![]() And DPI can’t read encryption: all it can do is flag some packets as “these are unreadable”. (But mass/bulk CNE may not be!) The connected population is larger and the Privacy laws - though not up-to-date with current technology - are nonetheless still somewhat a barrier. ![]() I tend to think DPI is more of a “targeted-only” thing in most “western” venues. But these may be smaller nations, and perhaps only a certain percentage of the population can afford to use the internet - though this is rapidly changing as ISPs cut prices in many of these societies and devoices become cheaper. Like maybe for * ALL * traffic in the whole country. Įven the authorities in many third-world countries now routinely deploy DPI - Deep Packet Inspection. This is a reason for tor-bridges and pluggable-transports like * scramble suit *. ![]() Signal uses the Signal encryption protocol then doing what you can to avoid scrutiny in the first place is a big help. That’s “Russian doll” encryption or “box-in-a-box”. THEN I * could * run ** that ** file through, say, OpenPGP, encrypting the already garbled data a * second * time. I * could * encrypt a plain-text file with, say, AES, then save the garbled data as a text file. The Russians have long made small figurines of painted porcelain or other material which halve-apart, revealing yet another * identical * doll * inside * the first. You may also wish to check-out Appendix B.Ī better solution is probably to use a “Russian doll” method. But its libpurple background software may not be secure enough for today’s vicious environments (?). It’s nice e2e encryption in an easy-to-use app easily run from a live GNU/Linux disk, and widely familiar to may users of insecure platforms like Windows & MAC. Whatsapp, Signal, TFC, Ricochet, Wire, etc.Īnd there are plenty that were around * before * anyone heard of Edward Snowden: Google Allo, Pidgin, Jabber, Telegram, et al. There are a whole crop of “secure messaging apps” which have sprung up like mushrooms after a rain in the wake of the Snowden revelations. Bridges and pluggable-transports have been pretty effective, though there’s a learning-curve. The torproject offers tor-bridges and tor pluggable-transports to get around this. Many ISPs esp in “repressive” countries in fact BAN tor-connectivity. TAILS Linux and her tor backbone still do a pretty good job of concealing your originating IP address and other stuff that might lead Law Enforcement in some repressive country to your physical location before you can get away, or possibly to your true identity. And run through an empty boot cycle to insure there’s nothing recoverable in case the guy “Kim” that’s buying it turns out to be police. Just undo the steps you did to securify it. Even to somebody in Rangoon or Pyongyang. And you can * sell * the one you’re moving on from. Descent pre-owned laptops that support Debian, TAILS, ParrotSecOS, Whonix, &tc. And you change it out periodically, leading to a NEW hardware fingerprint. an end-to-end timing attack using statistical analysis of packet sizes entering and exiting tor-net in real time is only going to lead them to “joe blough # 82662721” ’s laptop, where you’ve used a Dedicated laptop. IF you make savvy tor use of a DEDICATED laptop you’ve SECURIFIED, and don’t let your clearnet and darknet activities collide going forward - THEN it is about impossible for one of the “God attacks” to succeed. Most of the successful “God” attacks upon tor-users that have been demonstrated even to this late date (2019) depend on guys using their ** SAME ** laptop that they use for everything *** else ***. FOR COMMUNICATING WITH AN EDITOR BACK IN THE U.S.:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |