[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Anonymous Publishing Is Dead.



On Sun, Jul 1, 2012, at 15:38, Gregory Maxwell wrote:
> When I decided to publish a large collection (30gb) of previously
> paywalled (but public domain) JSTOR documents[1] I initially planned
> to do so anonymouslyâ simply to mitigate the risk of harassment via
> the courts. Ultimately, after more consideration I decided to publish
> with my name attached and I think it made more of an impact because I
> did so (even though quite a few journalists reported it as though it
> were a pseudonym)â though if I didn't have even the prospect that I
> could publish anonymously I can't say for sure that I would have
> started down that road at all.

Bravo! I would have done it anonymously anyway.
 
> It's also the case that non-text documents can trivially break your
> anonymityâ overtly in the case of things like pdf or exif metadata, or
> more subtly through noise/defect fingerprints in images. I think I can
> fairly count myself among the most technically sophisticated parties,
> and yet even I'm not confident that I could successfully publish
> anything but simple text anonymously.

That is a MAJOR issue with anonymity. But you are mistaken: not only
text, but HTML / XML can be clean with a careful, but fast examination.
Also the derivates like EPUB. Otherwise, hairy and badly written
standards always will have places to watermark. Imagination is the
limit. That goes for PDF for example. Most of the watermarks could fall
with a succession of conversions which will degrade the quality of the
document, but will erase the less imaginative watermarks (say PDF ->
DJVU -> PDF). To downright criminal formats like .DOC which are ready to
store information about your configuration and private document path.

You could, for example, process PDFs or scans through Abbyy Finereader
which is quite fast and reliable. The OCR results will discard part of
the image fingerprinting if not all and also the metadata.

> So I think that the problems for anonymous publication on the Internet
> are actually a subset of a greater problem that there is little
> independence and autonomy in access to publishing online. You can't
> _effectively_ publish online without the help of other people, and
> they're not very interested in helping anonymous people, presumably
> because the ratio of trouble to profit isn't good enough.

That's because the major players of the Internet are LIVING out of
selling data to third parties. An anonymous individual is not a
liability as they declare, but a loss of revenue. Still, at the time,
they can't really verify everybody so a lot of people just slip in. But
Google and Facebook are pretty decided to close this gap ASAP. And the
less than very big players still can get a nice income out of selling
data, or are plain careless. Myself I'm amazed of how many sites are
ready to share their data with Facebook or Google for free.

> (2) Improve the security and useability of things like freenet and
> hidden services, so that they are usable for publication directly and
> provide strong anonymity.

That is very hard to achieve. Once things become a few clicks away
carelessness shows its head. And people are already so very used to give
their private data expecting someone else to take care and hide it. And
it takes a few more steps in terms of thinking than the regular ways.
Because it's not enough to buy a new GSM prepaid card in order to
receive calls from a third party. Because the phone in which you use the
card has a serial number that is already associated with an identity.
Because nobody from the âotherâ life can use that number for a chat.
Because you can't spend those extra credits just about to expire by
midnight talking with your dear mother. Because mobile phones reveal
location.

Wikileaks had the advantage of filtering data and protecting the source.
But they could not protect Bradley from talking too much with a
mercenary. People publishing themselves is a huge risk. And that without
couting people trained to find out stuff. It can be as easy as a couple
of exchanged comments.
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk