Expression against Repression II
So here comes the second part of Expression against Repression! The last time, we had a look at anonymous Blogging and encrypted mailing. This time we’ll look at Private Networks – be it a normal VPN (Virtual Private Network), a darknet (like WASTE or Galet) or the Freenet Project.
All of the methods below require a trusted party at the outside. This can be an organisation like RSF, Amnesty International, globalvoicesonline or an individual that you can trust. Hence this second part of the tutorial is not just aimed at writers inside a totalitarian state, but at NGO’s in the western world as well.
The idea is, to get the information out of the country. This can be video material, photos, reports on discrimination/violence, political statements or narrative stories that can’t be published in the country itself. But as well mail to family and friends! We will now discuss different solutions with a secure „server“ in a free country and several „clients“ in totalitarian states.
I’ll start with the two darknet solutions: WASTE and Galet. While I don’t know much about Galet, some friends of mine use it. What the website says about Galet:
[it] is a peer-to-peer application, which primarily aims to provide easy to setup secure communication channels between the computers of people who know and trust each other. Its secondary goal is to create a public network based on these channels. No direct connection occur between two nodes that has not been explicitly accepted by the users of theses nodes. This makes the network very difficult to censor, as an attacker’s direct access to the network is limited.
This sounds good! It is encrypted and uses so calles Friend-to-Friend techniques: Only people you trust, can acces your files, vice-versa. I gave it a try, and it really was very easy to set up and get running. The problem is that I coulnd’t find out, which encryption algorithm is used.
So we come to WASTE, with which I do happen to have some experience. WASTE kind of establishes a VPN on top of the „normal network“, through wich you can send files and chat. Encryption happens via Blowfish and key exchange happens vie RSA, meaning it is quite secure. Information is sent through this encrypted tunnel from node to node (client to client) but since connections don’t happen point-to-point, anyone snooping inside the WASTE-network can’t determine, where the traffic originates from. So, yes, it is possible, to snoop: Any WASTE-node routing traffic can read the information sent. This means: be carefull, who you invite into your Private Waste Network! And again it is important, not to give any information that can be traced directly to you: Even if your friends are trustworthy, they can be…well…you know, what I mean! Another important thing about WASTE: „WASTE has an optional saturation feature, in which connections can be saturated to a particular rate (with random data, if necessary), so that a snooping party cannot see how much real data is being moved.“
After downloading WASTE run the setup wizard. At some point it will ask you, about a network ID: you can leave that field blank for now. In the next step, press „Run key generator…“ here. Choose a strong passphrase and a keysize of at least 2048. Now wait for a few minutes. WASTE will start automatically. You should now see one large window and a thin one. Go to File->Preferences in the thin window to open the configuration utility: A Menu-Panel at the left side and options at the right. Under Profiles, de-check „Enable Logging“. Under Network, you can change Connection Speed and the listening port. You may want to change the listening port or even disable this option. I would as well suggest to limit the incoming connections as well (both apply only to the nodes inside, not the „server-nodes“ outside the country). Now we move on to Network->Password: enter a strong password here and check „Activeate stealth mode“ (make sure to read the information when clicking at the question-mark-button). You may want to limit bandwith under Network->Bandwith.
Under File Transfer->Receiving, make sure you check „Prompt before accepting“ and to de-check „Index files for on demand sending“ under File Transfers->Sending.
Now, that we configured WASTE, we can start our network: Under Network->Private Key Press „Copy my public key to the clipboard“. Now you can send this public key to your friends via encrypted mail (see first post) and they can add the key to their key-list by goint to Network->Public Keys and clicking Add. Copy Paste the Key from the decrypted mail into the box at the bottom.
Another solution is the so called Freenet. The idea behind the Freenet project is, to achieve total freedom of speech/expression by anonymity, encryption and plausible denyability. As far as I know, Freenet works great but since I’m totally happy with WASTE, I have no experience with Freenet whatsoever. So if anyone, who knows about Freenet is reading this: please post a tutorial here or anywhere and send a traceback and link here!
Finally, we’ll have a short look at OpenVPN, a very usefull tool, to send encrypted information of any kind from one point to another. OpenVPN is an implementation of a SSL/TLS (very secure) Virtual Private Network. I wont describe the procedure in great detail, for I reccomend (NGO’s – other’s propably won’t use this solution – ) getting someone, who knows his way around Network-Topology and VPN’s. If you need detailed information, feel free to contact me directly (remember: stay anonymous!) What we want, is that clients connect to a linux samba-server via routed VPN. An example for this can be found in the OpenVPN FAQ’s.
Once the information is outside the country, it can spread (almost) freely. NGO’s can publish videos on their site, YouTube Google Videos,… have a blog, where the publish all the information they get via the above channels (of course after further anonymizing it if needed). One thing though: friends or people to be known of having contact with you should not publish it personally (expect they again are anonymizised) for that can be traced back to you.
So again: this article is not only aimed at writer’s themselves, but primarily at NGO’s like RSF or AI, so they can implement such a solution. I would be willing to help in any such efforts