be shut down or charged for bandwidth usage.

Bittorrent[edit]

The bittorrent protocol allows for easy downloading of large files, as well as easing the dissemination of your own stuff. Using torrents and tracker websites, you can find almost anything from the latest movies and games to applications and operating systems. The bittorrent protocol uses your upstream bandwidth to re-share the content as you are downloading, decentralizing the total downloading infrastructure.

Consider using PeerGuardian or similar block list software if you download unlicensed content through P2P networks. This may protect you from being profiled by known and suspected copyright license collection organizations that are known to use questionable legal intimidation tactics as well as blocking many torrent polluters which send out bad chunks which cause longer downloads as you have to re try many parts of your file.

Photohosting Sites[edit]

Photo hosting sites are an easy way to distribute or share photos. Be sure to read the terms and conditions to be sure you retain rights and ownership if that is important to you, you will also want to research the takedown policy for controversial content. [2][3][4][5]

Photo File Security[edit]

Remember kids, your camera does leave a digital fingerprint the cops can follow, strip the EXIF data from all photos before posting so they are less easily traced. In Linux install the program jhead which edits the JPEG image file headers, in command line type

   jhead -de *

in your photo directory and date and camera information for all of the .jpeg and .jpg files will be stripped. If you are a Windows or Mac user just select and copy the part of the pic you want to the clipboard, then paste into a paint program and save.

Your cameras pixels also leave a fingerprint, there has been some work eliminating the background uniform pixel noise from cameras by adding a random pixel shading to pictures. If you plan to photograph for radical causes it is wise to use a different camera than the one you use to post family photos on flickr.

Indymedia[edit]

Indymedia is a news site for an alternative viewpoint. It is a very activist source and covers activist news.

Many news sites now include a discussion area at the bottom. This is usually not read by the regular news viewer and is mostly a place for debate between posters.

Video on Torrent or Video sites[edit]

Video of police violence, corpgov malfeasance, or active resistance can be posted to video viewing sites or to bittorrent location sites. YouTube which has been bought by Google Video are basic sites for this, as they offer a huge number of viewers, but you may be more easily prosecuted if the pigs want to sue the video of them off of the web. Youtube will delete videos of police or other violence it it exceeds their acceptable policy. Liveleak and other video sites get less traffic but have more open terms or service.

Vagabond Video[edit]

Perhaps you want to waste brain cells and watch CorpGov TV shows and movies off of the net like everyone else does, but what if you don't have a regular net connection, or even more difficult not even a laptop just a PDA, wifi smartphone, or video player? If you either have a friend with a computer or access to a server shell account with the right software installed you can use the programs mencoder or ffmpeg to encode for playback on your PDA, these are available for most Linux distros and Apple OS-X, there are also programs to do this on Windows.

Many Linux and Unix distros for various legal reasons now ship with stripped media encoding/decoding libraries and software but have a gray market partner which can be added to the software sources file to permit adding the full free and insane media ripping capacity back, for example Ubuntu users can use medibuntu software repositories [6] and Mandriva has the Penguin Liberation Front [7]

One of our writers only has a PDA so she finds a WiFi hotspot, logs into her server account halfway across the globe, starts a screen(screen is a very useful unix/linux program that keeps a terminal session running even when you disconnect) session so she can log out and the work will continue, and uses bittorrent on the command line to download the file to her server account. It should be easiest to grab the weblink for the torrent file from your computer or PDA web browser and past it into the command line terminal session after the command links, elinks, or lynx which are text only web browsers, they will prompt you for a file name that will save the torrent, be sure whatever name it saves as ends with .torrent so your bittorrent program will recognize it. She mentioned that it is often easier to visit a computer lab or library and use a big keyboard and screen to hunt down the torrents you want assuming there is not a surf-block program installed to stop torrent sites. Since public machines almost never have a SSH program installed she suggested a web based Java SSH program (Warning not for secure communications!!) to connect to your server and get the remote download started.[8][9][10]

