IP Technical question

Mark Lomas ukcrypto at chiark.greenend.org.uk
Sun, 1 Feb 2009 09:49:50 +0000 

--0016368e2087f729170461d85b9a
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

2009/1/30 Charles Lindsey <chl@clerew.man.ac.uk>

> On Thu, 29 Jan 2009 14:02:01 -0000, Paul Vigay <ukcrypto@vigay.com> wrote:
>
> What if you don't use email though? I regularly communicate with one of my
>> overseas friends by putting my message text file inside a stegographic
>> image and then uploading it to a website somewhere. He then downloads it
>> when convenient and extracts the message, before doing the same with his
>> reply.
>>
>
> It has often occurred to me that the most effective method of hiding
> communications would be to set up a Usenet group misc.secrets (or
> alt.secrets or ru.secrets) whose sole purpose was the posting of encrypted
> messages. You might just about be able to detect who posted a particular
> message, but there would be no way to detect the intended recipient or its
> content. Somewhere in the world (this newsgroup will propagate everywhere)
> people will decode the headers of every message and pick out the ones
> intended for them (the others will just decode into garbage).
>
> So even if you manage to detect who is downloading that newsgroup, it will
> be absolutely impossible to tell which Bad Guys are talking to which other
> Bag Guys.
>
Do the Russians still broadcast 'numbers stations'?

Here is a slightly less suspicious variant on Charles's and Paul's
suggestions:
Create a message as Paul suggested, tag it with a phrase that you expect
many people to search for (Google Zeitgeist can help you find a suitable
phrase), and store it somewhere unknown to the recipient! The recipient
registers the non-suspicious phrase with Google Alerts. When Google stumbles
across the message they will send it to the recipient (and to millions of
other people).

The police would then need to track everybody who searched for the phrase
'sarah palin' (Zeitgeist's top search for 2008).

Mark

--0016368e2087f729170461d85b9a
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<br><br>
<div class=3D"gmail_quote">2009/1/30 Charles Lindsey <span dir=3D"ltr">&lt;=
<a href=3D"mailto:chl@clerew.man.ac.uk">chl@clerew.man.ac.uk</a>&gt;</span>=
<br>
<blockquote class=3D"gmail_quote" style=3D"PADDING-LEFT: 1ex; MARGIN: 0px 0=
px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div class=3D"Ih2E3d">On Thu, 29 Jan 2009 14:02:01 -0000, Paul Vigay &lt;<a=
 href=3D"mailto:ukcrypto@vigay.com" target=3D"_blank">ukcrypto@vigay.com</a=
>&gt; wrote:<br><br>
<blockquote class=3D"gmail_quote" style=3D"PADDING-LEFT: 1ex; MARGIN: 0px 0=
px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">What if you don&#39;t use email =
though? I regularly communicate with one of my<br>overseas friends by putti=
ng my message text file inside a stegographic<br>
image and then uploading it to a website somewhere. He then downloads it<br=
>when convenient and extracts the message, before doing the same with his<b=
r>reply.<br></blockquote><br></div>It has often occurred to me that the mos=
t effective method of hiding communications would be to set up a Usenet gro=
up misc.secrets (or alt.secrets or ru.secrets) whose sole purpose was the p=
osting of encrypted messages. You might just about be able to detect who po=
sted a particular message, but there would be no way to detect the intended=
 recipient or its content. Somewhere in the world (this newsgroup will prop=
agate everywhere) people will decode the headers of every message and pick =
out the ones intended for them (the others will just decode into garbage).<=
br>
<br>So even if you manage to detect who is downloading that newsgroup, it w=
ill be absolutely impossible to tell which Bad Guys are talking to which ot=
her Bag Guys.<br></blockquote>
<div>Do the Russians still broadcast &#39;numbers stations&#39;?</div>
<div>&nbsp;</div>
<div>Here is a slightly less suspicious variant on Charles&#39;s and Paul&#=
39;s suggestions:</div>
<div>Create a message as Paul suggested, tag it with a phrase that you expe=
ct many people to search for (Google Zeitgeist can help you find a suitable=
 phrase), and store it somewhere unknown to the recipient! The recipient re=
gisters the non-suspicious phrase with Google Alerts. When Google stumbles =
across the message they will send it to the recipient (and to millions of o=
ther people).</div>

<div>&nbsp;</div>
<div>The police would then need to track everybody who searched for the phr=
ase &#39;sarah palin&#39; (Zeitgeist&#39;s top search for 2008).</div>
<div>&nbsp;</div>
<div>Mark</div></div>

--0016368e2087f729170461d85b9a--