CDR: Subway (was I created the "Al Gore created the Internet" )

[Harmon Seaver]

Tom Vogt wrote:

>
> all you need to do is use the internet as a transport layer. it's there,
> so why use the phone? cops can possibly intercept your phone calls more
> easily than randomly routed IP packets.
>
> the technology is there. all you'd need to do is set up a network of
> nodes that rsync itself at regular intervals, preferably using at least
> ssh.

        At least -- but it's still subject to traffic analysis to discover who the
perps are, on both ends. And yes, phones can be tapped too, but it's more difficult,
takes more effort, warrants (at least here, so far). But I've been thinking more
about this and realized that packet radio is really the best transport medium, done
in burst modes on shortwave or even CB frequencies with big linear amps. A pirate
packet network,  with some stations just running scanners and gatewaying into the
internet maybe.  Or just design a easily built TNC to work with standard modems and
running off AM or shorwave radio receivers, widely publish the schematics, and the
code, so anybody, anywhere in the world could just listen in, and, if they dared
(and had a transmitter) become a broadcast node as well.  Bursts, especially on
random frequencies, are pretty hard to pinpoint, but computer run scanners with a
"tcp/ip" to reassemble fragmented packets can listen and gather.
        Here's what someone else was saying to me on this, altho he's pretty much
concentrating on the net as a transport medium, while I think we might want soon
want (and  for places like China right now) to have something which might easily be
monitored, but not easily stopped. And if it's all in strong crypto, who cares who
monitors it -- while strong crypto in email could easily just become verboten on the
net.


> Anyway - combine the notion with stego and pseudo-stego techniques.
> Tougher than people realize to embed stuff in mp3's - you might not know
> its there, but it would be pretty detectable. Mp3's use psycho acoustics
> to do bit allocation. So water marking can be difficult to preserve at
> reasonable data rates.
>
> But now - the ability to propagate fragments universally - e.g. usenet,
> email, web, etc., in encrypted and stego'd forms - that's interesting. I
> think the issue here is universal availability - making it available
> everywhere. Freenet (?) is interesting because it propigates data
> towards the people who want it, but really - it needs to be everywhere.
>
> So a reader is something that can pull from usenet, email, web, etc -
> hell its all just tcp ports etc anyway. And a server is something that
> can serve up all those ports. Best to hide in plain site - so email,
> instant messaging, web, etc. ['course some computer somewhere is reading
> this email because it says cypherpunks and ya gotta track yer dissidents
> der now donya?]
>
> Couple other notions - one - use multicasting to propagate fragments =
> particularly allowing background collection of fragments in ways
> difficult to track.
>
> The notion of back-channel is pretty interesting as well. Basically it
> is comprised of means to obscure a particular service on any particular
> machine. You knock at the door. You may or may not get an answer.
> Sometimes that machine will contact a third machine with your request,
> but without responding to it, or by responding for instance with 404 not
> found headers, etc. But some other machine might serve up a fragment -
> 'heard you needed this'.
>
> I'm not providing a very succinct description at the moment, but I think
> you get the drift. Its about obscuring the origins of requests and
> answers from casual and perhaps programmatic observation. Its not
> downloading an encrypted web page from a single server. Its about
> acquiring that page from a variety of places as encrypted fragments,
> that might appear as casual requests. And going to a particular server
> does not cause a particular piece of data to be delivered - from that
> server, but it may be delivered later from another machine.
>
> So back channel is really about creating this virtual back channel using
> the store and forward approach. The channel's packets are encrypted, and
> the node is non-deterministic in its behavior.
>
> How this applies, is that you don't want someone figuring out (and there
> are some statistical geniuses out there) that making this requesting
> suddenly turns on that transmitter. Instead, data is handed around in a
> "someone you may know may want this". No machine itself could ever
> really know what end user wants even a fragment of data, because
> everyone is storing and fowarding this data.
>
> Now - to go beyond this - there may be ways to create virtual networks
> using routable packets or packet fragments - things that may be "out of
> spec" to the point that they may or may not universally propagate, or
> that may be discarded as a general rule. That's also interesting, as
> firewalls etc may well filter out for general users... e.g. they may
> appear as undesirable or erroneous packets.
>
> ANyway - the notion seems solid, I think governmentally unsanctioned
> radio requires methodologies based on indeterminancy. And you need to
> ensure that the storage points (e.g. usenet) can't differentiate a
> request from an answer. Strikes me that someone is doing this already in
> some form... its almost tradecraft, afterall - secret a request, post a
> tell tale, someone that sees the telltale retrieves the request - but so
> do a lot of other people, and the response is similar secret the
> response, post a tell tale, and then ...
>
> SO 1st and foremost, you need to codify what you're trying to achieve
> design parameter-wise. And lest someone think this all evil - look at
> China's latest crackdown on the internet. We'd like to do a web service
> for China - 15 Million on the web speak Mandarin - but most are in
> China. This would be a great vehicle for publishing in lands without
> liberty. Where's the voice of liberty/voice of america on the internet?
> And what if, what if it were possible to obscure the recipients from the
> eyes of tyranny?
>
>



--
Harmon Seaver, MLIS     Systems Librarian
Arrowhead Library System        Virginia, MN
(218) 741-3840  hseaver at arrowhead.lib.mn.us  http://harmon.arrowhead.lib.mn.us