In a few hours or so she brings a power cable or battery pack for her PDA and visits a good WiFI hotspot that she can sit at for an hour or two, coffee shops work well for this. She then logs in and exits the finished torrent and uses mencoder or ffmpg on the server side to shrink and convert the file to something her PDA will play back at a decent rate and download quickly. Here is an example of the Linux command string she uses, edit this for your own files and preferences, be sure to encode to a video codec that your player can read.

mencoder exampleoriginalfile.mpg -ofps 15 -srate 24000 -oac mp3lame -lameopts cbr:br=32:vol=5:mode=3 -ovc lavc -lavcopts vcodec=mpeg1video:vbitrate=96:vhq:keyint=300 -vop scale=160:120 -o examplefinishedfile.mpg

or

ffmpeg -i examplestartfile.avi -ab 56 -ar 22050 -b 500 -s 320x240 examplefinishedfile.mpg

This conversion will not take more than ten to twenty minutes even on a slow server to convert a movie but you might want to start a "screen" session on your server and disconnect while the encoder is working to save battery pack power on your PDA. Tweak the bitrate settings, framerates, and size for better performance or quality. These examples encode using the mpeg1video codec since this should work on even early PDA's but you might see better results with more modern devices like Ipods if you use mpeg4 instead.

After this is all done she just uses a FTP program to grab the file to her PDA and once it is done watches it when she has time. To keep the less honest from seeing her PDA she starts the FTP program and puts the PDA into her backpack under the table with a battery pack or solar cell plugged in since big WiFi file transfers use plenty of battery power. Be sure you have a good connection before you put the PDA in the pack or you might realize that the file never downloaded.

She has another trick for TV shows such as news programs and some comedy, which she prefers to just strip out the the audio from the video files for listening to as a podcast during her bike commute she uses the following.

ffmpeg -i originalfile.mp4 -vn -ac 1 newaudiofile.mp3

If you want to something a bit different with codecs or other settings type man ffmpg or man mencoder to use the user manual program and see your options.

Smart Phones[edit]

If you have a smartphone equipped with WiFi but an expensive data plan you can send the commands to your server shell account over your cellular data connection. First download a free SSH program so you can connect to your server shell account. You will also need an FTP program unless your SSH program also allows secure downloads via SCP. Don't use your browser to search for torrents, instead log right into your server shell account and use links or lynx command line web browsers, they are all text and will save you on data costs. Once you have the text browser grab the .torrent file exit the text web browser and start the torrent over on your server account. MidpSSH is a Java powered SSH client program that will run on most mobile phones, even old ones that can run Java programs. [11]

Once the torrent is complete you can also send the command to start the conversion from almost anywhere. Even though you are using a metered service you will probably waste less than a kilobyte when connected to your server shell account since it is all just command line text, don't forget to use screen and detach when you are done so you won't continue to get billed. When the torrent and conversion are done and you are ready to grab your media files; do like above and find a WiFi hot spot to download the files for free instead of getting charged some outrageous per Kilobyte rate by your cellular provider especially if you are using a prepaid data plan. You can make this work even if you don't have a smartphone, most mobile phones you find can still run Java programs so you can still install an SSH client and use the keypad just like texting to talk to your server account. You just need a WiFi data device like the laptop or PDA mentioned above or access to a computer connected to the net to grab your finished files and stick them on your USB drive or other data storage.

Watch out for built-in "location-sensitive" or similar features if using a smartphone with GPS. This can pinpoint your location very well and broadcast it somewhere over the net. Always check if GPS is off before connecting and don't mix navigation with activism on one connection. Also, MAC address can be your doom in harder cases - look for tools to change it. (this also may be important for laptops)

Usenet and Listservs[edit]

Usenet used to be a great way to spread and discuss information. Much like the abuse of the CB radio networks in the USA, the sheer weight of spam and flame wars drove most serious users out, excluding a few special interest groups. Usenet can still be useful, especially if you are able to filter through the garbage. The good stuff can be filtered from the bad stuff using email applications or webmail services that provide good filtering, sorting and viewing options. A well set-up inbox can be extremely helpful in getting to the information you really want to read.

Note that free Usenet providers don't support binaries parts of the Usenet. All of the providers log info, so it's hard to send there without being linked. [12]

Internet Phone Communication - VOIP (Voice over Internet Protocol)[edit]

Skype is a "free" VOIP (Voice over Internet Protocol) service, but with proprietary communication protocol. The closed nature of the protocol makes it impossible to check the privacy level. If possible, prefer free and open software like Ekiga. [13]

Instant Messaging Anywhere[edit]

There are several instant messenger clients and services, most free for anyone to use. If you look around, you can even likely find one that will blast through your work or school firewall. Don't expect any IM's to be private, and understand that most services keep a log.

Pidgin instant messenger is a free open source universal instant messenger, it runs yahoo, gtalk, icq, irc, aim, and other instant messenger services all in one program, plus you can get it in portable form so anywhere you can take your keychain USB drive. One of the most useful plugins for Pidgin is the OTR or Off The Record encryption plugin with OTR all Google or Yahoo get for their logs is a bunch of encrypted gibberish, if you use OTR you are reasonably safe as long as your communications partner or your computer are not compromised.

Internet Relay Chat[edit]

IRC is a communication protocol older than the web itself. You can create your own free channels (chat rooms), with the ability to operate it however you want, with a fair amount of customization. Very popular in the hacker community and a great way of organizing projects of all types over long distances. Freenode is the network dedicated for free/open-source software projects. Anonops's server, is used by hackivist group Anonymous to fight against injustices. Most networks will let you create channels of any type with virtually no moderation from the admins.

IRC is a great way to keep in touch with friends from around the world. It is recommended that one uses a command line client such as [irssi] inside the "window" application "screen" over a ssh connection. This will keep you connected 24/7 as well as provide anonymity. One free shell server is [Blinkenshell], hosted in Sweden. It costs nothing, but it may take a few days in their IRC channel to be trusted and vouched, and you need to donate a cent or send a text message in order to be activated. Blinkenshell also provides free webhosting. Another way IRC provides anonymity is through the service Hostserv, with which you can create custom hostnames, so others can't see your state/country/IP address.

The irssi client is recommended for Linux, as are the GUI clients Xchat, Chatzilla, and Pidgin. [hexchat] is recommended for Windows. Webclients include the very popular yet controversial [Mibbit] (banned from Freenode), [Freenode's webclient], and the still-in-beta subscription service [IRCCloud].

Free Webhosts[edit]

As mentioned earlier, blinkenshell.org provides free, small webpages. Also available, although it has a very distrustful-looking URL, is [byethost]. You feel dirty setting it up, and you have to answer a captcha that doubles as an ad, but it appears legit and doesn't try to install malware or anything, and actually provides php.

Random Free Goodies[edit]

[Reddit] will allow you to set up a free subreddit, which is similar to a forum and is a great way of organizing a project.

[Wikia] and [Wikidot] both provide free wikis.

Everyone knows this, but [Youtube] (owned by Google) provides free video hosting.

Web Radio Streaming[edit]

Stream like the professionals do! Software and hardware for web-streaming is easy to obtain and easy to set up, with the hardware cheap, and the software free and open-source. Get yourself an older machine, and boot some sort of Linux/BSD operating system on it. Debian [14], Ubuntu [15] are easy to set up GNU/Linux variants, and NetBSD [16] is a portable BSD system. Install icecast [17] and rip/download some mp3s. Information on each of these OS and programs is available on their websites.

Network Printing[edit]

While not really getting your message out ON the net, you can really get a radical message OVER the net to unsuspecting audiences. If you can make an exciting eye-catching flyer, people will recognize and grab your work. You have to figure out how to get past firewalls from outside or even print at your own corpgov job without getting caught (or, print it on the day you are fired). Print servers are also often unpatched for security and become a great scan server to use in initiating attacks on the network. Another fun idea, if you figure out the printer admin access, is to upload a script on the day you quit that bank job that will regularly print radical messages, posters, or even this book until the IT department wipes or junks the printer or server. However, attacks which involve printing out all of the ink and paper are not usually warranted as we are not at war with the trees.

Most schools offer computer labs and allow students to print a maximum number of pages a day. Use this to your advantage! Draw up some fliers, print them on 3x3 settings off of a school library or computer lab printer for (somewhat above) your maximum number of free pages. Doing this once a day, or whenever the advisors change shifts to get an unlimited supply of print jobs.

Connecting:[edit]

Wi-Fi network[edit]

Many neighbors have open wifi networks that were left in their default unlocked mode. This is either by accident or the owners wanted to give free access. Often times, the owner will not change the default password from "admin" to a better password, so you may be able to gain access to the network by using the "admin" password. Many of these "admin" passwords can also be found online. Be a good nerd, and at most open ports or DMZ your machine, if you will be around for awhile. Don't rudely lock someone out of their AP or change the SSID to 10053r, p0wn3d, or 1d10t. Something like that will likely make them secure the node, ruining a good open node.

Wi-Finder[edit]

Cheap Wi-Finders, keychain wifi detectors will help you quickly survey an area to see if you have a Wi-Fi node nearby, that way you can leave your lappy in the pack. A good idea is to waterproof and tape one to your bicycle handlebars or stick it under the sun shade of your bike helmet so you can see the LED's.

Net&Buzz[edit]

Most hipper local coffeehouses offer free WiFi and the signal often leaks out into the surrounding area. If you buy coffee there regularly, thank them so they keep it running. If you need Internet for a long stretch, go in after taking a bath and wearing clean clothes; that way they won't kick you out. Plug in and buy a coffee or cake at least every hour and a half. Avoid squatting at high traffic times and most importantly of all, leave a tip!

Cyber-Hobo Code[edit]

Where there is open wireless to be had, why not let people know? Take a tip from Wall Painting and use our hobo code, )( the opposing half circles means open wireless node, while a closed circle means a closed network, chalk it on the curb. If you manage to crack the encryption on a closed network and get online leave the passphrase on the corner of the building near the ground.

Where to Sit[edit]

When out using free public wireless Internet, there is often a dearth of chairs. Many camping stores sell a light, inexpensive mini tripod stool which folds up into a 2/3 meter long bundle. You can strap this to your bike frame or pack for portability.

Car Surfing[edit]

Parking in an area with wifi is a popular way to get online if your Internet is disconnected, if you stay in a well lit area it helps hide the glow from your computer screen. Most netbook low-power computers can use an inexpensive 12 volt car adapter saving the battery for later. Be careful in parking meter areas as the cops may ticket you if the meter expires even though you are in the driver seat. Net squatting for hours outside somebodies home after midnight just gets creepy, especially if you knock on the door and ask to plug in an extension cord.

Cantenna, Antenna or Woktenna[edit]

If you are able to detect a wireless access point but not connect, often a directional high gain antenna will get you a strong enough signal for full connectivity. You can build or buy these antennas. [18]

If you can buy them, it is advisable, for durability sake, to spend the money for a 14dB or higher patch (flat) antenna and a quality tough antenna pigtail. Since these pigtails are fragile, a spare is advisable. Even if your laptop has built-in wireless, a high power removable wifi card that you can attach your antenna to will get you online in many densely populated environments where the built in antenna would normally fail.

Another option of high gain antenna (13-15dB easily) with a fairly wide (60-70 degree) cone is the biquad, where there is a driver element made from two wire squares with 30.5mm side lengths. these are backed by a reflector, and the whole thing is affixed to a short coax line.

It is advisable to drive an antenna with a high power USB stick, Alfa manufactures them up to 2 watts, and they can be had for around $25 on (the evil corporation!) amazon. The advantage of usb is the ability to use a usb extension cable to get your antenna to a good position.

Another option is the so-called "Wok-fi" antenna - which is often cheaper and more effective, at the expense of being bulkier and more fragile.

  • [Wok-fi]

Remember that you can use the directional antennas listed here to drive dishes, offering much better gain. With an old tv dish a few meters in diameter, connections have been made at line of sight distances of hundreds of kilometers. Why not use a smaller meter dish to get a few extra kilometers of connection out of your wifi gear?

You're anonymous, the internet is free, and you don't have to leave your squat.

WEP/WPA[edit]

WEP is an old encryption used on 802.11b wireless networks. It is easily cracked, and some business and government offices may have an older personal wifi access point installed in big exec offices so they can play on their mahogany paneled laptops. Any reasonable IT department would have implemented better security.

Our hacks use a computer running Linux but there are also windows and Mac programs for this. Airsnort and Aircrack-ng can help you bust the WEP/WPA encryption: this software package comes as an downloadable option with most Linux distros. Sample some net traffic, then let Aircrack look for weak packets, unlocking the encryption key. If your are a MS-Windows user, booting up with Backtrack Linux, Knoppix STD or other security live distros will give you most of the security hacking tools you will need. [19][20][21]

This gives you the ability to employ smear tactics against an individual or organization, imagine the reaction to the world discovering they're hosting a pedophilia site from their ip?

Also, with higher gain antennas (for example get ahold of an old satellite tv dish and drive it with a yagi or biquad antenna), you can connect to WEP protected networks at many kilometers and essentially have free internet which is essentially untraceable.

Community Wireless Co-Op[edit]

Many cities have community wifi co-ops which provide free internet and possibly other services from their access areas. These are great for anonymous surfing. Be sure to clear out all personal identifying settings and cookies from your browser and computer before you feel too secure and of course using TOR helps obscure what you are doing too.

To start see if you have any local businesses that wouldn't mind hosting wireless internet for their customers. This can be as simple as installing a used wireless access point and opening it up to an AP with a custom Linux firmware on it so you can control bandwidth and other services. While there are companies who may give out free hardware and even Internet access to businesses willing to host their service we mostly avoid them since they are ad based services and who knows what information is being reported back to home base.

Pirate Wireless[edit]

An interesting spin on community wireless is if at work you find a live network cable and power port you can just plug in an old access point and make a pirate wireless hotspot, of course it would have to make the signal available somewhere useful to justify the expense, maybe a directional antenna to extend the range and some disguise is in order to keep it safe. Alternatively drill holes high on the wall to the outside for your wires and install a plastic waterproof electrical box outside where there would be no suspicion. Make everything look professional and seal all holes for moisture and it might last for years.

Piggybacking Restricted WiFi Access[edit]

How to piggyback WiFi at the airport, university, train station, or other restricted or paid wifi access area using a Linux machine and assuming there is an authorized user online. This works by cloning the WiFi card mac address of an authorized user and makes you both appear to be using the same laptop. Helpful information is in (parentheses) and is either a value or instruction everything else is Linux shell terminal commands. A little practical experience in networking will help you guess or calculate the netmask and gateway address.

  • 1. (type) tcpdump -en
  • 2. (Carefully note Ip addresses and corresponding mac addresses that fly by)
  • 3. (type) ifconfig wlan0 hw ether macAddress
  • 4. (type) ifconfig wlan0 ip netmask (the netmask for the IP address)
  • 5. (type) route add default gw (router ip address, router's ip can usually be guessed from IP)
  • 6. (enjoy your free connectivity!)

HTTP over DNS[edit]

Many for pay commercial WiFi networks or crippled corporate networks still allow DNS queries. This opening can be exploited to allow tunnel access to a server and then out to the Internet.[22]

Cellular GPRS and 3G[edit]

Mobile phone based Internet connections are quite expensive and have the added detriment of being fully traceable back to you within a few meters, like all mobile phone use. The upside is possible broadband, even in remote areas or while in transit. However, it drains battery life quickly, and will give you a very sub-par viewing experience.

