I have suggested that Paranoid Linux be a series of packages that could be emerged (in Gentoo for example) to automatically configure the system with our specification in mind: deniability, cryptography, and anonymity. These three are accomplished almost entirely by dozens of pre-existing packages. I would suggest that chaffing be a package of scripts that can extend the system into chaffing behavior - since chaffing can certainly be useful.

Of course to create the ultimate distro in terms of deniability, cryptography, and anonymity - a modified system from the ground up is required - so Paranoid Linux cannot just be a set of packages and scripts. It must be a distribution variant that installs from the ground up to be deniable, encryptable, and anonymous.

As I think fletch does - I would hope we can keep Paranoid Linux development free from inexperienced user influence. This is not to say inexperienced users shouldn't be a valuable part of the development process - they are the target audience! This paradox does not have to plague our distribution as it has others.

Something that has to be said though: If Paranoid Linux is going to utilize open development, then we require a better system for contribution in order to decide upon our goals and specifications.

The problem with a lot of these ideas is that any direct (tcp/udp) peer-to-peer activity is suspicious, because an ordinary user spends most of their time surfing the web (i.e. visiting pages on servers hosted at a data center). There are not that many peer-to-peer apps that have enough bandwidth and the right usage patterns to hide data. If you wanted to covertly deliver information to one person, you could probably hide it encrypted in a video stream (or invent some secret hand gestures), but you wouldn't be able to Tor all your Internet traffic since it's hard to claim you spend all day video chatting with people. And of course, the other big peer-to-peer application, file sharing, is bound to attract attention simply because most people use it to illegally share copyrighted materials.

The true purpose of the chaff system is not to hide packets. Chaff does diddley squat for you if you're already being watched by the suits. But that's because it's not designed to do that. Chaff is a tool to keep you out from under that microscope in the first place. The system should throw up chaff to make any histogram they take of your internet connection to look like the norm. You throw off enough unencrypted chaff to balance out your encrypted signals, and you look a lot less like a wolf and more like another one of the sheep. I have a conceptual spec for a chaff-generation system, if anybody thinks it's worth a shot:

Unencrypted Chaff Design:

Overview: An AI user sends traffic to "standard usage" domains in the clearm to make the enc/unenc profile of the machine more average. A list of permanent sites to visit aids the illusion of an actual person being behind the surfing.

The AI system has a "web" of interest areas. These areas are connected to each other with logical links, by categories and by associative links. These interest areas provide the basic regions for the AI to visit. Of course this would require that a great many sites be indexed into the web of subjects, but with the example of StumbleUpon, we have seen that this can be done. Once every 20-100 days the AI will add and remove a few new subjects on its list, based on the history of visted sites. Also, once per month, the human user will check the list, to make it more realistic.

The AI selects a certain number of sites to visit each day out of the list of sites in the interest groups. To further mimic human site selections, the AI tiers its interest areas. The top interest area (by # of permanents) gets 5% of traffic, the rest of the top 20% gets 40%, the next 20% gets 24%, the next 20% gets 18.2%, the next 20% gets 9.12%, and the final 20% gets 3.68%.

Sites visted in each 24-period are broken down into the following categories:

newVisits - Sites drawn from the web of interests to visit on any particular day. Number of newVisits should be from 25 to 150 sites minus the square root of the permSites and superPermSites. Time spent on a newVisit should be generated by the following method: For each page, spend 1 sec to 2 min per 2500 words. When finished with a page, 45% chance to visit another page on the same site linked from the page. 5% chance to visit another site linked to by the page. These percentages should be adjusted based on the interest web's relative strengths.

permSites - Each day, the AI should select from 2-5 sites out of the newVisits to elevate to permSites. This selection should be made based on the strengths in the interest web. All permSites are visited 1-3 times per day, and from 2 min to 25 min should be spent on each permSite. Every 72-96 hours after the elevation to permSite, the AI give the permSite a 50% chance to be de-elevated.

superPermSites - If a site remains a permSite for 3 weeks, it is elevated to superPermSite status. superPermSites are visited 3-7 times each day, for 5 min to 2 hours at a time. superPermSites undergo the same automatic removal process as permSites, except that when selected, there is another probability test: 65% chance to remain a superPermSite, 25% chance to become a permSite, and 10% chance of removal.

When visiting a page that has posting enabled, there with be a 0.1% chance to pass the posting form to the human user, generating human content. This chance becomes 2% for permSites and 5% for superPermSites.

The AI can have up to 25 "tabs" worth of content open at one time, and may make up to 3 page fetch requests at one time. Pages do not need to be active to tick away time on their counters.

