De-Anonymizing Alt.Anonymous.Messages - ritter.vg
For the past four years I’ve been working on a project to analyze Alt.Anonymous.Messages, and it was finally getting to a point where I thought I should show my work. I just finished presenting it at Defcon, and because a lot of the people I know are interested in this were not able to make it, I’m making the slides, and more importantly the speaker notes, available for download. This kind of kills the chance anyone will actually watch the video, but that’s all right.
The slides cover the information-theoretic differences between SSL, Onion Routing, Mix Networks, and Shared Mailboxes. It talks about the size of the dataset I analyzed, and some broad percentages of the types of messages in it (PGP vs Non-PGP, Remailed vs Non-Remailed). Then I go into a large analysis of the types of PGP-encrypted messages there are. Messages encrypted to public keys, to passwords and passphrases, and PGP messages not encrypted at all!
In recent years, new encryption programs like Tor, RedPhone, TextSecure, Cryptocat, and others have taken the spotlight - but the old guard of remailers and shared inboxes are still around. Alt.Anonymous.Messages is a stream of thousands of anonymous, encrypted messages, seemingly opaque to investigators. For the truly paranoid, there is no communication system that has better anonymity - providing features and resisting traffic analysis in ways that Tor does not. Or so is believed. After collecting as many back messages as possible and archiving new postings daily for four years, several types of analysis on the contents of alt.anonymous.messages will be presented and several ways to break sender and receiver anonymity explained. Messages will be directly and statistically correlated, communication graphs drawn, and we’ll talk about what challenges the next generation of remailers and nymservs face, and how they should be designed.
But what I keep coming back to is the fact that we have no anonymity network that is high bandwidth, high latency. We have no anonymity network that would have let someone securely share the Collateral Murder video, without Wikileaks being their proxy. You can’t take a video of corruption or police brutality, and post it anonymously.
Now I hear you arguing with me in your heads: Use Tor and upload it to Youtube. No, youtube will take it down. Use Tor and upload it to MEGA, or some site that will fight fradulent takedown notices. Okay, but now you’re relying on the good graces of some third party. A third party that is known to host the video, and can be sued. Wikileaks was the last organization that was willing to take on that legal fight, and now they are no longer in the business of hosting content for normal people.
And you can say Hidden Service and I’ll point to size-based traffic analysis and confirmation attacks that come with a low-latency network, never mind Ralf-Phillip Weinmen’s amazing work the other month that really killed Hidden Services. We can go on and on like this, but I hope you’ll at least concede the point that what you are coming up with are work-arounds for a problem that we lack a good solution to.