www.crypto.is – remailers explained .

Anonymous remailers can be used to hide information about the sender of email by re-sending the email through a series of nodes that are connected in a chain thus hiding the originating location. The aim of remailers is to protect the anonymity of people who may find themselves in a variety of situations such as [CRP01]:

• Individuals who don’t trust their Internet Service Provider or Network Administrator
• Consumers, who want to send feedback on a product or service
• Activists, protesting against political issues and local concerns
• Journalists, who want to correspond with a source without exposing the source, or being tracked down themselves.
• Whistleblowers, who want to report illegal activity of a co-worker, government or company
• Law Enforcement, who want to communicate with confidential sources or undercover agents without risking their operational security
• Researchers and Survey Participants, who don’t want to expose their opinions on sensitive topics

Capabilities:

There are four types of remailers [VAN01].

• Type I (Cypherpunk) – removes identifying information from the header, such as the sender address, and originating IP address of an email that is either encrypted or plain text. Messages can be sent through several different servers in a chain so that each remailer will not know who is sending a message to whom. Type I remailers do not keep logs of transactions. In addition, messages cannot be answered.

• Type II (Mixmaster) – requires the use of a computer program used at the command line or using 3^rd party minimalist graphical user interfaces to compose emails that are then sent to a remailer server. Type II remailers can only send emails one way. Type II remailers use a Mix Network, a routing protocol that uses a chain of proxy servers called ‘mixes’. It shuffles messages from multiple sources and sends them out in a random order to another mix node, thus breaking the link between the source of a request and its destination. Message are relayed through each node in the network through the Application layer using – Simple Mail Transfer Protocol (SMTP).

• Type III (Mixminion) – can be used to both send and receive anonymous e-mail and was designed to address some of the limitations of Type II remailers. Like Type II, it uses a Mix Network, however, a key difference between remailers is that Type III use of the Transport layer security (TLS) unlike Type II, which uses the Simple Mail Transfer Protocol (SMTP). This allows for the establishment of an encrypted tunnel that messages travel though. It also addresses a number of other technical vulnerabilities such as [Danezis et al., 2003] provides defence against attacks (by breaking the security of a mix network), routes encryption keys (by resetting encryption keys) and other improvements.

• Pseudonymous remailers – takes away the e-mail address of the sender, gives a pseudonym to the sender, and sends the message to the intended recipient that can be answered via that remailer. It assigns its users a user name, and it keeps a database of instructions on how to return messages to the real user. These are used on popular websites such as Gumtree through email masking [GUM01]. This replaces actual email addresses with pseudonyms allowing users to communicate back and forth through the remailer. Although, this commercial use differs from using a nym server (pseudonym server), which provides untraceable e-mail addresses, where neither the nym server operator nor the operators of the remailers involved can discover which nym corresponds to which real identity.

Surveillance mitigation:

• Anonymity – mix routing and nym servers strip identifying information replacing it with either a pseudonymous or anonymous name along with a proxy server IP address.

Vulnerabilities:

• Usability – There is a learning curve to being able to use anonymous remailers [LBT01] because it uses a command line interface. Although there is a graphical user interface provided by QuickSliver Lite [QSL01] it is still quite basic. There is also a web interface available [PRW01] although these are not as secure because the website operator or anyone spying on the website has the ability to see the originating IP address unless the person is using TOR [PRW02]. It is more secure to install the client directly on to the machine used to send an email. However, this takes a level of technical skill and confidence that ordinary users may not possess. A person who wants to download Mixmaster will need to know how to install and configure the software within the UNIX operating system.

• Threat modelling – Users of anonymous remailers have to determine for themselves the level of technical security they require based upon the number of ‘chains’ or proxy servers an email goes through before reaching its destination. In addition, a person will also need to specific how many copies of the email are sent to ensure that at least one makes it through the Mix Network.

• Data loss – Email can get lost in the Mix Network and as a result may never reach their intended destination.

Layer of interaction:

• Application layer: Simple Mail Transfer Protocol (SMTP) – Type II remailers.
• Transport layer: Transport layer security (TLS) – Type III remailers.

Background:

The first anonymous remailer appeared in the early 1990s as the Penet remailer, at anon.penet.fi [LEN01]. It was widely used however the service had a number of vulnerabilities including storing real email address that were mapped to anonymous ones. Also, the remailer had been compromised through multiple technical attacks. Additionally, it was required to reveal information about a user who posted copyrighted documents from the Church of Scientology to a newsgroup in 1995. The operator eventually shut down the service due to legal concerns and privacy issues [IAC01].

Since the Snowden revelations and the emergence of the ‘real-name paradigm’ where online identity mirrors the real world as in Facebook, Twitter and other social media have [INF01] people have become increasingly interested in technical resources that provide anonymity and the remailer provides this capability.

Sources:

Crypto.is (CRP)

1) https://crypto.is/blog/what_is_a_remailer

Danezis, G., Dingledine, R., Mathewson, N. (2003) Mixminion: Design of a Type III Anonymous Remailer Protocol. In IEEE Symposium on Security and Privacy, Berkeley, CA, 11-14 May 2003.
http://www.mixminion.net/minion-design.pdf

Gumtree

1) http://gumtree.force.com/Help/articles/General_Information/Anonymised-emails

The Information (INF)

1) https://www.theinformation.com/History-Holds-Tough-Lessons-for-Anonymous-Services

InfoAnarchy (IAC)

1) http://www.infoanarchy.org/en/Anonymous_remailer

Leavitt, N. (LEN)
Anonymization Technology Takes a High Profile. 2009. IEEE Computer.
1) http://leavcom.com/articles/ieee_nov09.php

Light Blue Touchpaper (LBT)

1) https://www.lightbluetouchpaper.org/2014/04/03/current-state-of-anonymous-email-usability/

Mixmaster (MIX)

1) http://mixmaster.sourceforge.net/faq.shtml

Mixminion (MIM)

1) http://mixminion.net

Paranoia remailer web interface (PRW)

1) https://webmixmaster.paranoici.org/mixemail-user.cgi

2) https://webmixmaster.paranoici.org/webinfo.txt

QuickSliver Lite (QSL)

1) https://www.quicksilvermail.net

Vanish (VAN)

1) http://www.vanish.org/anonymity/remailers.htm

Glossary (GLO)

1) http://whatismyipaddress.com/email-header

2) http://techterms.com/definition/command_line_interface

The GNU Privacy Guard (GPG) logo.

Pretty Good Privacy (PGP) and GNU Privacy Guard (GPG) are both public key encryption cryptographic software used to authenticate the identity of people sending messages and to encrypt and decrypt email messages and documents. The key difference between the two is that PGP is paid-license software owned by Symantec. Whereas GPG uses a GNU General Public License, meaning that the code can be modified, used and distributed free of charge. PGP and GPG are both OpenPGP compliant [OPP01] implementing the Internet Engineering Task Force (IETF) approved standard for encryption technologies [IET01] thus ensuring that they are interoperable with each other so that a message sent by one can be read by the other.

Another implementation for email encryption includes S/MIME (Secure/Multipurpose Internet Mail Extensions). It is an alternative to PGP/GPG used mostly by businesses that use large corporate computing infrastructures such as IBM, Microsoft and other vendors that offer commercial email packages and web browser software. It differs from PGP/GPG in that it does not exchange personal keys but relies upon the use of a common certifier that they both use [DFB01].

The aim of all of these is to enhance privacy by enabling people to sign, encrypt and decrypt electronic data, protecting the content of emails to ensure that third parties cannot read email communications.

Software applications

Software that utilise public key encryption include:

• TrueCrypt – a discontinued freeware utility used to create a hidden encrypted virtual disk within an operating system such as Windows, Mac OS, and Linux. In this way it is not a protocol for sending secure email over the network, rather, it is a method for encrypting documents on a computer that remain there or are then sent through email. It uses on-the-fly encryption (OTFE) where data is automatically encrypted as it is saved on a hard drive.
• LEAP – a free, open source email encryption system that works by providing a local proxy that a standard email client connects to [FPF01]. Rather than people maintaining the own encryption keys, a proxy service provider automatically encrypts email sent through it. In addition, if people do have their own public keys these will automatically be discovered and validated so that only that person will be able to read the email [LAP01]. It is less secure than having one’s own key as the service provider has access to both the metadata and forwarding information [FPF01]. The system is meant to be usable, hence, with usability, comes a certain amount of insecurity in this case by allowing for encryption access in a ‘user-friendly’ manner using a BitMask application [LAP01]. It has created new protocols [LAP02]: Soledad (server daemon), Bonafide (secure user registration, authentication, and provider discovery), and Key Management (new rules for validation) [LAP03].
• Mailpile – a front-end email client that uses a webmail interface to provide encryption by default [MPE01]. It downloads all email from an email server onto the computer with an option to run it on a cloud service. Even if the email server used is a commercial product like Gmail or Yahoo the contents of emails would still be stored there, however, it would be encrypted [MPE01].
• Enigmail – an extension used in the email client Mozilla Thunderbird and SeaMonkey that uses OpenPGP public key e-mail encryption and digital signatures. It requires users to first set up their own GPG or PGP keys. After installation Enigmail integrates digital signing and encryption of email directly from the Thunderbird email client in a user-friendly manner.

Capabilities:

• Public-key cryptography – used in PGP/GPG and S/MIME and is an asymmetric cryptographic protocol that requires two separate keys, one private for decrypting emails and one public used for encrypting or digitally signing messages.
• Digital certificate – used by S/MIME these are issued to organisations and individuals by trusted certificate authorities. These are downloaded and then added to an email client. The certificate is then used to make secure connections [TRP01].
• Digital signature – used by PGP/GPG it serves as a digital signature that authenticates the signer of a message as actually being that person or entity [GLO01].

Surveillance mitigation:

• Privacy – enables private digital communications so that messages cannot be read by third parties. The difference between plaintext and ciphertext has been compared to the postcard and the letter, where plaintext is more like a postcard that anyone can read and ciphertext is akin to placing a message in a sealed envelope. This has been called the ‘analog gap’ [MPE02].

