Tag Archives: computer privacy

Second Perfect Dark “Anonymous” P2P network user arrested

How do the police trace people sharing illegal files on P2P?

People sharing copyrighted movies and music, as well as child porn and other illegal material through non anonymous peer to peer networks are doomed to be arrested.

The police has a big collection of child porn files product of their raids, they hash those seized files (hashing means creating a unique digital fingerprint) then they insert the hashes into some law enforcement only peer to peer custom software they have, they hook it up to Kazaa, Gnutella, and other peer to peer networks.

The police software searches for other files on the network that have the same hashing algorithm (digital fingerprint), if it matches it, then without even looking at the file the cops knows that user is sharing something illegal, now all they have to do is to log it, get the IP and apply for a warrant to search that person’s home.

One way to thwart this system is by retouching that unique file, for example editing a picture with a photo editor and slightly increasing or decreasing the brightness would convert that file into a “new one”, changing just one pixel could do it and still look the same to the human eye.

The police would now have to get their hands onto that illegal file before they can hash it and insert it into their software. Most of the child porn traded in peer to peer networks is old and chances are that the cops have already come accross it before, unless those pictures or videos are digital changed, the hashing algorithm remains the same.

Changing the name of a picture will not alter its unique digital signature! Only retouching it with an image editor will.

Fuzzy hashing

Some new developments in computer forensics allow for fuzzy hashing, there is already software to do this ssdeep is one such program.

Fuzzy hashing matches files whose hashes (digital fingerprint) are similar and slightly changed files will still be matched, although this is no perfect science, at least not yet, and if the file has changed a lot fuzzy hashing will miss it.

What is peer to peer network Perfect Dark?

Perfect dark is a Japanese peer-to-peer (P2P) file-sharing application for Microsoft Windows, its anonymity relies on a mixnet where traffic is forwarded according to a certain probability, as well as the deniability of the distributed datastore (“unity”), which is stored and transferred in encrypted blocks, with the keys distributed separately.

Perfect Dark peer to peer network
Perfect Dark peer to peer network

Kyoto’s High-Tech Crime Task Force arrests Perfect Dark user

According to AnimeNetworkOnline, Kyoto’s High-Tech Crime Task Force has arrested a man named Noriaki Matsumoto for allegedly uploading anime online, without the copyright holders’ permission. Matsumoto is only the second known person arrested for using Perfect Dark, a very porpular peer to peer network in Japan,  intended to maintain its users’ anonymity.

Kyoto police claims that the suspect admitted that he thought he would not get caught because he was using Perfect Dark. Unfortunately they do not reveal how they cracked the network.

Peer to peer networks designed for anonymity

In light of these news, I can’t reccomend any peer to peer network in particular, Freenet seems to be the most popular which means more content available, but it is also slow and you will need the Frost board (a newsgroup like communications board) to make it worthwhile.

Up to this date, nobody has ever been arrested using one of the P2P networks mentioned below but it does not mean they are safe, use them at your own risk.

Anyone sharing copyrighted music should at the very least use full disk encryption with Truecrypt and never leave the computer unatended, but people breaking the law normally don’t have a brain to bother about encryption.

Alternative  P2P networks for anonymous file sharing

Freenet & Frost (Message board for Freenet)




Anonymizing Network

i2P & eepSite (to create i2P sites)

(Do not confuse i2P with peer to peer software per se!)

Live CD for anonymous internet browsing: The (Amnesic) Incognito Live System

After the sole developer of Incognito, arguably, the best Linux live CD for anonymous internet browsing, announced that he could not carry on with his work in the project, another anonymous live CD, Amnesia, decided to merge with Incognito Linux live CD, and hence, the (Amnesic) Incognito Live System was born.


Information security awareness poster
Information security awareness poster


Version 0.5 of The Amnesic Incognito Live CD is now out and includes lots of goodies for anonymous internet surfing, encryption and erasing your online tracks, such as:

  • Tor
  • Vidalia 0.2.8
  • Claws Mail 3.7.5 with OpenPGP support.
  • Pidgin automatically connects to irc.oftc.net with a randomized nickname.
  • At shutdown time, only prompt to remove CD; just halt when booted from a USB stick.
  • Forbid any IPv6 communication with the outside.
  • Added some wifi drivers: Ralink rt2570, rt2860 and Broadcom STA.

My hats off to this great live CD for anonymous internet surfing!

For those who fear that the Chinese or British secret services will seize their computers one day, a live CD is the sure way to avoid leaving any tracks on your computer.

The (Amnesic) Incognito Live System homepage


Law enforcement data compliance guides leaked

Everytime you use a service such as Facebook, MySpace, Stickam or Hotmail all of those companies log your IP and record your personal details as well as data of those who have been comunicating with you, email address, time and date, etc.

How long for do social network sites and email companies keep logs and what data is included on them?

That is something that most of them will keep secret from you and do not relase to the public domain, at the same time you will be forced to sign an abusive agreement written in giverish, giving them the power to retain your personal data (username, IP logs,timestamps,anything) for as long as they want and share it with law enforcement if requested to do so.

The FBI is watching you
The FBI is watching you

Facebook, Paypal, Microsoft, Myspace and other law enforcement data compliance guides have now been leaked and posted at Cryptome.

Microsoft even attempted some of their bully boy tactics and issued a DMCA take down notice against Cryptome for posting their Global Criminal Compliance Handbook.

Microsoft seems far too worried that you may find out that Hotmail keeps yougs of your IP for 60 days or that they have a law enforcement hotline for emergency data requests. Something they should make clear to any user signing up for their services anyway.

If you want to know what data does Windows Live Messenger stores in Microsoft servers, How long does Facebook and MySpace keeps your IP logs, and the kind of logs that Paypal and Ebay keep, then download the guides below from Cryptome website.

Microsoft Global Criminal Spy Guide:

Ebay-PayPal Law Enforcement Guide:

MySpace Law Enforcement Guide:

Comcast Law Enforcement Guide:

Facebook Law Enforcement Guide:

AOL Law Enforcement Guide:

Skype Law Enforcement Guide:

Cox Communications Law Enforcement Guide:

Stickam Law Enforcement Guide:

Cryptome is also a great resource for anyone interested in privacy, I highly recomend it, and if you want to support their work you can buy from their website two DVDs containing the full website archive.

Review: Free speech webhosting NearlyFreeSpeech

I have been with NearlyFreeSpeech webhosting for three years (not this blog) and this review is based on that experience. The fact that I have been with them for so long already indicates that I am happy with their services, although there isn’t too much competition in the free speech webhosting field and that also helped.

Besides webhosting, NearlyFreeSpeech.net also does domain name registration with whois privacy included.

At the time of writting this NearlyFreeSpeech fees are very cheap for static sites (no database and few pictures).  Just remember to change the settings on your account because by default it is set up to support PHP and once you change it to static site the price will go down.

You will need to pay in order to get support for your hosting account at NearlyFreeSpeech, but I have found their members only forum, to be very useful,  NearlyFreeSpeech staff hangs around there too and they will help you out whenever they can.

During my time with NearlyFreeSpeech I have always gotten free meaningful support from their forums. No question has gone unanswered.

Muhammed the prophet
Muhammed the prophet

The Good Stuff

As long as your content is legal in the United States, where NearlyFreeSpeech is based, you will have absolutely no problems with them, it does not matter if you are promoting pedophilia, Hitler, Stalin or anything similar, NearlyFreeSpeech will not take the content down if this is legal in the US and does not infringe on copyright.

You can pay via Paypal, credit card or sending a money order in the post, the last payment method being a rare find for a webhost.

NearlyFreeSpeech will also take anonymous donations to fund your hosting account, this is an excellent way for people to anonymously fund your website, with no involvement from your part, the donator will only need to indicate your hosting account number, which you can make clear on your site, and you will be notified by NearlyFreeSpeech every time someone sends money in.

NearlyFreeSpeech members can propose new features to be implemented and they are then submitted to a popular vote.  There is support for SFTP and SSH and the sense of community at the forums is also very good.

