• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

annonymous websites

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Computer Forensics and Incident Response

View previous topic :: View next topic  
Author Message
contact_ronak
Just Arrived
Just Arrived


Joined: 26 Nov 2008
Posts: 0


Offline

PostPosted: Wed Nov 26, 2008 5:31 pm    Post subject: annonymous websites Reply with quote

Hi i have been set a university project, where i needed to find a solution of how to publish annoymous websites. where the publisherer can never be tracked and also the person who is viewing the website can never be tracked.

is there any way this can be done?

if so i would appreciate if anyone could tell me how or which areas i should reseaqrch into, as im finding it really difficult to any information on this.

i have learnt a bit about cryptrography, but this only allows me to publish data that would be jargon to others who do not have the key. however this only partially what i require.

if anybody could help i would be grateful
Back to top
View user's profile Send private message
Fire Ant
Trusted SF Member
Trusted SF Member


Joined: 27 Jun 2008
Posts: 3
Location: London

Offline

PostPosted: Wed Nov 26, 2008 8:57 pm    Post subject: Reply with quote

contact_ronak,

Is you project brief to find a method for anonymously publishing data and anonymously viewing the data? Because that is different to a website. The reason I ask is that Anonymous websites are a bit of a strange area because there are a differences in opinion as to what anonymous actually means.

Now you could do the following:

Setup a web server and don't turn on logging on the server then you could argue that someone could access the server. From the publishers perspective the user is anonymous. The only way to tell who the user is by doing a netstat -a at the point when they are accessing the data and reverse lookup the IP. This will give you some information but probably not alot. A good example of this is WikiLeaks. Some would argue that this is not anonymous at all as a government could spy on your connection and see that you are accessing web site X. So you are not anonymous from this perspective.

To go over some of these flaws you could do the following. Connect a proxy service using SSL (encrypted) and use the 3rd party proxy to connect to the website. Now this isn't as great as it sounds. You are relying on the 3rd party proxy to not keep any logs. It also means that if government suspects you and they see you accessing the website using a known encrypted proxy service then that only heightens there suspicion and then they may actually install spyware on your computer.

It is an inherent fact that HTTP protocol does not have any anonymity properties. There are protocols such as Tor which do have these properties. I suggest checking out the Tor project.

There is one problem with anonymous publication and that is you need people to know that the data exists. You need it indexed by some system. Anonymous publication is a feature of P2P networks. In this situation the anonymous data is indexed by peers but only stored by those who download and share the data.

Cryptography is not going to help you here with anonymity. It will ensure that the data cannot be understood whilst in transit and but it may provide some protection towards governments spying on you.

There has been this myth that the Internet is this giant anonymous system and this is not the case. Any data packet can be traced, it just depends on who is doing the tracing.

One thing I learnt in the Army doing signals analysis is that even if you cannot read the data, find its source or its destination you can perform what is called traffic analysis. In fact this was a key reason why German WW2 naval Enigma codes were broken. The Enigma machine used by the navy was far more powerful than the Enigma used by the army. Every morning signals were intercepted from ground stations, these transmissions were weather reports. If you know that every 6am weather reports are issued and you know what the weather is like then you have an attack vector, known cleartext. This made it easy to brute force the daily/weekly codes.

I digress slightly, but if you know something about the traffic then you can use that to leverage intelligence.

This is a very interesting project you have been assigned.

Good luck,

Matt_s
Back to top
View user's profile Send private message
capi
SF Senior Mod
SF Senior Mod


Joined: 21 Sep 2003
Posts: 16777097
Location: Portugal

Offline

PostPosted: Thu Nov 27, 2008 5:48 am    Post subject: Reply with quote

contact_ronak wrote:
i needed to find a solution of how to publish annoymous websites. where the publisherer can never be tracked and also the person who is viewing the website can never be tracked.

is there any way this can be done?

Yes, using the The Onion Router.

Look into the Tor Hidden Service protocol and of course, the Tor Overview for how Tor itself works.
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Computer Forensics and Incident Response All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register