Alt.Anonymous.Messages is a newsgroup that allows the anonymous posting of encrypted messages. You can view the newsgroup through Google. However, you should not post to the Alt.Anonymous.Messages newsgroup from Google as this would totally defeat the anonymity of your message (although the content could still be protected with encryption).
One of the best ways to use Alt.Anonymous.Messages is by using the program A.A.M. Direct.
A.A.M. Direct is a newsgroup reader and posting program whereby two or more people can communicate through the alt.anonymous.messages newsgroup using anonymous hsub subjects. A.A.M. Direct might be better explained and understood to be a type of email system whereby two or more people can communicate privately (and anonymously) without having to open and use an email account. The message text is automatically encrypted and transmitted by a secure TLS connection to a free news group server and placed out in the alt.anonymous.messages newsgroup under a continuously changing encrypted subject line. The program is also used to download all messages from the alt.anonymous.messages newsgroup and search out and display the messages sent to you. There is no definitive way for two communicating parties to be linked together with this system.
Tom Ritter discussed De-Anonymizing Alt.Anonymous.Messages at Defcon 21 (2013). It is worth watching his presentation on YouTube.
So, what's the bottom line? While it is possible to analyze A.A.M. traffic, the procedure to do so is complex. If you want to communicate with someone, while limiting knowledge of the existence of a connection between the two of you, using Alt.Anonymous.Messages and A.A.M. Direct is an effective means of doing so. Use strong passwords in A.A.M. Direct, use different PGP keys in A.A.M. Direct than you use for other communications, use recursive encryption, and consider using multiple Nyms to disrupt traffic analysis.
Once both you and a person with whom you want to communicate anonymously have downloaded and set up A.A.M. Direct, you must exchange your A.A.M Direct PGP public keys. (Be careful here as this can result in identification of a direct connection between the two of you.)
You then use A.A.M. Direct to encrypt a message with that person's public key and post it to Alt.Anonymous.Messages. At some point that person downloads the latest group of messages posted to Alt.Anonymous.Messages and is able to decrypt and read those messages encrypted with his / her public key. Messages never pass directly between the two of you, and many people will download the encrypted messages, but be unable to read any message that is not encrypted with their public key.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.