annonymous websites

Networking/Security Forums -> Computer Forensics and Incident Response

Author: contact_ronak PostPosted: Wed Nov 26, 2008 5:31 pm    Post subject: annonymous websites
    ----
Hi i have been set a university project, where i needed to find a solution of how to publish annoymous websites. where the publisherer can never be tracked and also the person who is viewing the website can never be tracked.

is there any way this can be done?

if so i would appreciate if anyone could tell me how or which areas i should reseaqrch into, as im finding it really difficult to any information on this.

i have learnt a bit about cryptrography, but this only allows me to publish data that would be jargon to others who do not have the key. however this only partially what i require.

if anybody could help i would be grateful

Author: Fire AntLocation: London PostPosted: Wed Nov 26, 2008 8:57 pm    Post subject:
    ----
contact_ronak,

Is you project brief to find a method for anonymously publishing data and anonymously viewing the data? Because that is different to a website. The reason I ask is that Anonymous websites are a bit of a strange area because there are a differences in opinion as to what anonymous actually means.

Now you could do the following:

Setup a web server and don't turn on logging on the server then you could argue that someone could access the server. From the publishers perspective the user is anonymous. The only way to tell who the user is by doing a netstat -a at the point when they are accessing the data and reverse lookup the IP. This will give you some information but probably not alot. A good example of this is WikiLeaks. Some would argue that this is not anonymous at all as a government could spy on your connection and see that you are accessing web site X. So you are not anonymous from this perspective.

To go over some of these flaws you could do the following. Connect a proxy service using SSL (encrypted) and use the 3rd party proxy to connect to the website. Now this isn't as great as it sounds. You are relying on the 3rd party proxy to not keep any logs. It also means that if government suspects you and they see you accessing the website using a known encrypted proxy service then that only heightens there suspicion and then they may actually install spyware on your computer.

It is an inherent fact that HTTP protocol does not have any anonymity properties. There are protocols such as Tor which do have these properties. I suggest checking out the Tor project.

There is one problem with anonymous publication and that is you need people to know that the data exists. You need it indexed by some system. Anonymous publication is a feature of P2P networks. In this situation the anonymous data is indexed by peers but only stored by those who download and share the data.

Cryptography is not going to help you here with anonymity. It will ensure that the data cannot be understood whilst in transit and but it may provide some protection towards governments spying on you.

There has been this myth that the Internet is this giant anonymous system and this is not the case. Any data packet can be traced, it just depends on who is doing the tracing.

One thing I learnt in the Army doing signals analysis is that even if you cannot read the data, find its source or its destination you can perform what is called traffic analysis. In fact this was a key reason why German WW2 naval Enigma codes were broken. The Enigma machine used by the navy was far more powerful than the Enigma used by the army. Every morning signals were intercepted from ground stations, these transmissions were weather reports. If you know that every 6am weather reports are issued and you know what the weather is like then you have an attack vector, known cleartext. This made it easy to brute force the daily/weekly codes.

I digress slightly, but if you know something about the traffic then you can use that to leverage intelligence.

This is a very interesting project you have been assigned.

Good luck,

Matt_s

Author: capiLocation: Portugal PostPosted: Thu Nov 27, 2008 5:48 am    Post subject:
    ----
contact_ronak wrote:
i needed to find a solution of how to publish annoymous websites. where the publisherer can never be tracked and also the person who is viewing the website can never be tracked.

is there any way this can be done?

Yes, using the The Onion Router.

Look into the Tor Hidden Service protocol and of course, the Tor Overview for how Tor itself works.



Networking/Security Forums -> Computer Forensics and Incident Response


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group