Rapid information dissemination in hostile environment
Sipping from a cup of tea, reading newspapers, and enjoying my favorite pastime - idle musing. I am possibly stating the obvious and already known, though, but someone may find something I forgot about... Time to time, the situation arises an information has to be let out in the fastest possible way. It may be a whistleblowing, it may be the "liberation" of some discovered or "acquired" closed technological detail, it doesn't matter what it is as long as there are The Powers That Be that aren't too happy about it getting out. The less amount of copies Out There, the more vulnerable the information is. Web is excellent as persistent data source, but a website is way too easy to be taken down. FreeNet is better in this regard, as it is fairly impossible to find the physical location of the data source, but the weakness is the Freenet key that has to be published somewhere, the lack of content search engine ("Freenetoogle"?) and the abysmally low utilization by the General Public. For initial distribution of an information in a hostile environment, populated by factors aiming for elimination of the information, Web is rather unusable; sooner than a reasonable number of people get the chance to retrieve the information, the site gets taken down. (Consider the most pessimistic situation with an immediately aware adversary and fully complying ISPs.) The Rapid Information Dissemination (RID) (or maybe Rapid Information Proliferation, RIP?) system has to achieve the widest reasonably possible distribution within first couple seconds, or at most minutes. Two good examples of robust systems providing this feature are Usenet and unmoderated mailing lists. Cypherpunks could be an excellent example for a list especially suitable for RID; spanning several continents, the core list is unmoderated and distributed by automated means (which ensures that even in the case of forced compliance of the moderators they won't have any practical chance of intercepting a mail before it being sent to the unmoderated-list subscribers), and populated by the people whose profiles make them unlikely to comply en-masse with every whim of The Authorities, whoever tries to be that at the moment. One post, matter of few seconds, can then achieve the rapid seed distribution, necessary for ensuring the information can't be entirely eliminated from the world anymore (and then possibly making it even to Web archives - being it the List web archives themselves, or cryptome.org, or Politechbot, or any of the numerous others, depending on the type of the information). The adversary's only possibilities then are "data poisoning", publishing versions of the data with intentional inaccuracies (eg, the way British Secret Service(?) (MI6?) reacted to the leak of their agents list onto the Net), and/or finding the author and unleash the havoc of Exemplary Punishment onto him. The author has the choice of protecting his identity by using eg. an anonymous remailer chain, further limiting the adversary's options, or playing rough and taking the risk in the cases the situation warrants it (though it's always better to keep the awareness that a free guerrilla is better than a hero in prison). Finished the tea, back to work. Opinions, comments, peer review? :)
One you forgot, didn't know about is 'distributed file systems' ala the 9P (From Plan 9) name space. The two primary factors are that the files are not stored in a solid block and that each component or piece is stored in multiple places. Two further considerations are that the pieces not be stored in plaintext (and the decryption keys are kept elsewhere) and that the individual servers not be aware of 'where or who' they are. Fortunately there are 9P clients for OS'es other than Plan 9. On Fri, 25 Apr 2003, Thomas Shaddack wrote:
Sipping from a cup of tea, reading newspapers, and enjoying my favorite pastime - idle musing. I am possibly stating the obvious and already known, though, but someone may find something I forgot about...
Time to time, the situation arises an information has to be let out in the fastest possible way. It may be a whistleblowing, it may be the "liberation" of some discovered or "acquired" closed technological detail, it doesn't matter what it is as long as there are The Powers That Be that aren't too happy about it getting out.
The less amount of copies Out There, the more vulnerable the information is. Web is excellent as persistent data source, but a website is way too easy to be taken down. FreeNet is better in this regard, as it is fairly impossible to find the physical location of the data source, but the weakness is the Freenet key that has to be published somewhere, the lack of content search engine ("Freenetoogle"?) and the abysmally low utilization by the General Public. For initial distribution of an information in a hostile environment, populated by factors aiming for elimination of the information, Web is rather unusable; sooner than a reasonable number of people get the chance to retrieve the information, the site gets taken down. (Consider the most pessimistic situation with an immediately aware adversary and fully complying ISPs.)
The Rapid Information Dissemination (RID) (or maybe Rapid Information Proliferation, RIP?) system has to achieve the widest reasonably possible distribution within first couple seconds, or at most minutes. Two good examples of robust systems providing this feature are Usenet and unmoderated mailing lists. Cypherpunks could be an excellent example for a list especially suitable for RID; spanning several continents, the core list is unmoderated and distributed by automated means (which ensures that even in the case of forced compliance of the moderators they won't have any practical chance of intercepting a mail before it being sent to the unmoderated-list subscribers), and populated by the people whose profiles make them unlikely to comply en-masse with every whim of The Authorities, whoever tries to be that at the moment. One post, matter of few seconds, can then achieve the rapid seed distribution, necessary for ensuring the information can't be entirely eliminated from the world anymore (and then possibly making it even to Web archives - being it the List web archives themselves, or cryptome.org, or Politechbot, or any of the numerous others, depending on the type of the information). The adversary's only possibilities then are "data poisoning", publishing versions of the data with intentional inaccuracies (eg, the way British Secret Service(?) (MI6?) reacted to the leak of their agents list onto the Net), and/or finding the author and unleash the havoc of Exemplary Punishment onto him.
The author has the choice of protecting his identity by using eg. an anonymous remailer chain, further limiting the adversary's options, or playing rough and taking the risk in the cases the situation warrants it (though it's always better to keep the awareness that a free guerrilla is better than a hero in prison).
Finished the tea, back to work.
Opinions, comments, peer review? :)
-- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage@ssz.com jchoate@open-forge.org www.ssz.com www.open-forge.org --------------------------------------------------------------------
participants (2)
-
Jim Choate
-
Thomas Shaddack