Internet traffic is not secure by default. Browsing BannedThought.net may require special consideration, given that its content is banned in several countries. This guide is intended to help visitors of BannedThought.net achieve reasonable online security.
The internet is insecure by design. Corporate and government involvement in the development of internet standards is mediated by the Internet Engineering Task Force (IETF), an international organization governed by several committees. The typical members of these committees include representatives of Google, Apple, Cisco, Capital One, Huawei, and the US Department of War. The standard technology of the internet is developed under an economic incentive to fuel market research, as well as a political incentive to monitor and control the world's population.
Moreover, the physical infrastructure of the internet, the data centers, fiber networks, cell towers, satellites, content delivery networks, etc., is increasingly concentrated into the hands of the largest private companies. These include Tier 1 ISPs, like Verizon and AT&T, and the so-called "hyperscalers" (Amazon, Google, Microsoft, etc.), whose claim to dominate the foreign construction of data centers is increasingly supported by the US through AI diffusion rules.
In these conditions, no one is safe from the targeted spying of global adversaries. But reasonable security practices can effectively mitigate one's vulnerability to mass spying campaigns, less-resourceful local agencies, and individuals.
Activists should adopt security practices insofar as they conform to the needs of the masses. This is what "reasonable" security means. Strict security guidelines could prevent serious engagement with the masses, while lax security could lead to the persecution of activists who would otherwise join the masses in their struggles. In either case, the eventual freedom of the masses is dependent on having relatively loose or tight security, according to an assessment of local conditions, an individual’s propensity to take on risk, and the ability, when sticking one’s neck out, to join with the masses and achieve an advance. The recommendations in this guide should be evaluated with respect to these criteria and rejected or adopted as needed.
or Geneva to circumvent more advanced detection techniques
1. Create multiple identities and separate them.
The simplest method to keep identities separate is to “air gap” them by using many devices. Consider using a dedicated device for activism, on which no personal identifying information can be found. If it is necessary to use one computer only, use virtual isolation at the operating system level with the hypervisor-based Qubes OS or the temporary operating system Tails.
There is no effective virtual isolation for phones, so using one phone for activism and personal/work activity should largely be avoided. Google and Apple have shared push notification data with governments agencies around the world to facilitate mass spying. Supposedly anonymous accounts can be correlated with personal accounts by analyzing the corresponding push notifications relaying through Google and Apple servers.
Some weaknesses of phones in general (even a dedicated device for activism) include their reliance on IMSI numbers, personal email accounts, and a plethora "necessary" permissions that might share the user's location or files, or even render access to sensors such as the camera or microphone. The lack of freedom in choosing a phone operating system drastically inhibits the ability to achieve reasonable security. One decent option is Graphene OS, a security-oriented phone operating system derived from the Android Open Source Project, with Android app compatibiliy, default exclusion of Google services, and more transparent permission management than Android.
2. Choose strong passwords with high entropy and store them securely.
Take a password to be a combination of more basic units, say letters or words. Then the entropy of a password is a way of measuring how unexpected the combination of basic units is. Entropy is often measured in bits. An intuitive way of understanding entropy for a password is the following: If a password has an entropy of r bits for some positive real numberr, then it would typically take an adversary guessing at random 2^r tries to guess that password. Note that this calculation is often an oversimplification, ignoring the fact that some words and letters are used more often in passwords than others, and that people have favorite words and letters.
Choosing typical words or letters results in a relatively lower entropy, corresponding to a less secure password which an adversary might easily guess. For example, a popular password cracking tool uses combinations and transformations of several words in a word list to guess the correct password. If an adversary can compile a list of the user’s favorite words, then they might stand a chance to reveal the password through brute force.
Constructing a password with high entropy can be done in several ways. In any case, use long, random strings of letters or words that aren’t overly personal. Use a mnemonic device to remember this password, write it down on a sheet of paper, and store it in a safe. Use password managers at your own risk, and only insofar as a company can be trusted more than the safe in your closet.
The Diceware method is an easy way to create a secure, memorable password with reasonably high entropy. The method works as follows:
Roll a die 5 times to create a random 5-digit number.
Download the EFF’s cryptographic word list. Look up the word which corresponds to the 5-digit number.
Do this at least 6 times, and combine the words as needed with special characters, numbers, capital letters, or just hyphens. For example, change a roll of "pasture", "blizzard", "overtly", "claim", ... to "Pasture-Blizzard-Overtly-Claim..."
Assuming (simplistically) that each word is equally likely to be used as a password (i.e. if everyone used the Diceware method with perfect dice), then each word adds 12.9 bits of entropy. In reality, the words on the cryptographic word list are not personal to the user, and are less common words in general. So the entropy added from each word is actually greater than this. Then a low estimate of the total entropy of the final password is 6 x 12.9 = 77.4 bits. The expected number of guesses an adversary would need before finding this password is 2^77.4 ≈ 2 x 10^23 (several centuries of computation with modern computers).
3. Encrypt and obfuscate traffic.
The most basic level of protection is transport level security (TLS) to encrypt website traffic, which is indicated by HTTPS (i.e. https:// instead of http:// in the website URL). Even with transport level TLS encryption enabled, massive amounts of data are still transferred in plaintext, or otherwise stored unencrypted under the supervision of ISPs, tech giants, and state intelligence agencies.
Two more comprehensive options for encrypting communications over the internet are a proxy server (such as a VPN service) or Tor. Either is better than TLS alone, but each should be used separately. Tor and VPN at the same time is possible, but not recommended due to complexity and potential loss of anonymity if not configured properly. For details see the TorPlusVPN project page.