Vulnerabilities:

• Usability – PGP/GPG has been criticized for its lack of general usability [CEB01] however there are tools currently available and under development (described above) that seek to address this issue.
• Security – Public keys may be decoded allowing access to messages. For example, the GCHQ/NSA programme BULLRUN that aims to break encryption tools.
• Attribution – a digital signature provides proof of authorship, which may be used to provide legal proof of a person’s communications and activities.

Layer of interaction:

• Application layer: Simple Mail Transfer Protocol (SMTP)
• Transport layer: Transport layer security (TLS)

Background:

Cryptography in its early days were managed and researched within government’s departments of defence in order to protect state secrets and to ensure secure communication across international borders. A non-secret technology known as public key encryption appeared in the 1970s using RSA [CAC01] and resulted in the emergence of the CryptoWars, an attempt by the U.S. government to limit the public and foreign countries from accessing cryptography strong enough to resist decryption by U.S. national intelligence agencies [OPN01].

The Snowden revelations have shown that the CryptoWars are not over [OPN01] in particular with the BULLRUN programme, which seeks to break encryption tools [EFF01].

Sources:

Codes and Ciphers (CAC)
1) http://www.codesandciphers.org.uk/heritage/ModSec.htm

Cryptographic Engineering blog (CEB)
1) http://blog.cryptographyengineering.com/2014/08/whats-matter-with-pgp.html

Differencebetween (DFB)
1) http://www.differencebetween.net/technology/software-technology/difference-between-pgp-and-smime

Electronic Frontier Foundation (EFF)
1) https://www.eff.org/document/crypto-wars-governments-working-undermine-encryption

Freedom of the Press Foundation (FPF)
1) https://freedom.press/organization/leap-encryption-access-project

The Internet Engineering Task Force (IET)
1) http://www.ietf.org/rfc/rfc4880.txt

GPG Tools
1) https://gpgtools.org

LEAP (LAP)
1)  https://leap.se/en/services/email
2)  https://leap.se/en/docs/design
3)  https://leap.se/slides/#/

Mailpile (MPE)
1)  https://www.mailpile.is/faq/
2)  https://github.com/mailpile/Mailpile/wiki/FAQ-Encryption-&-Security

OpenPGP (OPP)
1) http://www.openpgp.org/about_openpgp/

Open Rights Group (OPN)
1) https://wiki.openrightsgroup.org/wiki/Crypto_Wars

Tech Republic (TRP)
1) http://www.techrepublic.com/blog/it-security/email-encryption-using-pgp-and-s-mime

TrueCrypt
1) http://truecrypt.sourceforge.net/

The Off-the-Record Messaging Webpage

Off-the-Record Messaging (OTR) is an encryption protocol making it possible to engage in private conversations using specific instant messaging software. Its aim is to provide a platform that enables both encrypted and ‘deniable’ instant messaging conversations [CPU02]. ‘Deniable authentication’ allows participants in an instant messaging conversation to verify each other without the need for digital signatures which are attributed to a specific person and that can potentially be seen by a third party [CPU01].

OTR is an alternative to PGP and S/MIME public key encryption addressing some their vulnerabilities. These include [Borisov et al., 2004]:

• the use of encryption keys that endure for a long period of time making them subject to compromise
• the need for digital signatures that provide proof of authorship, which may be used to provide legal proof of a person’s communications and activities.

Specifically, OTR ensures that [Borisov et al., 2004]:

• Only the two parties involved are allowed access to the contents of a conversation
• After a conversation is over, no one (not even the parties involved) can produce a transcript
• While participants are assured of each other’s identities, neither they nor anyone else can prove this information to a third party.

Software applications

Two of the main established software applications using OTR include:

• Pidgin – an OTR instant messaging program that can be used on Windows, Linux, and other UNIX operating systems. It allows users to log in to multiple accounts on different networks, such as MSN, Google Talk, and Yahoo chat, at the same time [PID01]. It allows for chat, file transfers, away messages, and buddy lists. A key criticism of the application is that it stores passwords as plaintext [PID02]. This means that the password file is readable by anyone who has physical or virtual access to the computer and to the user or administrative accounts.
• Adium – an OTR instant messaging program that can be used on Apple operating systems, like Pidgin, users can connect to any number of instant messaging accounts. It allows for multiple chats simultaneously, address book integration and file transfer [ADI01].

Capabilities:

• Confidentiality – using ‘perfect forward secrecy’ means that previous conversations and messages cannot be recovered. This is achieved using short-lived encryption/decryption keys that are generated as needed and deleted after use [Borisov et al., 2004]. It relies upon the agreeing of a shared secret without revealing it to any third party (this can be done in person for example). What this means in technical terms is that ‘Message Authentication Codes (MACs)’ are used rather than digital signatures to prove messages authorship to the receiver of the message, while at the same time preventing such proof to any third parties.

• Plausible Deniability – allows for participants in conversations to disclaim authorship of any content. This is achieved using ‘malleable encryption’, which is more insecure because it can be compromised resulting in the forgoing of transcripts. This however, provides an avenue for plausible deniability and repudiation of the contents of any communication.

Surveillance mitigation:

• Privacy – enables private digital communications so that messages cannot be read by third parties. The difference between plaintext and ciphertext has been compared to the postcard and the letter, where plaintext is more like a postcard that anyone can read and ciphertext is akin to placing a message in a sealed envelope. This has been called the ‘analog gap’ [MPE02].

Vulnerabilities:

• Authentication – OTR provides two layers of authentication. One uses encryption keys, however, they are not assigned to a specific person as they are in PGP. The only way to authentic your communication partner is to compare fingerprints using another communication channel such as face-to-face, telephone, or another digital channel [BNB01]. Another way to authenticate is to have the two parties decide on a shared secret but they need to ensure that no third party is eavesdropping whether it is done in person or online. If the secret is shared online using PGP there is a trace that links the parties, which could be revealed later. This authentication process allows for some degree of human error and if this happens the OTR session could be compromised through a man-in-the-middle attack [BNB01].

• Human – Even though conversations are not saved in OTR, any communication partner could take screenshots of the conversation [HUFF01].

Layer of interaction:

• Transport layer: (using the existing IM protocol) [Borisov et al., 2004].

Background:

Off-the-Record Messaging was developed in 2004 [CPU03] and was developed to enable encrypted real-time chat while also addressing some of the vulnerabilities of public key encryption. OTR chat software Pidgin and Adium use the LibPurple protocol [ADI02, PID03], which enables network connectivity that allows access to a variety of instant messaging applications. This allows users to login to multiple IM accounts, although it does not support group chat. The Electronic Frontier Foundation provides a helpful messaging scorecard [EFF01] that assesses the level of security provided a variety of communication tools including instant messaging.

Sources:

Adium (ADI)

1) https://adium.im/about

2) https://trac.adium.im/wiki/LibPurple

Bitcoin Not Bombs (BNB)

1) http://www.bitcoinnotbombs.com/beginners-guide-to-off-the-record-messaging

Borisov, N., Goldberg, I., Brewer, E. (2004) Off-the-Record Communication, or, Why Not To Use PGP. In WPES, 2004.
https://otr.cypherpunks.ca/otr-wpes.pdf

Cypherpunks (CPU)

1) https://otr.cypherpunks.ca/index.php

2) https://otr.cypherpunks.ca/press/news.com.com/Making+your+IM+secure–and+deniable/2100-7355_3-5576246.html

3) https://otr.cypherpunks.ca/news.php

Electronic Frontier Foundation (EFF)

1) https://www.eff.org/secure-messaging-scorecard

Huffington Post (HUFF)

1) http://www.huffingtonpost.com/2014/10/10/google-off-the-record_n_5959188.html

Mailpile (MPE)

1) https://github.com/mailpile/Mailpile/wiki/FAQ-Encryption-&-Security

Pidgin (PID)

1) https://pidgin.im/about/

2) https://developer.pidgin.im/wiki/PlainTextPasswords

3) https://developer.pidgin.im/wiki/Using%20Libpurple

The Open Whispers Logo.

New types of encryption software are being developed that aim to address the vulnerabilities associated with traditional forms of encryption such as Public Key Encryption. At issue with traditional methods are traceability of authorship through the use of digital signatures (no true anonymity) and the decryption of messages and files that may be stored by third parties by either breaking the encryption or by legal means requiring the handing over of encryption keys (no true privacy).

Software applications

The most recent cryptographic software includes:

• CryptoCat – a web browser plugin that uses Javascript encryption [W3C01] to implement the Off-the-record (OTR) protocol. Its key feature is usability, as it only requires the download of a web browser plugin to begin using it. In addition, it allows for secure group chat. However, many security experts have criticized the robustness of ‘in-browser, javascript’ encryption [SOG01; SCH01; TAR01] as there exist many vulnerabilities with a web browsers design for ‘remote code execution’ [TAR01]. Security experts have suggested that the media has hyped the software as a personal interest story rather than examining its actual robustness [SOG01], for example [WIR01]. Even so, it is reported that Glen Greenwald used Cyrptocat to communicate with Edward Snowden while in Hong Kong to arrange their meeting [WIR01].

• ChatSecure – phone app, for both iPhone and Android that enables secure chat through OTR encryption. It can be used with multiple accounts such as Facebook Chat, Google Talk, Google Hangouts, and Jabber [EFF01]. Used with the Orbot plugin it can go around most firewalls, network restrictions and blacklists [GPR01]. The app also supports the use of TOR so that users can also hide their network activity [GPR01].

• Open Whispers Systems – an Open Source community of contributors that work on a variety of free privacy software tools [OWH01] including:

– TextSecure – an encrypted mobile instant messaging app for Android phones that provides ‘forward secrecy’ of communications with others using the same app. It can send and receive both encrypted and unencrypted text (SMS) and media (MMS) messages, and attachments files. Messaging is compatible with Signal, the IOS version of TextSecure [TSR01].

– Signal – an encrypted mobile instant messaging and voice calls app for IOS phones that provides ‘forward secrecy’ of communications with others using the same app [SIL01]. Messaging is compatible with TextSecure, the Android version.

– Red Phone – an encrypted voice calling app for Android phones that uses Wi-Fi or data rather than mobile voice plans [RPH01].

• Silent Circle – is a private company that offers encryption tools similar to Open Whisper. They use the same voice encryption protocol however users are charged a subscription fee. They also specialise in ‘enterprise solutions’ for organisations [SCR01]. Software includes:

– Silent Phone – encrypted voice and video calls on mobile devices for iOS and Android. The app can be used with Wi-Fi, EDGE, 3G or 4G cellular anywhere in the world.

– Silent Text – encrypted text messaging for iOS and Android with ‘burn functionality’ feature that destroys selected messages.

– Silent Contacts – encrypted address book for mobile phones.

– Blackphone – is an Android adapted phone using PrivatOS that focuses on enhancing privacy and security. It has a subscription-based service that enables users to make both encrypted and unencrypted voice calls. It also includes encrypted chat, browsing, file sharing, texting and conference calls.

• Pond – a forward secure, asynchronous messaging system that aims to address the drawback of PGP asynchronous messaging [PND01]. Pond message expire automatically a week after they are received. However, the author of the software stresses that people would use it at their own risk as the code has not been reviewed. It relies upon email gateway servers that accept messages while the user is offline [PND02]. Users choose a server, e.g. [PND03] or create their own. It uses an overlay network that connects to intermediary nodes to hide, which servers people may be accessing to receive messages. Users exchange either PGP or OTR keys with the Pond server, e.g. [PND03]. Again, the author of the software warns that the code is incomplete [PND02].

Capabilities:

• Forward secrecy – ensures that every new connection uses unique and ephemeral key information, this ensures that if long-term keys (e.g. PGP/GPG) are compromised that the content of messages cannot be decrypted [EFF02].

Surveillance mitigation:

• Privacy – enables private digital communications so that messages cannot be read by third parties. The difference between plaintext and ciphertext has been compared to the postcard and the letter, where plaintext is more like a postcard that anyone can read and ciphertext is akin to placing a message in a sealed envelope. This has been called the ‘analog gap’ [MPE02].

Vulnerabilities:

• Decryption – forward secrecy does not defend against a successful cryptanalysis of the underlying ciphers being used. This is because it is a method for decrypting an encrypted message without the key, whereas forward secrecy only protects keys, not the cipher algorithms used to perform encryption [ZUR01].

Layer of interaction:

• Transport layer

Background:

Privacy and security of business and personal digital communication has received increased interest since the Snowden revelations of June 2013. In addition, the vulnerabilities associated with Public Key Encryption have been a catalyst for developers to provide more secure encryption to users.

Sources:

CryptoCat (CCA)

1) https://crypto.cat

Electronic Frontier Foundation (EFF)

1) https://ssd.eff.org/en/module/how-install-and-use-chatsecure

2) https://www.eff.org/deeplinks/2014/07/forward-secrecy-brings-better-long-term-privacy-wikipedia

Guardian Project (GPR)

1) https://guardianproject.info/apps/chatsecure

2) https://chatsecure.org/blog

Mailpile (MPE)

1) https://github.com/mailpile/Mailpile/wiki/FAQ-Encryption-&-Security

Open Whispers (OWH)

1) https://whispersystems.org/about/

TextSecure (TSR)

1) https://whispersystems.org/

Signal (SIL)

1) https://whispersystems.org/blog/signal/

2)   https://ssd.eff.org/en/module/how-use-signal-%E2%80%93-private-messenger

3)  http://www.wired.com/2014/07/free-encrypted-calling-finally-comes-to-the-iphone/

Red Phone (RPH)

1) https://play.google.com/store/apps/details?id=org.thoughtcrime.redphone&hl=en

Pond (PND)

1) https://pond.imperialviolet.org/

2) https://pond.imperialviolet.org/tech.html

3) https://pondgw.hoi-polloi.org/usage

Schneier on Security (SCH)
1) https://www.schneier.com/blog/archives/2012/08/cryptocat.html

Silent Circle (SCR)

1) https://silentcircle.com/services

Soghoian, Christopher (SOG)
1) http://paranoia.dubfire.net/2012/07/tech-journalists-stop-hyping-unproven.html

Tony Arcieri (TAR)

1) http://tonyarcieri.com/whats-wrong-with-webcrypto

W3C, Web Cryptography API (W3C)

1) http://www.w3.org/TR/WebCryptoAPI/

Wired (WIR)

1) http://www.wired.com/2012/07/crypto-cat-encryption-for-all/

Zur:linux (ZUR)
1) http://zurlinux.com/?p=1772

A Verizon pre-paid (aka: burner) phone.

There are options for preserving privacy and security that do not rely upon cryptographic technologies. Rather some people choose a selection of workarounds for communicating sensitive information.

Techniques

The most well known techniques include:

• Pseudonyms – a fictitious name used in place of a person’s real name to mask their identity [GLO01]. In the digital arena these could be usernames, social media profiles, web-services accounts (e.g. Dropbox) and email addresses. A pseudonym can be used to send email messages, exchanges files, and post comments on social media. They can be discarded on a regular basis (daily, weekly) or used for a specific activity (e.g. commenting on social media). They do not protect a user third parties identifying their IP address, location, email content, or web browsing behaviours.

• Code words – Similar to shared secrets used in Off-the-record messaging. A code word can be used in face-to-face meetings where each party has knowledge of the word of phrase. Once the code word is revealed the parties engaged in communication have the option to then begin to reveal information they may not have otherwise. Governments, journalists and other organisations use code words and phrases when engaged in secretive operations.

• Burner phones (pre-paid phones) – a pre-paid mobile phone bought with cash and not associated with a real person, as they do not require identification to purchase [EFF01]. Burner phones are thrown away and replaced often. Burner phones are said to be the most secure option for phone communication [CIJ01]. Although, these phones can still be tracked and monitored. Additionally, other phones can be associated with a burner and so it is recommended that all other phones be placed in a metal container (Faraday cage) to ensure that they do not emit signals. Also, calls can still be tapped and recorded so sensitive information should not be exchanged [ARS01].

• Drafts folder – an email drafts folder that is used to communicate using a shared email account that is created using a pseudonym. Messages are written, read and replied to without actually sending information through a network. Participants shared the username and login details that enable them to use a web-based email service as an electronic dropbox [WAS01]. However, the IP address can be traced to the identity of the person logging is as was the case in the Petraeus scandal [ACU01].

Capabilities:

• Alternatives to cryptographic software – these techniques can be used as alternatives to cryptographic software. They can be considered workarounds to secure communication that may include digital or face-to-face methods.

Surveillance mitigation:

• Privacy – enables private digital communications so that messages cannot be read by third parties. The difference between plaintext and ciphertext has been compared to the postcard and the letter, where plaintext is more like a postcard that anyone can read and ciphertext is akin to placing a message in a sealed envelope. This has been called the ‘analog gap’ [MPE01].
• Anonymity – Real identities can be concealed however there is no guarantee that a user of any of the described methods would not be traceable by other means such as IP address. Anonymity software does not necessarily make one’s actions private; rather any action taken may be done in full public view.  Anonymity allows a person to conduct activities without it being attributed to a person’s actual identity (e.g. real name, address, age, etc.). In this case, a pseudonym may be used which prevents the linking of online activity to a specific person. People choose to conduct activities anonymously online for a variety of reasons including citizen activism (petition signing, discussion forums), social interaction, web browsing, online purchases and whistleblowing (someone who exposes misconduct, fraud and illegal activity within an organisation).

Vulnerabilities:

• Human error – using these techniques may not completely hide identity or ensure privacy, as there may be other methods for tracing and monitoring communication such as eavesdropping of face-to-face activities; long-term use of a burner phone is a security risk; or using a direct network connection when using digital alternatives will expose the user’s IP address and location.

Layer of interaction:

• Social layer

Sources:

American Civil Liberties Union (ACU)

1) https://www.aclu.org/blog/free-future/surveillance-and-security-lessons-petraeus-scandal

Ars Techica (ARS)

1) http://arstechnica.com/security/2013/10/how-the-nsa-breakthrough-may-allow-tracking-of-burner-cell-phones/

Electronic Frontier Foundation (EFF)

1) https://ssd.eff.org/en/glossary/burner-phone

The Centre for Investigative Journalism (CIJ)

1) http://www.tcij.org/resources/handbooks/infosec/chapter-7-phones-voicevideo-calls-over-internet

Mailpile (MPE)

1) https://github.com/mailpile/Mailpile/wiki/FAQ-Encryption-&-Security

Washington Post (WAS)

1) http://www.washingtonpost.com/blogs/worldviews/wp/2012/11/12/heres-the-e-mail-trick-petraeus-and-broadwell-used-to-communicate/

Graphic of a VPN, www.legacytec.com/Pages/VPN.html

Purpose:

A Virtual Private Network (VPN) network provides secure access to online data by creating a private network with which to access both the public Internet and other internal organisational networks. A VPN uses tunneling protocols thus encrypted data at the sending end and decrypted at the receiving end.

VPNs allow for greater privacy because data packets are encrypted as the move across the Internet making it difficult to know the activities of users. Additionally, it allows users to access private networks that run within organisations such as universities and companies. These allow users to access content that would not be available otherwise.

Techniques include, each have their own technical strengths and weaknesses [BPN01]:

• Layer 2 Tunnel Protocol (L2TP and L2TP/IPsec)
• Secure Socket Tunneling Protocol (SSTP)
• Internet Key Exchange (version 2) (IKEv2)
• OpenVPN

Capabilities:

• Tunneling – Creates a secure connect for data at both the sending and receiving ends of a network.
• Encryption – Data is packaged into secure envelopes, providing protection from packet sniffing [SCO01].
• IP cloaking – Masks the users originated IP address and allows people to appear as if they are accessing the Internet from another country or organisation.

Surveillance mitigation:

• Privacy – A secure and anonymous way to access content or conduct activities (e.g. online banking) on the Internet.

Vulnerabilities:

• VPN provider – The customer should ensure that their VPN service provider does not keep logs
• Decryption – Spiegel [SPI01] has reported that the NSA has a number of programmes that aim to compromise VPN security.

Layers of operation:

• Transport layer

Sources:

Best VPN (BPN)
1) https://www.bestvpn.com/blog/4147/pptp-vs-l2tp-vs-openvpn-vs-sstp-vs-ikev2/

Spiegel (SPI)
1) http://www.spiegel.de/international/world/nsa-documents-attacks-on-vpn-ssl-tls-ssh-tor-a-1010525.html

Scott, C., Wolfe, P., Erwin, M (SCO), Virtual Private Networks. O’Reilly, 1999.
1) http://shop.oreilly.com/product/9781565925298.do

Purpose:

The Invisible Internet Project (I2P) is an anonymous peer-to-peer communication layer, an offshoot of Freenet (GIZ01) designed to run any Internet service (email, IRC, file sharing, HTTP, Telnet) as well as distributed applications. Its aim is to “protect communication from dragnet surveillance and monitoring by third parties such as ISPs” (I2P01). A computer running the I2P software is called an I2P node.