The Bad Stuff

The only way to upload your files is with an FTP or SFTP client, there is no web interface to do that. Nearlyfreespeech hosting control panel is unique to them and has been developed in house, its navigation is hard and you will need to get used to it, it also has far less features than the more usual cPanel.

It will be hard for you to work out what you are going to pay at the end of the year, the way used to calculate that is complex, consisting of the sum of number of active databases, bandwith used, space used, email forwarding used, etc.

You will need to pay to get hosting support and any hosting software you need to install will have to be done manually because you can’t do that from the control panel.

Barak Obama
Barak Obama


If your site is controversial but legal in the US, you will feel safe hosting it at NearlyFreeSpeech.

Their hosting panel is poor and hard to navigate and you will need not to know the basics of webhosting, such as how an FTP client works.

You will only be better off NearlyFreeSpeech if your website has specific software needs such as some peculiar CMS that you would like to install through the hosting panel. You may also be bothered by not being able to work out what the hosting is going to cost you at the end of the year.

Visit NearlyFreeSpeech

Alternatives to NearlyFreeSpeech:


CrisisHost: Read my CrisisHost review

Freebie: Free full version East-Tec Eraser 2009

I came accross this offer at Softpedia today and I thought about sharing it with all of you. Valid until 31st January 2010, you can download a free full licensed version of East-Tec Eraser 2009.

I just downloaded and registered it and so far so good, it works fine with Windows Vista 64 bit. East-Tec Eraser is last year’s version of this software but still has lots of great features. It can clean your Windows registry, email software, Windows OS unwanted backups and page file, cookies, history, and a long etc.

East-Tec Eraser 2009 is highly configurable and it has a wide range of wiping methods.

Eas-Tec Eraser 2009 wiping software
Eas-Tec Eraser 2009 wiping software

Note: Do not fool yourself! East-Tec Eraser does a great job making life difficult for anyone trying to recover data from your computer. But if your life is at stake, use full disk encryption (Truecrypt)! Sometimes only a single picture or a single document is necessary to ruin your life for ever.

Free East-Tec Eraser 2009 (link valid until 31st January 2010):
http://www.east-tec.com/offers/softpedia/2009/eraser/register.htm (Offer gone!)

Late readers: get Eraser (Freeware):

Review: OpenPGP encryption software cGeep Pro v4.07a

By default e­mail is insecure, there are many risks to e­mail messages, unauthorized modification or viewing and sender impersonation of a message is something that Governments and crooks carry out on a daily basis.

PGP/GnuPG encryption of emails provides confidentiality and allows for digitally signing a message giving the recipient a method of verifying the identity of the sender as well as making sure the message has not been tampered with.

PGP encryption stopping spy agencies
Open PGP encryption stopping spy agencies

PGP/GnuPG solutions for securing e­mail are typically geeky which makes difficult widespread deployment to non technical people. There are some free utilities for Windows to be able to use PGP/GnuPG encryption, such as GPG4Win, Enigmail or FireGPG, but cGeep is by far the most user friendly OpenPGP software I have come accross.

I was glad to receive a free license from cGeep makers, Safelogic, to review its product and I am so pleased with their software that this is what I intend to use in the foreseeable future to encrypt all of my email messages.

cGeep PGP encryption interface
cGeep PGP encryption interface

Once installation is complete a cGeep wizard helps you to create your cGeep key pairs in just a few steps.

cGeep Pro ships with a plug-in for Outlook Office which offers total integration in the workflow of Outlook Office 2000/XP/2003/2007 users.

One click in Outlook is all you need to encrypt  and sign your emails and attachments, making this one of the easiest and most practical email encryption tools.

Through the Manage cGeep Keys window you can import a PGP key pair in .asc format directly and publish or retrieve a public key from any key server.

Encryption of email attachments of any format is possible, using asymmetrical or symmetrical keys with standard AES cryptography but you are not limited to email encryption, you can also use cGeep for file encryption before uploading it directly from cGeep to your FTP server.

This seems like a good feature for backing up sensitive files as it is the integrated file zipping feature.

The Good Stuff

Access to cGeep full source code is available for review, this is the best guarantee you can have against backdoors.

cGeep is based on OpenPGP, a non-proprietary protocol for encrypting email using public key cryptography, this makes cGeep broadly compatible and you can send encrypted files to people who use other OpenPGP software (PGP Corp, GnuPG, Hushmail, etc.)

Encryption can be done dragging a file and dropping it into the cGeep main window. It will also securely wipe files to make its recovery impossible and the software comes with different interchangeable skins/looks.

You can encrypt data and send it directly to an FTP server, you can also configure cGeep Pro to use a proxy for this.

Documentation is complete and comes in the form of a PDF file and tool tips, available in French as well as in English.

The Bad Stuff

There is no Linux or MAC version, cGeep email integration seems to be highly focused on Microsoft Outlook Office, leaving out dozens of other email clients.

Expert users may find cGeep lacks some customization in its options, for example you can not choose where to store the decrypted files and it will always place them in the same folder where the original files resides.

Although the data you upload to your FTP server is already encrypted, it would be good practise to let people use SFTP or FTP over SSL (FTPS), as FTP is a well known unsecure protocol that sends passwords in the clear.

Although not as simple to use, there are free OpenPGP encryption alternatives to cGeep.

cGeep file encryption interface
cGeep file encryption interface


cGeep is an excellent uncomplicated way to encrypt all of your emails, if you struggle to understand all the ins and outs of PGP encryption cGeep will guide you through all the process with easy to understand instructions and it specially integrates very well with Microsoft Outlook Office.

The fact that its source code is open to review adds peace of mind to those wary of backdoors.

If you can’t afford cGeep, you can still use some of the free email encryption alternatives mentioned above.

Visit cGeep OpenPGP Encryption


Secret FBI subpoena demanding IP Addresses of all visitors to Indymedia.us

It is only now that the subpoena has been fought off successfully in court that it can be know how the FBI attempted to get all the IP addresses of people visiting Indymedia.us, an independent news website. The subpoena also imposed a gag order and demanded the recipient’s silence under threat of being prosecuted for obstruction to justice.

Unfortunately for the FBI Indymedia has a no logs policy so besides being defeated in Court by the Electronic Frountiers Foundation, its request could not be fulfilled anyway.

I wonder what kind of people the US has protecting them from terrorism, unpaid fines and rape, when the FBI intelligence team is not aware that Indymedia does not keep logs?

This is actually public information that Indymedia has all over its website.

FBI: Fucktard Bureau of Investigation
FBI: Fucktard Bureau of Investigation

You can read all of the saucy details on how the Electronic Frontier Foundation won the case against this bogus FBI subpoena at the EFF webpage: Anatomy of a Bogus Subpoena

Indymedia UK security set up

Just for all the fucktard officers reading this who do not know how to use Google, let me tell you some of UK Indymedia security set up. (I will assume the security of their Worldwide Indymedia counterparts resembles it).

Hardware encryption:

There are two physical servers that are owned by Indymedia UK, both servers are fully encrypted, the passphrases required for the disk encryption software are in the region of 30-40 characters minimum, they are only stored in an encrypted format by trusted administrators.

If any of the servers are turned off for any reason the passphrases needs to be manually re-entered before the machine can become functional again. People who have physical access to the servers do not normally hold the passphrases, and in some instances, the passphrases are kept in a different country to where the machine is located.

Software anonymisation:

The UK Indymedia website uses software designed around a central publish server from which static HTML content is then copied to mirrors.

UK  Indymedia has employed up to 10 mirrors at any one time, the mirrors may be located anywhere around the world, when you post an article you will be redirected to one of these mirrors at random. Mirrors, like the publish server, are set up to not log IP addresses.

FBI top secret tip to always get it right

-"This is the best marksmanship I have ever seen" - said the
idiot man
-"How in the World do you do it?"
-"Nothing to it" - says the Fucktard Bureau of Investigation
-"I shoot first and draw the circles afterwards"