It's more than likely that my numbers deserve some tweaking, and hopefully someone out here has a novel idea that I never even considered. But here's my starting point.

~~~~~

Take it back.

Now I'm no expert, but the best way to encrypt something is to hide it in public. The two easiest ways to do this are revolving cleartext (see Digital Fortress by Dan Brown), or a ridiculously complex translation logic program. Take this idea: Find a complex, preferably pictogrammatic language, eg. Cantonese. Now write a little program that does something like this: Take english text, and single out the consonants. Next find the romaji equivalent of your characters. Create a logic script (sounds painful) that finds and strings together sensical and innocent sentences using the consonants in the romaji (flinches). Then finally, figure out some super sneaky way of weaving the encyption code into it. This is where the other side comes in. The encryption in the sentence is an open ended 'lock' and the recipient's code is a 'pick', that uses hints in the 'innocuous' message to decode it. Now, the masterstroke; make a 'skeleton key' that all the 'locks' recognise, and which, when used, causes the 'lock' to think itself to be an actual message.
Now this is probably far too complex, as you can tell, I don't really code, but that doesn't stop it being a better idea than chaff.

Anyways, woohoo 1st post and all that.
Va^b0
"The only thing that hasn't changed since 9/11 is that the government is still *u**ing up"
-Steal This Book Today

Chaff is inherently dangerous. In a totalitarian society, different rules apply and there's no real safe way to do automated traffic. Chaff looks a bit different from normal traffic. For example, normal traffic will include intelligent postings to web sites. Responses to articles etc. If I just go through the list of all people who are sending lots of web traffic and select those that don't post comments I probably have a good set of targets. Now I just go and raid/torture them all. Some the time I get an innocent victim. If so I kill him so he doesn't complain. But quite often I'll be able to cach and torure a user of your system and use his configuration to learn how to find more.

Now, your response will, of course, be to start generating comments. Unfortunately this is like software patching. You make your move, then the other side gets to see your move, then they choose their move and you can't even see what it was and you certainly can't react directly. Whatever it is which makes your system different from a human will be spotted and used to find it.

So; the ideal system should generate NO automated traffic which wouldn't be generated by a legitimate system in that state. You probably want to use Windows in a VM which thinks it is directly internet connected (or a real system for more hardcore usage) and have the paranoid system as a tranparent proxy between the Windows system and the rest of the world.

There are lots of covert channels you can use

• timing changes on outgoing packets
• changing salts in encrypted packets
• hijacking SSL sessions

but doing it right will be difficult. Chaff is not the way to go.

The RSS and Last.fm combination is brilliant. Just for the stake of sticking it to the man, why not TheLastRipper? Further, I'm still a fan of dummy social network accounts... spend five minutes in a Panera within fifteen minutes of a college campus and that's all you'll see.

Again, let me reiterate that this is useless to someone who doesn't understand how crypto protects them-- it still strikes me as a useful layer of plausible deniability though.

Cory is a good writer, but despite the buzzword recognition Little Brother is a science fiction novel, not a technical manual. You can't put out chaff that looks like normal internet use in order to hide traffic that *doesn't* look like normal internet use.

Remember, Cory is the guy who suggested (on Instructables) that you try to hide the noise pattern in your camera by compressing it and blurring it. There's a professional comment in reply that points out it's much better to capture the noise by photographing blank coloured sheets, subtract the noise, then take 10 overlapping pictures and blend them. It's easier than the amount of compression and fiddling he suggested as appropriate, and you actually get pictures that don't look like crap.

That's a simple problem. Hiding network traffic is very complex problem. ParanoidLinux was artistic license for "there is probably a reasonable solution". For all Cory knows there *isn't* one. It is entirely dependent on what "normal internet use" looks like and how much traffic you have to hide, at what bit-rate, with what latency, and to which people.

The only way to hide darknet traffic is to actually tunnel it over your "normal internet use". Unfortunately even BitTorrent probably wouldn't be any good for that. IIRC the .torrent file includes a cryptographic checksum of each block, so you can't pretend to download a .torrent and then exchange arbitrary packets with peers - your packets wouldn't match the checksums. It'd be trivial for an attacker to pattern match for unencrypted .torrent files and randomly test packet checksums.

Email, on the other hand... Perhaps I have an obsession with email. But it's not suspicious to access an email server using TLS/SSL encryption, and to maintain a constant connection.

Hard crypto works. Steganography - hiding stuff in plain sight like Cory's DNS video hack - is another thing altogether. Your normal DNS traffic runs at what - 100x lower rate than real-time video? And then you tunnel video over one bit in 100 out of that? It may be possible, but it's not proven. If they can crack your crypto, then your screwed and they can 0wn the world anyway, because you're using the same crypto that protects bank websites. Stenography has no track record. How can you have confidence in a given chaff generation algorithm? How many people are trying to break it and willing to publish, as opposed to the attackers who are trying to break it and will pretend that it's still secure?

