Expression against repression
The reason I’m writing this in English is, that the ones, who would really need this, usually don’t speak Deutsch. Having read an article at heise.de about China blocking YouTube, so chinese people wouldn’t see what’s happening inside Tibet, I investigated a bit further and found this and this. Both articles are worth reading! Anyhow: The second one I about anonymous blogging/communication, so I decided to write my own short guide, to express yourself via internet while being censored:
The first thing you have to think about, when doing underground work is, who can you trust? This applies to software as well. Generally speaking: You can always trust the Open Source Community, hence Open Source Software (OSS). So I strongly recommend using Linux (Debian or Fedora or CentOS) or Solaris. Otherwise: Stick with your current OS which is propably Windows. Still, you need to get some OSS – especially Firefox (webbrowser), Thunderbird (e-mail client) and WASTE (secure Peer-to-Peer Network). You may as well get TrueCrypt. This is a software that is able to encrypt your whole Hard Disk (or just parts of it). This is especially useful, if you’re blogging/writing from shared or pupblic computers, where you have to use a Flash Drive (see the mentioned article for more information on that), so you can encrypt the whole drive.
Let’s start with Firefox: Download Version 220.127.116.11 (stable) or Version 3.0b4 (beta but actually very stable) and install it. Then navigate to Firefox‘ addon-page to install the TOR-Proxy.NET Toolbar (hint: you might want to install some other privacy-related addons). Just click the green „Install“ Button and FF will download and install the addon all by itself. After restarting FF, download and install the latest TOR Version from either the programmers site or any of the listed mirrors. After installation finished successfully, test your settings by going to this website. If everything went right, your IP should now be hard to track down.
With TOR activated (you can easily switch TOR on/out via the Tor-Addon), go to gmail.com and register a free mail account. For sign up, don’t use any information, that could be traced back to you and choose a common name of a person living in the US, Germany or any other country with loads if internet users. To give an example: email@example.com (fictious) from Dortmund, Germany. You can even choose a ridiculous name only a teenager would choose life firstname.lastname@example.org (fictious) from Frankfurt, Germany (gummistiefel would mean s.th. like wellingtons). Than go back to the addons page and download/install FirePGP and Keyscrambler
What do they do? Keyscrambler encrypts your Keystrokes at the lowest possible layer, so most (software) keyloggers trying to record your account informations (…) will send useless data to their masters. This applies to text, typed into a web page only though!
FirePGP is an ecryption software as well: It adds strong encryption capabilities to your gmail web-account. Since it can be a bit confusing to new users, I’ll guide you through the installation procedure of FireGPG and Enigmail for Thunderbird (for writing of longer messages and off-line writing):
Donwload Thunderbird, Enigmail and gpg4win. Install gpg4win to the default directory. After installing Thunderbird by simply running the .exe-file, fire up Thunderbird and configure your account .Go to Tools -> Addons and click „Install“. Now navigate to the file called enigmail-x.xx.x-tb+sm.xpi and click OK. After restarting Thunderbird, you should see a new Menu entry: OpenPGP. Explore this new menu! There should be an entry like „Key Management“->“Generate new keys“. Choose your gmail account, choose a strong passphrase (and remember it!) and click Generate Key. (If you want real strong encryption, you can change the keysize to 4096 in the advanced-tab – this makes more sense, if your counterpart using this strong encryption as well!)
I also recommend creating a revocation-certificate.
Now that your encrypted mail account is set up, you can install FirePGP:
Just click the „Download- FireGPG“-Button. If Firefox prevents the website to install an addon, change the preferences to allow the FireGPG-website to install the addon. Restart FF and enjoy your new FireGPG-Buttons, when writing a mail via gmail’s web-interface!
Even though, that makes you feel secure, be cautious what you write – your friends computers can be compromised,…Furthermore make sure, to log out from gmail (not just close the window) for google will keep track of your activities if you don’t.
The next thing, we’ll do, is installing anti-virus-software! For free AV-software I recommend using avast, AVG or avira, Ad-Aware and Spybot. What you definitely would want to install is Spybot! When you first install it, immunize your system (spybot will aks you for that the first time you fire it up). Under „mode“ choose „Advanced“ – there you’ll find the section tools: there you have a file-shredder, management tools for the registry (like what programms are started at system start-up) and a list of running processes. Make sure, you check for updates and check your whole system every week. Spybot will definitely detect so called tracking cookies. While usually not dangerous, they can be very dangerous if your doing something illegal or your government’s cencorship is after you.
Now go to wordpress.com and register a free blog with the gmail address you just created. Now you can start blogging. As can be seen from previously posts, some Iranian underground bloggers use blogspot but I’d still recommend wordpress both because of security concerns as well as simply the blogging itself.
But that’s not it! While this may be fairly safe, we want to be as safe as possible. Ethan Zuckerman wrote, you should use a simple text editor and eraser or ccleaner for blogging and writing e-mail. I think, this is not the best idea for you can easily forget to cclean or erease the files. Either, you never save the files – just post them – , or you use TrueCrypt. The first one, is presumably the easier one, but not possible, if you intend to post rich media, like sound files or videos. Posting videos or sound files to wordpress is hard anyway, so I came up with this solution (if anyone knows a better solution, or thinks, what I’m saying here is just crap – please add a comment!!!):
Download and install TrueCrypt (make sure, you read the instructions) and set up an encrypted disk. This can be part of your local hard drive, an external hard drive or an USB stick (notice, that any files lying where you want your encrypted disk to be will be overwritten, not encrypted). Mount the encrypted disk and save your media files into that disk. They will automatically be encrypted. Make sure, that you clean all traces of the media files (with ccleaner or whatever you have – simply deleting the files wont help!) From there, you can upload the media files to megafileupload, rapidshare or wherever you want (just make sure, TOR is enabled and you use FF to upload (not any software like the diino client). If you know of a free online storage solution, where you can directly link to the file that’s great but always be carefull with their privacy policies! Now you can wirte your posts (with any text editor, that doesn’t save your files anywhere but the location you specified (notepad). Than go online and copy paste the written text into the online text edito and create links to your files (or embedd them if possible). One trick to enhance security: change post time stamp, so your ISP cannot track you down by checking post time against the time you are connected to the TOR network.
Still: Read the original post by Ethan Zuckerman!
I’ll cover WASTE another article!