All communication in I2P is encrypted end-to-end and forwarded through a network of nodes to conceal the source and destination of the traffic. The communication endpoints are identified by cryptographic keys (I2P01).

I2P can be used to host services that are only accessible via the anonymising network. Websites published via I2P, known as “eepsites”, use domain names ending with the ‘.i2p’ suffix.

Capabilities:

• Garlic routing – A variant of onion routing that encrypts multiple messages together to make it more difficult to conduct traffic analysis. Garlic routing is one of the key factors that distinguishes I2P from TOR and other networks where messages are encrypted multiple times.
• Peer-to-peer – The I2P network is decentralised. All users run the same software, which by default takes part in relaying data for other users. This means that unlike Tor, traffic does not enter and leave the anonymising network, which may make traffic confirmation more difficult.

Surveillance mitigation:

• Traffic analysis – Can be used to infer who is talking to whom over a public network. Knowing the source and destination of a person’s Internet traffic makes it possible to track their behaviour and interests.
• Decentralization – Having no central servers, I2P is not controlled by any one individual or organization, including the designers of the platform. There is no single point where content can be removed or access to the network can be blocked.
• Anonymity – Garlic routing separates identification from routing so that information can be published and accessed anonymously.

Vulnerabilities:

• Harvesting – It is easy to compile a list of I2P nodes because every node is continually attempting to find other nodes and connect to them.
• Sybil attacks – Peer-to-peer networks are vulnerable to ‘sybil attacks’ in which an attacker creates multiple identities in order to have a disproportionate influence on the operation of the network.
• Full list: https://geti2p.net/en/docs/how/threat-model.

Layers of operation:

• Transport layer: I2P provides an anonymous transport layer that can be used by other applications.
• Application layer: I2P nodes communicate across the Internet at the application layer.

Background:

I2P has been called a “super anonymous network” (GIZ01) where users can gain access to content that is not available outside the network. Unlike Tor, users cannot browse the public Internet with the I2P software.

People using I2P can control the trade-offs they make between anonymity, reliability, bandwidth usage, and latency by choosing the number of nodes their data passes through (I2P01).

Sources:

Gizmodo (GIZ)
1) http://gizmodo.com/i2p-the-super-anonymous-network-that-silk-road-calls-h-1680940282

Invisible Internet Project (I2P)
1) https://geti2p.net/en
2) https://geti2p.net/en/docs/how/threat-model

EFF: How Tor Works

Purpose:

Tor is software that directs Internet traffic through a network of relay servers in order to conceal the source and destination of the traffic. It allows for the anonymous sharing of information over the Internet, and can be used to circumvent Internet censorship (TOR01). Tor also enables the creation of hidden services, which hide the locations of people who publish content or run servers (TOR02).

Tor can be used by software developers to create new communication tools with built-in privacy features (TOR01).

Capabilities:

• Onion routing – A technique for concealing the source and destination of network traffic by encrypting it and forwarding it through a series of relays. Each relay decrypts a layer of encryption to reveal the address of the next relay and passes the remaining encrypted data on to it. The final relay, known as the exit node, decrypts the innermost layer of encryption and sends the original data to its destination without revealing, or knowing, the address of the source. Because no single relay knows both the source and destination of the traffic, this method eliminates any single point at which the communication can be de-anonymised through network surveillance (DIN01).
• Hidden service – A service that is only accessible via the Tor network. The clients connecting to a hidden service cannot discover its location or vice versa. Hidden services use domain names ending with the ‘.onion’ suffix.

Surveillance mitigation:

• Traffic analysis – Can be used to infer who is talking to whom over a public network. Knowing the source and destination of a person’s Internet traffic makes it possible to track their behaviour and interests (TOR01).
• Anonymity – Onion routing separates identification from routing so that information can be published and accessed anonymously.

Vulnerabilities:

• Traffic confirmation – Tor cannot protect against the monitoring of traffic at the boundaries of the Tor network (TOR03). An observer who can monitor traffic entering and exiting the Tor network may be able to determine who is communicating with whom, even if the traffic is encrypted end-to-end.
• Exit node blocking – Administrators of Internet sites can prevent their sites from being accessed via the Tor network, or offer reduced functionality to Tor users (TOR04).
• Exit node eavesdropping – Tor cannot encrypt the traffic between exit nodes and Internet sites. This means that an exit node can capture or modify any traffic passing through it that does not use end-to-end encryption. For example, in 2007, a security researcher intercepted thousands of private email messages sent by embassies and human rights groups around the world by monitoring the traffic of an exit node he was running (TAI01).
• Application layer information leaks – Certain applications leak identifying information at the application layer even when they are used over Tor (MAN01).

Layers of operation:

• Transport layer: Tor provides an anonymous transport layer that can be used by other applications.
• Application layer: Tor relays communicate across the Internet at the application layer.

Background:

Tor is a volunteer network of computers, known as relays or nodes. These nodes receive traffic and forward it to other nodes so that it will eventually go to its final destination. Tor can be used to browse the web anonymously using the Tor Browser, a modified version of the Mozilla Firefox web browser. Opening the browser automatically connects to the Tor network (EFF01). The network is used by a variety of people who want to maintain their anonymity. It is regularly used by journalists, activists and whistleblowers (TOR05).

The NSA attacked the Tor network through its programme EGOTISTICAL GIRAFFE (GUA01). The programme exploited a bug in the web browser to de-anonymise Tor users (MOZ01, SCH01). The bug has since been fixed.

Sources:

Electronic Frontier Foundation (EFF)
1) https://www.eff.org/torchallenge/what-is-tor.html

Guardian (GUA)
1) http://www.theguardian.com/world/interactive/2013/oct/04/egotistical-giraffe-nsa-tor-document

Dingledine, R., Mathewson, N., Syverson, P. (DIN)
1) Tor: The Second-Generation Onion Router. 2004. https://svn.torproject.org/svn/projects/design-paper/tor-design.pdf

Manils, P., Abdelberri, C., Le Blond, S., Kaafar, M., Castelluccia, C., Legout, A., Dabbous, W. (MAN)
1) Compromising Tor Anonymity Exploiting P2P Information Leakage. 2010. http://cryptome.org/2013/04/tor-p2p-compromise.pdf

Mozilla (MOZ)
1) https://blog.mozilla.org/jorendorff/2013/12/06/how-egotisticalgiraffe-was-fixed/

Schneier on Security (SCH)
1) https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html

TAILS (TAI)
1)https://tails.boum.org/doc/about/warning/index.en.html

Tor Project (TOR)
1) https://www.torproject.org/about/overview.html.en
2) https://www.torproject.org/docs/hidden-services.html.en
3) https://blog.torproject.org/category/tags/traffic-confirmation
4) https://www.torproject.org/docs/faq-abuse.html
5) https://www.torproject.org/about/torusers.html.en

The Freenet logo

Purpose:

Freenet is a peer-to-peer platform designed to enable the anonymous publishing and retrieval of information, in order to counter the censorship of information on the Internet (FRE01).

Freenet is not a proxy for accessing the Internet anonymously; it allows access only to content that has been inserted into the Freenet network. It is not an application, but rather an application-neutral, anonymous transport layer that many different applications can use (FEH01). Users of these applications can publish and view websites, download files, use email and bulletin board systems, and other things that can be done on the Internet. In this respect, Freenet is similar to Tor’s hidden services. Freenet can be thought of as an anonymous Internet within the Internet.

Capabilities:

• Peer-to-peer – Information inserted into the Freenet network is distributed around the network and stored on several different nodes. Anyone can run a Freenet node, and users of the network are encouraged to contribute resources to the network by running their own nodes.
• Friend-to-friend – Each node may operate in ‘darknet’ mode, in which case it will only communicate with nodes that have been personally chosen by its operator, or ‘opennet’ mode, in which case it will communicate with any nodes it can find. The existence of darknet nodes that are only known to chosen individuals may make it harder to monitor the network.
• Encryption – Content inserted into the network is encrypted to prevent nodes from knowing what content they are storing and forwarding. Information travelling between nodes is encrypted to prevent external observers from determining who is inserting, requesting and storing content.

Surveillance mitigation:

• Decentralization – Having no central servers, Freenet is not controlled by any one individual or organization, including the designers of the platform. There is no single point where content can be removed or access to the network can be blocked.
• Anonymity – Relaying information through the network makes it difficult to determine who inserted content into the network, who requested content, or where content is stored.

Vulnerabilities:

• Harvesting – It is very easy for an attacker to find Freenet nodes and connect to them, because every ‘opennet’ node is continually attempting to find new connections (FRE03). Nodes that operate in ‘darknet’ mode are more difficult to find.
• Sybil attacks – Peer-to-peer networks are vulnerable to ‘sybil attacks’ in which an attacker creates multiple identities in order to have a disproportionate influence on the operation of the network.
• Data loss – If data is not accessed for a long time Freenet will no longer retain copies of it, resulting in the platform ‘forgetting’ data (FRE03).
• Traffic analysis – By observing encrypted traffic passing between Freenet nodes, it may be possible to determine who inserted or requested content, or where the content is stored.
• Full list: https://freenetproject.org/faq.html

Layers of operation:

• Transport layer: Freenet provides an anonymous transport layer that can be used by other applications.
• Application layer: Freenet nodes communicate across the Internet at the application layer.

Background:

Freenet is an overlay network that is constructed on top of the Internet. It was created to mitigate censorship and to facilitate the free flow of information and freedom of speech. A driving factor for developing the platform is that “you cannot have freedom of speech without the option to remain anonymous” (FRE02).

Sources:

Freenet (FRE)
1) https://freenetproject.org/whatis.html
2) https://freenetproject.org/philosophy.html
3) https://freenetproject.org/faq.html

Freenet Help (FEH)
1) http://www.freenethelp.org/html/FreenetForDummies.html