Mobile Acess Point[edit]

Most of the Linux based routers have an internal serial port or two. It will be either 3.3v or 5v. This serial port is a great way to connect a whole campout or crash house to the internet, you will need to add PPPD to the firmware and set up the config files. Use the mobile phone to dial in or get GPRS access, as most unlocked mobile phones accept serial connections and almost all phones accept some Hayes AT commands, you could also cable connect to an older real(non-winmodem) modem this way if DSL is not an option.

Add a battery pack or cigarette lighter adapter and you can even share Internet with a group traveling in several nearby cars, a train, or a bus. Some smartphones with Wi-Fi can either be hacked or you can install software to make your phone into a short range wireless Internet access point.

Beware of the next cellular bill after your net party unless you have an unlimited data account.

Bluetooth Sniping[edit]

Bluetooth, just like Wi-Fi, uses 2.4 Ghz microwaves. This means Wi-Fi directional antennas and amplifiers can be soldered onto your Bluetooth dongles and cards. Using this technique, locked executive phone books can be obtained, bogus phone or sms messages can be sent, or GPRS internet connections can be established.[23]

Wired Ethernet[edit]

Often, you can quietly plug a patch cable into the library network when nobody is looking, Know how to get past the often minimal security, and don't abuse the sneak on. The library is our friend, not a thing to be abused.

Subnet Sniffing[edit]

Use of Linux "tcpdump" and watching the traffic will help you establish what subnet you are plugged into, even if there is no DHCP server to hand you an IP address. The "ifconfig" command will be used to set your IP address and subnet, "route" will be used to set your internet gateway. Windows users can use the GUI to add network a address and default gateway settings.

DNS[edit]

If you have to sneak onto a network without a DHCP server to give you an IP address, you may need to plug in your own DNS servers found in 'network settings'. There are a few stable ones in locations all over the world. Either edit /etc/resolv.conf and add these addresses in Unix/Linux or change the Windows DNS settings in your network TCP/IP settings. If you are using a network you can add these server addresses there and it will pass on the DNS requests to the whole network.

Other public DNS servers (without any filters):

  • 4.2.2.1 - 4.2.2.6 - Level3 DNS servers with Anycast (multiple locations)
  • 141.1.1.1 (cns1.cw.net) - A Cabe & Wireless DNS-Server with Anycast (multiple locations) by Cable & Wireless Worldwide

Public DNS servers from OpenDNS (blocks suspected malware, porn, and other sites - inserts landing pages on miss - not accountable):

  • 208.67.222.222
  • 208.67.220.220

Public DNS servers from DNS Advantage (they may block malware sites - not accountable, no landing pages):

  • 156.154.70.1 (rdns1.ultradns.net)
  • 156.154.71.1 (rdns2.ultradns.net)
  • you can also use 156.154.70.22 and 156.154.71.22 which are advertised by Comodo

Public DNS servers from DNSResolvers (without any filters):

  • 205.210.42.205 (cache1.dnsresolvers.com)
  • 64.68.200.200 (cache2.dnsresolvers.com)

Public DNS servers from Google (without any filters) (warning: Google doesn't tend to value user privacy very much...):

  • 8.8.8.8
  • 8.8.4.4

Realize that whichever DNS service you using, one of these or the one from your ISP your page requests are logged, this should be obvious since your ISP also delivers the content, TOR can obfuscate this as long as your browser is set to route DNS requests through TOR, this must be set as default is to run DNS in the open even when running a proxy. It can also work as a DNS server on its own since version 0.2 regardless of web proxying, which is useful for working around some broken apps.

You can also attempt to use ICANN root servers directly with a DNS server in proxy mode, e.g. bind (named), PowerDNS (pdnsd), MaraDNS, Posadis. Note they are blocked by some braindead ISPs.

PPPoE and VPN[edit]

Many ADSL providers use PPPoE or VPN to connect.

Mac Address Spoofing[edit]

Every network device has a unique ID called a MAC address. If you copy another machine's mac address and use it on your computer, you may be able to obtain access on certain wireless or wired networks. Often there will be an authentication of some other type you must pass as well, but the MAC address is often an easy way to secure home networks. If you do get kicked from a network, try changing the network MAC address (MAC address has nothing to do with being a Macintosh or not), as this is how a machine is usualy banned from a network. MAC addresses are also used in wireless networks.