So: email. Obviously you have to keep the traffic down to a normal email like level. Obviously you should chose your server very carefully. You especially don't want a server that automatically copies messages to your sent folder (auto-BCC functionality). A simple safe solution would be run a darknet where you all use the same email server, but that makes you easier to detect. I believe some servers attempt to negotiate encryption on *outgoing SMTP* (TLS again), which would let you extend that trust domain across multiple servers.

Note that this is transport layer encryption. GPG is cool but not enough people use it - so if you send GPG encrypted messages over unencrypted SMTP, attackers will notice immediately.

Have a mail client running in IMAP mode without a cache, which will help you account for a reasonable traffic level if challenged by an attacker. You might keep your real email application on a gigabyte+ micro-SD card - I think it depends on what sort of threats you're trying to defend against.

The traffic limits on this aren't as bad as they might sound. In a Little Brother like scenario, you could still e.g. develop an entire Paranoid Linux. Time critical stuff goes by email. In Little Brother everyone lives close together anyway, so you can swap gigabyte SD cards with massive binaries or source repositories, or meet up for longer and sync laptops.

If you're doing something like that, why do you need your machine to generate chaff? Anything going over the email channel is encrypted; pushing more data over that only makes it more suspicious. Automatically generating extra traffic over unencrypted channels is not smart. If you want normal-looking traffic, maybe use an RSS feed reader so you can be more productive at browsing news / blogs / facebook (and hence spend more time using your encrypted channels). Use a web accelerator that does prefetching for a bit more traffic - and more productivity for your *manually generated* chaff. Use Last.FM.

The point of this manual chaff is to make sure that you preserve a reasonably normal and explainable traffic profile. If the ONLY thing you use is encrypted email - then Big Brother knows you must be tunnelling all your web traffic through it.

I think the true value of chaff is to hide steganography. It is correct that Tor and Freenet nodes will be known to any slightly competent eavesdropper, and use of those systems will be detected despite any amount of chaff.

Consider the case where a hidden encrypted stream is hidden inside a different, seemingly innocuous data stream. For example, you're sending and receiving messages by encoding them in JPEGs which are uploaded and downloaded from some webserver on a some IP that has been set up by the other party in the communication. Uploading and download JPEGS all day would look a lot less suspicious when interspersed with a bit of web traffic.

I'm assuming a lot here; that someone has set up a webserver, and has shared the IP address without tipping off the eavesdroppers, and also that the eavesdropper cares enough to statistically analyze the user's traffic. But my central point stands, I think: it is not the case that chaff is categorically useless. It is not a solution by itself, but it does have a small role to play.

My understanding was that the point of chaff is to obscure just how much encrypted data is being flung around. I mean, if every single packet you send out is encrypted, you would appear to have something to hide.

However, a zombie that bumbles around facebook all day, fills out Livejournal quizzes, watches youtube videos, and IMs other robots all day would make the overall traffic analysis look less suspicious.

I agree that it does nothing to keep your cipher data safe, but a sufficiently random and frequently updated library of random requests to send out would serve to obscure what's actually going on. Obviously nobody is going to calculate 2^1024 possible ciphers and find out what you're actually doing, but they just might notice that you're doing something unusual. Once that happens, it's a matter of trusting Time Warner not to help track you down (unless you live in Manhattan, you can only steal so much wi-fi before everyone starts encrypting their networks.

Please tell me if I'm wrong-- and a big thanks from the demigeeks who don't have the skills to take on a project like this.

I agree with that. I keep trying to explain to people that it's better to assume you have no protection, than to rely on bogus protection. The illusion of security encourages you to be careless - after all, the X will protect you (X= firewall, proxy, encryption, whatever). In fact, it often *won't* protect you. Moreover, some of these services could be bait by various agencies to ensnare dissidents and others.

There are many people in prison or dead, who relied on security that didn't protect them.

Hi!
There is a distro called dyne:bolic (http://dynebolic.org), that supports keeping private data (all of it) in one encrypted file. It is also clutter-free, clean, easy to "install" on FAT partition, and easy to move to other machine. In pure:dyne (fork of d:b) Tor and Privoxy are installed by default.

I've heard that Skype is hard to crack or block.

IMHO also some solution for activists is needed in the areas of: making press-ready documents (Scribus? TeX?), blogging/Internet publishing (maybe with server?), audio edition and streaming (podcasting, radio), video edition.

All should be not only "untrackable", but also EASY TO REMOVE AND BREAK, so prefferably small and easy to work with pendrive-install.

Chaff isn't solution to me in any case - just waisting of bandwidth, that should be used to make strong privacy, not just acting as a teenager. Steganography is much better way.

How about running blogging platform with an option to use steganographic material as an input (in place of plain text)?

How about changing MAC with each reboot?

I think we should keep something similar to Chaff on the table, but possibly save it for a future release. I would hate to see perfectly good release held up because of a system that might or might not work. Let's focus on the essentials for now.

/2cents