A. Tor
Tor is an overlay network that encrypts and routes a user’s internet traffic through three random servers out of a large server pool, with one layer of encryption peeled back at each stage before the destination is reached. In theory, an adversary looking at Tor traffic would not be able to identify the user by IP address, nor the content of the data being shared.
Since Tor is not commonly used, there are cases in which Tor traffic itself is enough to identify a person. The Tor Project has developed pluggable transports to mitigate this risk. Pluggable transports are entry points into the Tor network that make Tor traffic blend in with normal internet traffic. They come in four flavors that make traffic look like random noise (obfs4), video conferencing (Snowflake), accessing a Microsoft website (meek), or plain HTTPS traffic (WebTunnel). The availability and effectiveness of each pluggable transport varies by country. In the US, where internet security is relatively acceptable social behavior, obfs4 is the most reasonable choice since it has the best performance.
But what if an adversary wants to see exactly what someone is doing inside the Tor network (which sites are they accessing, what data is being shared, etc.)? Breaking Tor in this way is simple but laborious, and effectively impossible for non-global adversaries. An adversary simply needs to acquire a large enough cluster of Tor relays (the servers that "hand off" traffic) so that the probability of a target entering and exiting the network in relays owned by that adversary is non-negligible.
To counter this, a key feature of the Tor network is the publicly available consensus document, which lists all servers in the network as well as some identifying info (emails of server owners) and statistics on the network as a whole. Certain authorized servers vote on this document in real-time to ensure the accuracy of the list. Since this is all open, people can create tools like OrNetStats, which actively monitors the network for large clusters of servers behaving badly (aka "Sybils"). In 2021, a suspicious cluster (codename KAX17) was taken down using this kind of analysis.
Despite improved transparency as the user-base grows, the main concern with Tor is that a large portion of servers are secretly owned by US state intelligence agencies. Some minimal comfort can be found in NSA's pathetic posture towards Tor in the past. In a leaked presentation from 2012, the NSA admitted that they'll never be able to de-anonymize all Tor users all the time. At that stage, their total server cluster was only sufficient in de-anonymizing a very small, random fraction of users at any given time.
The size of the Tor network has grown significantly since 2012 (see Figure 1.), so one could suspect that what was once a small fraction of NSA operated servers has grown. Still, attacks on the Tor network itself are exceedingly rare, and law enforcement agencies rely on other techniques and exploits of other software to target Tor users.
Figure 1. Total number of intermediate nodes (blue) and special entry nodes (red) in the Tor network since June 2012.
Therefore, the best way to use Tor is through a controlled environment, such as Qubes-Whonix, Tails, or, using the security-hardened Tor browser with whatever OS you prefer.
B. Proxy servers
The most common form of proxy server in use today is a Virtual Private Network service, or simply VPN. A VPN establishes a secure connection (i.e. a tunnel) with a remote server, owned and operated by the VPN company. Some commonly used VPN tunneling protocols are IPsec, OpenVPN, and WireGuard.
IPsec is notoriously abstruse, with serious weaknesses documented in all of its core components. It was at one point the standard security protocol for VPN services, but even with that in the past, the example of IPsec stands as a reminder of constant government intervention in the construction of the internet looks like. The Snowden leaks shed light on the BULLRUN program, in which vulnerabilities were deliberately inserted into various security standards for the purpose of breaking the encryption of online communication. It is likely that IPsec was exploited within this larger program, considering that NSA employees and their associates participated throughout the construction of the standard, often forcing the implementation of less-secure features. IPsec should be avoided for these reasons.
OpenVPN and WireGuard also have their drawbacks, but altogether WireGuard is accepted as the newer, simpler, and more secure standard. Deep packet inspection can easily detect traffic from either technology, and so one should consider not only whether a VPN company employs OpenVPN or WireGuard, but, more importantly, where the company is based, the amount of personal data the company collects, and the company’s reputation concerning data breaches, compliance with courts, and collaboration with intelligence agencies. A helpful guide is offered by the Electronic Frontier Foundation.
Once VPN traffic reaches the company’s servers, that company can see everything not encrypted with TLS, such as the user’s IP address, the destination server’s address (if Encrypted Server Name Identification is blocked, as in China), and metadata regarding the user’s operating system and web browser. In addition, DNS traffic is not necessarily routed through the VPN tunnel by default. Since DNS traffic is unencrypted and monitored by the NSA through the MORECOWBELL program, it is recommended to use a VPN service with encrypted DNS servers, and to configure your VPN client application to use these servers.
Since VPN traffic is easy to detect, commonly used protocols like OpenVPN and Wireguard may be blocked in your country. Tunneling protocols that mimic HTTPS traffic (Shadowsocks, V2Ray and XRay) provide additional security, and are used by some VPN services. For the Great Firewall in particular, more sophisticated methods of detection, using machine learning, can identify and block these technologies by analyzing traffic patterns. The cat and mouse game between the Great Firewall and various security technologies has led to the creation of a genetic algorithm to readily identify circumvention techniques, known as Genetic Evasion, aka Geneva.
Conclusion
Achieving reasonable security takes consistency, political clarity, and cooperation. Expectations for security within a group should be clearly stated and adhered to, with the understanding that all stand to be targeted if one person slips up. Historically, a failure to address any one of the three points above has resulted in the exposure of personal data and the persecution of activists. As state repression across the world escalates, it is crucially important to collectively implement these points according to an assessment of local conditions.
— NOTICE —
BANNEDTHOUGHT.NET is independent and
unaffiliated with any political party. While our sympathies are of course with the struggles of the
oppressed and exploited peoples of the world, our goal here is simply to expose attempts to censor
or suppress progressive ideas and to make available publications and documents which have been
suppressed in one or more countries. See also: About BannedThought.net