McDonald's Free Wifi[edit]

Until recently McDonald's Wifi was a pay as you go network, now at many (not all yet) McDonald's you can freely access their Wifi network.

Try here to check out more info and search for available service.

Most that have the McCafe have the free Wifi so look for that and you should be surfing. Be nice and at least buy your favorite beverage while you are logged in to the network.

Dialup[edit]

Free Dialup Services

When a corporation "gives" you internet, beware, as you will likely be forced to stare at ads on part of your screen. Worst-case-scenario, they have full access to your data.

Nonprofit Unix shell and dialup access co-op, lots of l33t options for connect.

If you are on the run and need to get online, see Free Telephones for tips on covertly connecting to phone lines.

Crypto[edit]

pgp and gpg[edit]

PGP (pretty good privacy) and its younger open source cousin GPG (Gnu Privacy Guard) are simple programs that use a shared key and a private key to encrypt data and messages. Many programs have GPG. Inside one of the most useful is a clipboard helper where you paste your text into the box, hit the encrypt button, and your clipboard now has the encrypted message. There is really no end to the applications that can have GPG inside from VOIP phones to instant messengers.

TOR Onion Servers[edit]

Obfuscate the origin of your connection. This provides good privacy from end use sites, but not against telcos and some larger governments who have the ability to monitor end to end internet packet traffic in real time.

(WRONG. It does provide some security if you go through at least one node outside monitoring. Only if you are specifically monitored and your destination too, there could be a link made, weak one - using timing analysis. - R) [30]

If you find that the TOR network is suddenly not working be sure to check for an update in version at the website. Some major Linux distros and other software packages may fall behind and not issue automatic updates if you have not set the updater to check the official TOR package sources.

One often unused feature of the TOR network is the ability to host hidden servers. Once you have the software running you can visit .onion sites which are as difficult to trace as a web surfer running TOR. Visit [31] for a popular reliable hidden discussion forum while your TOR is turned, [32] is the official TOR core.onion site when it is up, here is where sites on the onion should be listed. Better yet set up your own hidden server.

Make sure you secure your hidden server and web browser don't leak out identifying data.

SSH encrypted shell access[edit]

The standard secure way to connect for console or tunneled connections to most Unix/Linux type servers. You can use SSH to tunnel or forward almost any service see [33] for more ideas. See [34] for the real thing or [35] for Putty, the small Windows client which will happily run from your USB keychain drive.

The following command you will start a Socks5 type proxy to forward all of your browsing to a remote server vial a remote tunnel:

   ssh -D 1420 user@server.com

The -D means you want to have SSH make a Socks5 type proxy the number (1420 or whatever you like) is the port you want to connect it to. User is your username on a remote server and after the @ sign is the web address of your server, you will be asked for your password after connecting.

If you want to keep your browsing free of the IT department entirely also route your DNS requests through the Socks proxy, in Firefox type

   about:conf 

in the address bar and hit enter, you will be dropped into the manual config editing page of Firefox, scroll down to

   network.proxy.socks_remote_dns 

and toggle it to true (default is false) now got to Edit > Preferences > Connection Settings and click the Manual Proxy Configuration button, In the SOCKS Host add the address 127.0.0.1 and the port will be whatever you set after the -D (our example used 1420, choose something over 1000) be sure that SOCKS-5 is selected. Once TOR is set up and working install Torbutton in Firefox and add your port settings to make your switch quick as a mouse click.

If your boss blocks port 22 (normal SSH port) you can be a sneak too and route through the almost always open SSL port (443).

Disk encryption[edit]

Unencrypted data can be the revolutionary's doom. If it's likely your machine can be seized (there always is), the only way to protect yourself is to encrypt the data. Note that in some jurisdictions and esp. if you get slapped with Patriot Act, not divulging a key may be a crime or be prelude to torture. Always have a kill switch. Make sure the machine is never seized on or freshly off - disconnect power for at least a minute to reduce chances of password recovery from RAM.

You can use one of the following systems:

  • EcryptFS - Linux, Supported by Ubuntu, per-file encryption. Hides file names in new versions too. Since it's per-file, you can send encrypted data easily or store it remote.
  • dm-crypt for Linux and [FreeOTFE] for Windows - these are standard disk/partition encryption systems. No special features.

Network Stealth[edit]

Disguise Your Gear[edit]

If you have secretly left a server in an office or other secure location, maybe an inside job, using their bandwidth broadcasting your radical news it must look like it belongs there. A nice clean modern case can often be found that will match the equipment where you are making the setup. Other options may be to to hide the server above ceiling tiles or placing a very small mini-ITX or other single board type machines double side taped under or behind a desk or cubicle partition. Hunting these down will drive IT nuts if they even ever figure out where all of their bandwidth is going. see Infiltrating for more ideas

Covert Server[edit]

Shell Accounts Game[edit]

Acquire shell access to as many servers as possible to be able to SSH over borders and obscure the point of origin while on the internet. This can be quite useful:

  • once you have a shell account, use it to proxify your web use. The web requests will look like they came form the server and not you. See SSH encrypted shell access above for details.

Wi-Fi and DMZ - A router to put your box on the net[edit]

Many home DSL lines have the Wi-Fi router unconfigured. Use the default password to take control and DMZ your machine. You are now live on the internet and can direct your domain name to this IP address for small scale web presence.

Dynamic DNS[edit]

There are now many dynamic DNS and DNS forwarding services available for free. Using these services you can direst web traffic from a domain name to your constantly changing DSL line IP address, some services also will redirect to an unblocked network port if your ISP blocks port 80. Many home network routers will automatically update your dynamic DNS provider, if your router does not support these updates there are many update programs that run on Windows, Mac, and Unix/Linux.

Generic Owned Box plugged into an Open Network[edit]

Any old computer plugged into a DSL line or office network and allowed to have an IP address on the internet can be a hidden server. Your server can be used to store files, serve a website, or even remotely browse the net, obscuring your location.

Arousing Suspicion[edit]

An encrypted transmission will generate suspicion on the internet. Always assume your data is being sniffed and act accordingly.

Anonymous Surfing[edit]

There are services that allow web surfing by-proxy which leave behind no trail of your visited websites on the computer. Great for sneaking past work or school snoops, but the Feds might be able to watch these networks. These proxies slow down your connection speed a bit, and may interfere with downloading, but for security, it's worth it. However, the fact that you've been on a proxy site for two hours may attract suspicion.

  • Anonymouse [36]
  • Guardster [37] (Free low-level service, but won't work on encrypted SSL sites)
  • Shadowsurf [38]
  • Proxify [39]

Off By One[edit]

A simple and free Non-Java web browser for Windows that fits on a CD or flash drive, but doesn't require installation onto the hard drive for use. It's only 1.2 MB and can be compressed down to about 460KB for distribution. When the disc is removed, all browser information goes with it. The page and image caches are memory-resident and utilize no disk storage, so after each session, any "cookies" simply vanish. The drawbacks to its small size is that it doesn't support JavaScript, applets, plug-ins or Flash. [40]

Mozilla Firefox - Portable Edition[edit]

A 25 MB version of the web-browser that can travel with you on your clip flash drive (along with your bookmarks and cookies that won't be on the computer you're using). Runs on Windows or Wine on Linux/UNIX. [41]

Visit [42] for the TOR browser and instant messenger pack. All open source and it fits on your USB drive.

Links[edit]

Humorous and/or useful page of further links on this topic:

  • Free Internet tools for tin foil hat wearers: Good annotated links to all kinds of anonymizers, Mapping, spying and so on. [43]
  • Adeona is an open source cross platform application that will help you or the person you liberated the laptop from locate it again. Yes, it's the one that allows you to take pictures of the current custodian of the laptop in question as well (plus instructions for wiping it). [44]